I am having a difficult time finding the underlying query that is executed when we do e.g. show grants for ‘dba_user’@’%’;
Is the result of that query only showing privileges specifically granted to that user? Or if the user is in a group that has a role that has privileges, will those role-granted privileges also be displayed?
Relatedly, could the results of this query depend on what node you are connected to?
Yes, SHOW GRANTS will show GRANTS inherited from roles.
If sync_permissions isn’t enabled then each aggregator will have its own independent set of users and grants, so SHOW GRANTS could return different results for the same user name on each aggregator. sync_permissions is off by default for everyone other then Helios (see SingleStoreDB Cloud · SingleStore Documentation).