With CREATE permissions this isn’t the case; there is a piece of the above template that isn’t needed, and it’s quite easy to see why when I sat down and thought about it.
Specifically, it’s this bit:<On What>
I’m granting CREATE permissions; since I haven’t created anything, I can’t grant the permission on anything.
I like this post for the direct reason (granting certain permissions doesn’t require specifying an object), but for the implicit point as well: we build up internal systems of rules and processes as we act on things. This inductive reasoning tends to work well for us in most scenarios, but at some point, our systems break down and we find out either that we need to incorporate edge cases into our system, or that we were actually focusing on an edge case the entire time.