This is quite common, if all the relevant privileges are not assigned to the user & when the _SYS_REPO user doesn’t have authorization to grant them to the user. Please note, _SYS_REPO is the global granting guy. Any object that you wish to grant to the users should be assigned to _SYS_REPO first with grantability option.
Let me explain in-detailed. The owner of the object (role, or a privilege) can only assign it to the other users. Incase if you are granted with the authorization to assign to object to other users, you will be able to assign it without any errors. This mostly happens with the objects that are owned by SYSTEM, and SYS. Hence, it is always recommended to create the objects in design-time and activating them would assign the object to user SYS_REPO.
Option # 1 – After implementation, create a master admin ID and assign all the SAP delivered roles, and privileges with “Grantable to others” option to yes. (Not recommend)
Option # 2 – Create a role in design-time with the relevant SAP delivered roles, and privileges and activate it. A role that you create in the HANA system can have the SAP delivered roles and privileges. This can be assigned to the user by any of the Security admin as the activated objects doesn’t look for Grantability option.