feat: add grants by grantee authz query (backport #10944) (#11523)

* feat: add grants by grantee authz query (#10944) (cherry picked from commit fa8099da98) # Conflicts: # CHANGELOG.md # api/cosmos/app/module/v1alpha1/module.pulsar.go # api/cosmos/app/v1alpha1/config.pulsar.go # api/cosmos/app/v1alpha1/module.pulsar.go # api/cosmos/app/v1alpha1/query.pulsar.go # api/cosmos/authz/v1beta1/authz.pulsar.go # api/cosmos/authz/v1beta1/genesis.pulsar.go # api/cosmos/authz/v1beta1/query.pulsar.go # api/cosmos/authz/v1beta1/query_grpc.pb.go # api/cosmos/base/query/v1beta1/pagination.pulsar.go # api/cosmos/tx/signing/v1beta1/signing.pulsar.go # proto/cosmos/authz/v1beta1/genesis.proto # proto/cosmos/authz/v1beta1/query.proto # x/authz/authz.pb.go # x/authz/client/cli/query.go # x/authz/client/rest/grpc_query_test.go # x/authz/genesis.pb.go # x/authz/keeper/grpc_query.go # x/authz/keeper/grpc_query_test.go # x/authz/query.pb.go # x/authz/query.pb.gw.go * fix conflicts * remove doc * remove scalar * Apply suggestions from code review Co-authored-by: Amaury <1293565+amaurym@users.noreply.github.com> * fix conflicts * remove go-eth dep Co-authored-by: Callum Waters <cmwaters19@gmail.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> Co-authored-by: Amaury <1293565+amaurym@users.noreply.github.com>
2022-04-01 18:11:35 +02:00 · 2022-04-01 18:11:35 +02:00 · f43228dee8
parent 344fd73b0b
commit f43228dee8
17 changed files with 2386 additions and 505 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -43,6 +43,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (x/bank) [\#11417](https://github.com/cosmos/cosmos-sdk/pull/11417) Introduce a new `SpendableBalances` gRPC query that retrieves an account's total (paginated) spendable balances.
 * (x/bank) [\#10771](https://github.com/cosmos/cosmos-sdk/pull/10771) Add safety check on bank module perms to allow module-specific mint restrictions (e.g. only minting a certain denom).
 * (x/bank) [\#10771](https://github.com/cosmos/cosmos-sdk/pull/10771) Add `bank.BankKeeper.WithMintCoinsRestriction` function to restrict use of bank `MintCoins` usage. This function is not on the bank `Keeper` interface, so it's not API-breaking, but only additive on the keeper implementation.
+* [\#10944](https://github.com/cosmos/cosmos-sdk/pull/10944) `x/authz` add all grants by grantee query
 * [\#11124](https://github.com/cosmos/cosmos-sdk/pull/11124) Add `GetAllVersions` to application store
 * (x/auth) [\#10880](https://github.com/cosmos/cosmos-sdk/pull/10880) Added a new query to the tx query service that returns a block with transactions fully decoded.
 * [#11314](https://github.com/cosmos/cosmos-sdk/pull/11314) Add state rollback command.
--- a/crypto/keys/secp256k1/internal/secp256k1/dummy.go
+++ b/crypto/keys/secp256k1/internal/secp256k1/dummy.go
@ -15,7 +15,7 @@
 package secp256k1

 import (
-	_ "github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/include"
-	_ "github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src"
-	_ "github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/modules/recovery"
+	_ "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1/internal/secp256k1/libsecp256k1/include"
+	_ "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1/internal/secp256k1/libsecp256k1/src"
+	_ "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1/internal/secp256k1/libsecp256k1/src/modules/recovery"
 )
--- a/docs/core/proto-docs.md
+++ b/docs/core/proto-docs.md
@ -29,6 +29,7 @@
 - [cosmos/authz/v1beta1/authz.proto](#cosmos/authz/v1beta1/authz.proto)
    - [GenericAuthorization](#cosmos.authz.v1beta1.GenericAuthorization)
    - [Grant](#cosmos.authz.v1beta1.Grant)
+    - [GrantAuthorization](#cosmos.authz.v1beta1.GrantAuthorization)
  
 - [cosmos/authz/v1beta1/event.proto](#cosmos/authz/v1beta1/event.proto)
    - [EventGrant](#cosmos.authz.v1beta1.EventGrant)
@ -36,9 +37,12 @@
  
 - [cosmos/authz/v1beta1/genesis.proto](#cosmos/authz/v1beta1/genesis.proto)
    - [GenesisState](#cosmos.authz.v1beta1.GenesisState)
-    - [GrantAuthorization](#cosmos.authz.v1beta1.GrantAuthorization)
  
 - [cosmos/authz/v1beta1/query.proto](#cosmos/authz/v1beta1/query.proto)
+    - [QueryGranteeGrantsRequest](#cosmos.authz.v1beta1.QueryGranteeGrantsRequest)
+    - [QueryGranteeGrantsResponse](#cosmos.authz.v1beta1.QueryGranteeGrantsResponse)
+    - [QueryGranterGrantsRequest](#cosmos.authz.v1beta1.QueryGranterGrantsRequest)
+    - [QueryGranterGrantsResponse](#cosmos.authz.v1beta1.QueryGranterGrantsResponse)
    - [QueryGrantsRequest](#cosmos.authz.v1beta1.QueryGrantsRequest)
    - [QueryGrantsResponse](#cosmos.authz.v1beta1.QueryGrantsResponse)
  
@ -99,6 +103,8 @@
    - [QueryDenomsMetadataResponse](#cosmos.bank.v1beta1.QueryDenomsMetadataResponse)
    - [QueryParamsRequest](#cosmos.bank.v1beta1.QueryParamsRequest)
    - [QueryParamsResponse](#cosmos.bank.v1beta1.QueryParamsResponse)
+    - [QuerySpendableBalancesRequest](#cosmos.bank.v1beta1.QuerySpendableBalancesRequest)
+    - [QuerySpendableBalancesResponse](#cosmos.bank.v1beta1.QuerySpendableBalancesResponse)
    - [QuerySupplyOfRequest](#cosmos.bank.v1beta1.QuerySupplyOfRequest)
    - [QuerySupplyOfResponse](#cosmos.bank.v1beta1.QuerySupplyOfResponse)
    - [QueryTotalSupplyRequest](#cosmos.bank.v1beta1.QueryTotalSupplyRequest)
@ -159,6 +165,11 @@
 - [cosmos/base/snapshots/v1beta1/snapshot.proto](#cosmos/base/snapshots/v1beta1/snapshot.proto)
    - [Metadata](#cosmos.base.snapshots.v1beta1.Metadata)
    - [Snapshot](#cosmos.base.snapshots.v1beta1.Snapshot)
+    - [SnapshotExtensionMeta](#cosmos.base.snapshots.v1beta1.SnapshotExtensionMeta)
+    - [SnapshotExtensionPayload](#cosmos.base.snapshots.v1beta1.SnapshotExtensionPayload)
+    - [SnapshotIAVLItem](#cosmos.base.snapshots.v1beta1.SnapshotIAVLItem)
+    - [SnapshotItem](#cosmos.base.snapshots.v1beta1.SnapshotItem)
+    - [SnapshotStoreItem](#cosmos.base.snapshots.v1beta1.SnapshotStoreItem)
  
 - [cosmos/base/store/v1beta1/commit_info.proto](#cosmos/base/store/v1beta1/commit_info.proto)
    - [CommitID](#cosmos.base.store.v1beta1.CommitID)
@ -168,11 +179,6 @@
 - [cosmos/base/store/v1beta1/listening.proto](#cosmos/base/store/v1beta1/listening.proto)
    - [StoreKVPair](#cosmos.base.store.v1beta1.StoreKVPair)
  
- [cosmos/base/store/v1beta1/snapshot.proto](#cosmos/base/store/v1beta1/snapshot.proto)
-    - [SnapshotIAVLItem](#cosmos.base.store.v1beta1.SnapshotIAVLItem)
-    - [SnapshotItem](#cosmos.base.store.v1beta1.SnapshotItem)
-    - [SnapshotStoreItem](#cosmos.base.store.v1beta1.SnapshotStoreItem)
-  
 - [cosmos/base/tendermint/v1beta1/query.proto](#cosmos/base/tendermint/v1beta1/query.proto)
    - [GetBlockByHeightRequest](#cosmos.base.tendermint.v1beta1.GetBlockByHeightRequest)
    - [GetBlockByHeightResponse](#cosmos.base.tendermint.v1beta1.GetBlockByHeightResponse)
@ -919,6 +925,25 @@ the provide method with expiration time.



+
+<a name="cosmos.authz.v1beta1.GrantAuthorization"></a>
+
+### GrantAuthorization
+GrantAuthorization extends a grant with both the addresses of the grantee and granter.
+It is used in genesis.proto and query.proto
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `granter` | [string](#string) |  |  |
+| `grantee` | [string](#string) |  |  |
+| `authorization` | [google.protobuf.Any](#google.protobuf.Any) |  |  |
+| `expiration` | [google.protobuf.Timestamp](#google.protobuf.Timestamp) |  |  |
+
+
+
+
+
 <!-- end messages -->

 <!-- end enums -->
@ -1000,24 +1025,6 @@ GenesisState defines the authz module's genesis state.



-
-<a name="cosmos.authz.v1beta1.GrantAuthorization"></a>
-
-### GrantAuthorization
-GrantAuthorization defines the GenesisState/GrantAuthorization type.
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| `granter` | [string](#string) |  |  |
-| `grantee` | [string](#string) |  |  |
-| `authorization` | [google.protobuf.Any](#google.protobuf.Any) |  |  |
-| `expiration` | [google.protobuf.Timestamp](#google.protobuf.Timestamp) |  |  |
-
-
-
-
-
 <!-- end messages -->

 <!-- end enums -->
@ -1035,6 +1042,70 @@ GrantAuthorization defines the GenesisState/GrantAuthorization type.
 Since: cosmos-sdk 0.43


+<a name="cosmos.authz.v1beta1.QueryGranteeGrantsRequest"></a>
+
+### QueryGranteeGrantsRequest
+QueryGranteeGrantsRequest is the request type for the Query/IssuedGrants RPC method.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `grantee` | [string](#string) |  |  |
+| `pagination` | [cosmos.base.query.v1beta1.PageRequest](#cosmos.base.query.v1beta1.PageRequest) |  | pagination defines an pagination for the request. |
+
+
+
+
+
+
+<a name="cosmos.authz.v1beta1.QueryGranteeGrantsResponse"></a>
+
+### QueryGranteeGrantsResponse
+QueryGranteeGrantsResponse is the response type for the Query/GranteeGrants RPC method.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `grants` | [GrantAuthorization](#cosmos.authz.v1beta1.GrantAuthorization) | repeated | grants is a list of grants granted to the grantee. |
+| `pagination` | [cosmos.base.query.v1beta1.PageResponse](#cosmos.base.query.v1beta1.PageResponse) |  | pagination defines an pagination for the response. |
+
+
+
+
+
+
+<a name="cosmos.authz.v1beta1.QueryGranterGrantsRequest"></a>
+
+### QueryGranterGrantsRequest
+QueryGranterGrantsRequest is the request type for the Query/GranterGrants RPC method.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `granter` | [string](#string) |  |  |
+| `pagination` | [cosmos.base.query.v1beta1.PageRequest](#cosmos.base.query.v1beta1.PageRequest) |  | pagination defines an pagination for the request. |
+
+
+
+
+
+
+<a name="cosmos.authz.v1beta1.QueryGranterGrantsResponse"></a>
+
+### QueryGranterGrantsResponse
+QueryGranterGrantsResponse is the response type for the Query/GranterGrants RPC method.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `grants` | [GrantAuthorization](#cosmos.authz.v1beta1.GrantAuthorization) | repeated | grants is a list of grants granted by the granter. |
+| `pagination` | [cosmos.base.query.v1beta1.PageResponse](#cosmos.base.query.v1beta1.PageResponse) |  | pagination defines an pagination for the response. |
+
+
+
+
+
+
 <a name="cosmos.authz.v1beta1.QueryGrantsRequest"></a>

 ### QueryGrantsRequest
@ -1083,6 +1154,12 @@ Query defines the gRPC querier service.
 | Method Name | Request Type | Response Type | Description | HTTP Verb | Endpoint |
 | ----------- | ------------ | ------------- | ------------| ------- | -------- |
 | `Grants` | [QueryGrantsRequest](#cosmos.authz.v1beta1.QueryGrantsRequest) | [QueryGrantsResponse](#cosmos.authz.v1beta1.QueryGrantsResponse) | Returns list of `Authorization`, granted to the grantee by the granter. | GET|/cosmos/authz/v1beta1/grants|
+| `GranterGrants` | [QueryGranterGrantsRequest](#cosmos.authz.v1beta1.QueryGranterGrantsRequest) | [QueryGranterGrantsResponse](#cosmos.authz.v1beta1.QueryGranterGrantsResponse) | GranterGrants returns list of `GrantAuthorization`, granted by granter.
+
+Since: cosmos-sdk 0.46 | GET|/cosmos/authz/v1beta1/grants/granter/{granter}|
+| `GranteeGrants` | [QueryGranteeGrantsRequest](#cosmos.authz.v1beta1.QueryGranteeGrantsRequest) | [QueryGranteeGrantsResponse](#cosmos.authz.v1beta1.QueryGranteeGrantsResponse) | GranteeGrants returns a list of `GrantAuthorization` by grantee.
+
+Since: cosmos-sdk 0.46 | GET|/cosmos/authz/v1beta1/grants/grantee/{grantee}|

 <!-- end services -->

@ -1874,6 +1951,40 @@ QueryParamsResponse defines the response type for querying x/bank parameters.



+<a name="cosmos.bank.v1beta1.QuerySpendableBalancesRequest"></a>
+
+### QuerySpendableBalancesRequest
+QuerySpendableBalancesRequest defines the gRPC request structure for querying
+an account's spendable balances.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `address` | [string](#string) |  | address is the address to query spendable balances for. |
+| `pagination` | [cosmos.base.query.v1beta1.PageRequest](#cosmos.base.query.v1beta1.PageRequest) |  | pagination defines an optional pagination for the request. |
+
+
+
+
+
+
+<a name="cosmos.bank.v1beta1.QuerySpendableBalancesResponse"></a>
+
+### QuerySpendableBalancesResponse
+QuerySpendableBalancesResponse defines the gRPC response structure for querying
+an account's spendable balances.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `balances` | [cosmos.base.v1beta1.Coin](#cosmos.base.v1beta1.Coin) | repeated | balances is the spendable balances of all the coins. |
+| `pagination` | [cosmos.base.query.v1beta1.PageResponse](#cosmos.base.query.v1beta1.PageResponse) |  | pagination defines the pagination in the response. |
+
+
+
+
+
+
 <a name="cosmos.bank.v1beta1.QuerySupplyOfRequest"></a>

 ### QuerySupplyOfRequest
@ -1956,6 +2067,7 @@ Query defines the gRPC querier service.
 | ----------- | ------------ | ------------- | ------------| ------- | -------- |
 | `Balance` | [QueryBalanceRequest](#cosmos.bank.v1beta1.QueryBalanceRequest) | [QueryBalanceResponse](#cosmos.bank.v1beta1.QueryBalanceResponse) | Balance queries the balance of a single coin for a single account. | GET|/cosmos/bank/v1beta1/balances/{address}/by_denom|
 | `AllBalances` | [QueryAllBalancesRequest](#cosmos.bank.v1beta1.QueryAllBalancesRequest) | [QueryAllBalancesResponse](#cosmos.bank.v1beta1.QueryAllBalancesResponse) | AllBalances queries the balance of all coins for a single account. | GET|/cosmos/bank/v1beta1/balances/{address}|
+| `SpendableBalances` | [QuerySpendableBalancesRequest](#cosmos.bank.v1beta1.QuerySpendableBalancesRequest) | [QuerySpendableBalancesResponse](#cosmos.bank.v1beta1.QuerySpendableBalancesResponse) | SpendableBalances queries the spenable balance of all coins for a single account. | GET|/cosmos/bank/v1beta1/spendable_balances/{address}|
 | `TotalSupply` | [QueryTotalSupplyRequest](#cosmos.bank.v1beta1.QueryTotalSupplyRequest) | [QueryTotalSupplyResponse](#cosmos.bank.v1beta1.QueryTotalSupplyResponse) | TotalSupply queries the total supply of all coins. | GET|/cosmos/bank/v1beta1/supply|
 | `SupplyOf` | [QuerySupplyOfRequest](#cosmos.bank.v1beta1.QuerySupplyOfRequest) | [QuerySupplyOfResponse](#cosmos.bank.v1beta1.QuerySupplyOfResponse) | SupplyOf queries the supply of a single coin. | GET|/cosmos/bank/v1beta1/supply/{denom}|
 | `Params` | [QueryParamsRequest](#cosmos.bank.v1beta1.QueryParamsRequest) | [QueryParamsResponse](#cosmos.bank.v1beta1.QueryParamsResponse) | Params queries the parameters of x/bank module. | GET|/cosmos/bank/v1beta1/params|
@ -2630,6 +2742,88 @@ Snapshot contains Tendermint state sync snapshot info.



+
+<a name="cosmos.base.snapshots.v1beta1.SnapshotExtensionMeta"></a>
+
+### SnapshotExtensionMeta
+SnapshotExtensionMeta contains metadata about an external snapshotter.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `name` | [string](#string) |  |  |
+| `format` | [uint32](#uint32) |  |  |
+
+
+
+
+
+
+<a name="cosmos.base.snapshots.v1beta1.SnapshotExtensionPayload"></a>
+
+### SnapshotExtensionPayload
+SnapshotExtensionPayload contains payloads of an external snapshotter.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `payload` | [bytes](#bytes) |  |  |
+
+
+
+
+
+
+<a name="cosmos.base.snapshots.v1beta1.SnapshotIAVLItem"></a>
+
+### SnapshotIAVLItem
+SnapshotIAVLItem is an exported IAVL node.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `key` | [bytes](#bytes) |  |  |
+| `value` | [bytes](#bytes) |  |  |
+| `version` | [int64](#int64) |  | version is block height |
+| `height` | [int32](#int32) |  | height is depth of the tree. |
+
+
+
+
+
+
+<a name="cosmos.base.snapshots.v1beta1.SnapshotItem"></a>
+
+### SnapshotItem
+SnapshotItem is an item contained in a rootmulti.Store snapshot.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `store` | [SnapshotStoreItem](#cosmos.base.snapshots.v1beta1.SnapshotStoreItem) |  |  |
+| `iavl` | [SnapshotIAVLItem](#cosmos.base.snapshots.v1beta1.SnapshotIAVLItem) |  |  |
+| `extension` | [SnapshotExtensionMeta](#cosmos.base.snapshots.v1beta1.SnapshotExtensionMeta) |  |  |
+| `extension_payload` | [SnapshotExtensionPayload](#cosmos.base.snapshots.v1beta1.SnapshotExtensionPayload) |  |  |
+
+
+
+
+
+
+<a name="cosmos.base.snapshots.v1beta1.SnapshotStoreItem"></a>
+
+### SnapshotStoreItem
+SnapshotStoreItem contains metadata about a snapshotted store.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `name` | [string](#string) |  |  |
+
+
+
+
+
 <!-- end messages -->

 <!-- end enums -->
@ -2735,71 +2929,6 @@ Since: cosmos-sdk 0.43



- <!-- end messages -->
-
- <!-- end enums -->
-
- <!-- end HasExtensions -->
-
- <!-- end services -->
-
-
-
-<a name="cosmos/base/store/v1beta1/snapshot.proto"></a>
-<p align="right"><a href="#top">Top</a></p>
-
-## cosmos/base/store/v1beta1/snapshot.proto
-
-
-
-<a name="cosmos.base.store.v1beta1.SnapshotIAVLItem"></a>
-
-### SnapshotIAVLItem
-SnapshotIAVLItem is an exported IAVL node.
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| `key` | [bytes](#bytes) |  |  |
-| `value` | [bytes](#bytes) |  |  |
-| `version` | [int64](#int64) |  |  |
-| `height` | [int32](#int32) |  |  |
-
-
-
-
-
-
-<a name="cosmos.base.store.v1beta1.SnapshotItem"></a>
-
-### SnapshotItem
-SnapshotItem is an item contained in a rootmulti.Store snapshot.
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| `store` | [SnapshotStoreItem](#cosmos.base.store.v1beta1.SnapshotStoreItem) |  |  |
-| `iavl` | [SnapshotIAVLItem](#cosmos.base.store.v1beta1.SnapshotIAVLItem) |  |  |
-
-
-
-
-
-
-<a name="cosmos.base.store.v1beta1.SnapshotStoreItem"></a>
-
-### SnapshotStoreItem
-SnapshotStoreItem contains metadata about a snapshotted store.
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| `name` | [string](#string) |  |  |
-
-
-
-
-
 <!-- end messages -->

 <!-- end enums -->
--- a/proto/cosmos/authz/v1beta1/authz.proto
+++ b/proto/cosmos/authz/v1beta1/authz.proto
@ -25,3 +25,15 @@ message Grant {
  google.protobuf.Any       authorization = 1 [(cosmos_proto.accepts_interface) = "Authorization"];
  google.protobuf.Timestamp expiration    = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
 }
+
+// GrantAuthorization extends a grant with both the addresses of the grantee and granter.
+// It is used in genesis.proto and query.proto
+//
+// Since: cosmos-sdk 0.45.2
+message GrantAuthorization {
+  string granter = 1;
+  string grantee = 2;
+
+  google.protobuf.Any       authorization = 3 [(cosmos_proto.accepts_interface) = "Authorization"];
+  google.protobuf.Timestamp expiration    = 4 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true];
+}
--- a/proto/cosmos/authz/v1beta1/genesis.proto
+++ b/proto/cosmos/authz/v1beta1/genesis.proto
@ -2,10 +2,8 @@
 syntax = "proto3";
 package cosmos.authz.v1beta1;

-import "google/protobuf/timestamp.proto";
-import "google/protobuf/any.proto";
 import "gogoproto/gogo.proto";
-import "cosmos_proto/cosmos.proto";
+import "cosmos/authz/v1beta1/authz.proto";

 option go_package = "github.com/cosmos/cosmos-sdk/x/authz";

@ -13,12 +11,3 @@ option go_package = "github.com/cosmos/cosmos-sdk/x/authz";
 message GenesisState {
  repeated GrantAuthorization authorization = 1 [(gogoproto.nullable) = false];
 }
-
-// GrantAuthorization defines the GenesisState/GrantAuthorization type.
-message GrantAuthorization {
-  string granter = 1;
-  string grantee = 2;
-
-  google.protobuf.Any       authorization = 3 [(cosmos_proto.accepts_interface) = "Authorization"];
-  google.protobuf.Timestamp expiration    = 4 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true];
-}
--- a/proto/cosmos/authz/v1beta1/query.proto
+++ b/proto/cosmos/authz/v1beta1/query.proto
@ -14,6 +14,20 @@ service Query {
  rpc Grants(QueryGrantsRequest) returns (QueryGrantsResponse) {
    option (google.api.http).get = "/cosmos/authz/v1beta1/grants";
  }
+
+  // GranterGrants returns list of `GrantAuthorization`, granted by granter.
+  //
+  // Since: cosmos-sdk 0.45.2
+  rpc GranterGrants(QueryGranterGrantsRequest) returns (QueryGranterGrantsResponse) {
+    option (google.api.http).get = "/cosmos/authz/v1beta1/grants/granter/{granter}";
+  }
+
+  // GranteeGrants returns a list of `GrantAuthorization` by grantee.
+  //
+  // Since: cosmos-sdk 0.45.2
+  rpc GranteeGrants(QueryGranteeGrantsRequest) returns (QueryGranteeGrantsResponse) {
+    option (google.api.http).get = "/cosmos/authz/v1beta1/grants/grantee/{grantee}";
+  }
 }

 // QueryGrantsRequest is the request type for the Query/Grants RPC method.
@ -29,7 +43,39 @@ message QueryGrantsRequest {
 // QueryGrantsResponse is the response type for the Query/Authorizations RPC method.
 message QueryGrantsResponse {
  // authorizations is a list of grants granted for grantee by granter.
-  repeated cosmos.authz.v1beta1.Grant grants = 1;
+  repeated Grant grants = 1;
+  // pagination defines an pagination for the response.
+  cosmos.base.query.v1beta1.PageResponse pagination = 2;
+}
+
+// QueryGranterGrantsRequest is the request type for the Query/GranterGrants RPC method.
+message QueryGranterGrantsRequest {
+  string granter = 1;
+
+  // pagination defines an pagination for the request.
+  cosmos.base.query.v1beta1.PageRequest pagination = 2;
+}
+
+// QueryGranterGrantsResponse is the response type for the Query/GranterGrants RPC method.
+message QueryGranterGrantsResponse {
+  // grants is a list of grants granted by the granter.
+  repeated GrantAuthorization grants = 1;
+  // pagination defines an pagination for the response.
+  cosmos.base.query.v1beta1.PageResponse pagination = 2;
+}
+
+// QueryGranteeGrantsRequest is the request type for the Query/IssuedGrants RPC method.
+message QueryGranteeGrantsRequest {
+  string grantee = 1;
+
+  // pagination defines an pagination for the request.
+  cosmos.base.query.v1beta1.PageRequest pagination = 2;
+}
+
+// QueryGranteeGrantsResponse is the response type for the Query/GranteeGrants RPC method.
+message QueryGranteeGrantsResponse {
+  // grants is a list of grants granted to the grantee.
+  repeated GrantAuthorization grants = 1;
  // pagination defines an pagination for the response.
  cosmos.base.query.v1beta1.PageResponse pagination = 2;
 }
--- a/snapshots/types/snapshot.pb.go
+++ b/snapshots/types/snapshot.pb.go
@ -306,10 +306,12 @@ func (m *SnapshotStoreItem) GetName() string {

 // SnapshotIAVLItem is an exported IAVL node.
 type SnapshotIAVLItem struct {
-	Key     []byte `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
-	Value   []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
-	Version int64  `protobuf:"varint,3,opt,name=version,proto3" json:"version,omitempty"`
-	Height  int32  `protobuf:"varint,4,opt,name=height,proto3" json:"height,omitempty"`
+	Key   []byte `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+	// version is block height
+	Version int64 `protobuf:"varint,3,opt,name=version,proto3" json:"version,omitempty"`
+	// height is depth of the tree.
+	Height int32 `protobuf:"varint,4,opt,name=height,proto3" json:"height,omitempty"`
 }

 func (m *SnapshotIAVLItem) Reset()         { *m = SnapshotIAVLItem{} }
--- a/x/authz/authz.pb.go
+++ b/x/authz/authz.pb.go
@ -109,15 +109,58 @@ func (m *Grant) XXX_DiscardUnknown() {

 var xxx_messageInfo_Grant proto.InternalMessageInfo

+// GrantAuthorization extends a grant with both the addresses of the grantee and granter.
+// It is used in genesis.proto and query.proto
+type GrantAuthorization struct {
+	Granter       string     `protobuf:"bytes,1,opt,name=granter,proto3" json:"granter,omitempty"`
+	Grantee       string     `protobuf:"bytes,2,opt,name=grantee,proto3" json:"grantee,omitempty"`
+	Authorization *types.Any `protobuf:"bytes,3,opt,name=authorization,proto3" json:"authorization,omitempty"`
+	Expiration    time.Time  `protobuf:"bytes,4,opt,name=expiration,proto3,stdtime" json:"expiration"`
+}
+
+func (m *GrantAuthorization) Reset()         { *m = GrantAuthorization{} }
+func (m *GrantAuthorization) String() string { return proto.CompactTextString(m) }
+func (*GrantAuthorization) ProtoMessage()    {}
+func (*GrantAuthorization) Descriptor() ([]byte, []int) {
+	return fileDescriptor_544dc2e84b61c637, []int{2}
+}
+func (m *GrantAuthorization) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *GrantAuthorization) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_GrantAuthorization.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *GrantAuthorization) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_GrantAuthorization.Merge(m, src)
+}
+func (m *GrantAuthorization) XXX_Size() int {
+	return m.Size()
+}
+func (m *GrantAuthorization) XXX_DiscardUnknown() {
+	xxx_messageInfo_GrantAuthorization.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_GrantAuthorization proto.InternalMessageInfo
+
 func init() {
 	proto.RegisterType((*GenericAuthorization)(nil), "cosmos.authz.v1beta1.GenericAuthorization")
 	proto.RegisterType((*Grant)(nil), "cosmos.authz.v1beta1.Grant")
+	proto.RegisterType((*GrantAuthorization)(nil), "cosmos.authz.v1beta1.GrantAuthorization")
 }

 func init() { proto.RegisterFile("cosmos/authz/v1beta1/authz.proto", fileDescriptor_544dc2e84b61c637) }

 var fileDescriptor_544dc2e84b61c637 = []byte{
-	// 303 bytes of a gzipped FileDescriptorProto
+	// 343 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x48, 0xce, 0x2f, 0xce,
 	0xcd, 0x2f, 0xd6, 0x4f, 0x2c, 0x2d, 0xc9, 0xa8, 0xd2, 0x2f, 0x33, 0x4c, 0x4a, 0x2d, 0x49, 0x34,
 	0x84, 0xf0, 0xf4, 0x0a, 0x8a, 0xf2, 0x4b, 0xf2, 0x85, 0x44, 0x20, 0x2a, 0xf4, 0x20, 0x62, 0x50,
@ -132,11 +175,14 @@ var fileDescriptor_544dc2e84b61c637 = []byte{
 	0x41, 0x6c, 0xd6, 0x83, 0xd9, 0xac, 0xe7, 0x98, 0x57, 0xe9, 0x24, 0x78, 0x0a, 0xdd, 0xa4, 0x20,
 	0x54, 0xdd, 0x42, 0x2e, 0x5c, 0x5c, 0xa9, 0x15, 0x05, 0x99, 0x45, 0x10, 0xb3, 0x98, 0xc0, 0x66,
 	0x49, 0x61, 0x98, 0x15, 0x02, 0xf3, 0xbc, 0x13, 0xc7, 0x89, 0x7b, 0xf2, 0x0c, 0x13, 0xee, 0xcb,
-	0x33, 0x06, 0x21, 0xe9, 0x73, 0x72, 0x3a, 0xf1, 0x50, 0x8e, 0xe1, 0xc4, 0x23, 0x39, 0xc6, 0x0b,
-	0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92, 0x63, 0x9c, 0xf0, 0x58, 0x8e, 0xe1, 0xc2, 0x63, 0x39, 0x86,
-	0x1b, 0x8f, 0xe5, 0x18, 0xa2, 0x54, 0xd2, 0x33, 0x4b, 0x32, 0x4a, 0x93, 0xf4, 0x92, 0xf3, 0x73,
-	0xa1, 0x81, 0x0c, 0xa5, 0x74, 0x8b, 0x53, 0xb2, 0xf5, 0x2b, 0x20, 0x11, 0x95, 0xc4, 0x06, 0xb6,
-	0xcd, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0x6e, 0xbe, 0xf1, 0x5a, 0xcd, 0x01, 0x00, 0x00,
+	0x33, 0x06, 0x21, 0xe9, 0x53, 0xba, 0xcb, 0xc8, 0x25, 0x04, 0x76, 0x1e, 0xaa, 0xd7, 0x24, 0xb8,
+	0xd8, 0xd3, 0x41, 0xa2, 0xa9, 0x45, 0x50, 0xef, 0xc1, 0xb8, 0x08, 0x99, 0x54, 0xb0, 0x9d, 0x70,
+	0x99, 0x54, 0x4c, 0xff, 0x31, 0x53, 0xd1, 0x7f, 0x2c, 0xe4, 0xf9, 0xcf, 0xc9, 0xe9, 0xc4, 0x43,
+	0x39, 0x86, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, 0xc2,
+	0x63, 0x39, 0x86, 0x0b, 0x8f, 0xe5, 0x18, 0x6e, 0x3c, 0x96, 0x63, 0x88, 0x52, 0x49, 0xcf, 0x2c,
+	0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0x85, 0x26, 0x22, 0x28, 0xa5, 0x5b, 0x9c, 0x92, 0xad,
+	0x5f, 0x01, 0x49, 0x88, 0x49, 0x6c, 0x60, 0xdb, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf5,
+	0xd2, 0x8f, 0xb0, 0xad, 0x02, 0x00, 0x00,
 }

 func (m *GenericAuthorization) Marshal() (dAtA []byte, err error) {
@ -212,6 +258,63 @@ func (m *Grant) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }

+func (m *GrantAuthorization) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *GrantAuthorization) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *GrantAuthorization) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	n3, err3 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expiration, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expiration):])
+	if err3 != nil {
+		return 0, err3
+	}
+	i -= n3
+	i = encodeVarintAuthz(dAtA, i, uint64(n3))
+	i--
+	dAtA[i] = 0x22
+	if m.Authorization != nil {
+		{
+			size, err := m.Authorization.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintAuthz(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.Grantee) > 0 {
+		i -= len(m.Grantee)
+		copy(dAtA[i:], m.Grantee)
+		i = encodeVarintAuthz(dAtA, i, uint64(len(m.Grantee)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.Granter) > 0 {
+		i -= len(m.Granter)
+		copy(dAtA[i:], m.Granter)
+		i = encodeVarintAuthz(dAtA, i, uint64(len(m.Granter)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
 func encodeVarintAuthz(dAtA []byte, offset int, v uint64) int {
 	offset -= sovAuthz(v)
 	base := offset
@ -251,6 +354,29 @@ func (m *Grant) Size() (n int) {
 	return n
 }

+func (m *GrantAuthorization) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Granter)
+	if l > 0 {
+		n += 1 + l + sovAuthz(uint64(l))
+	}
+	l = len(m.Grantee)
+	if l > 0 {
+		n += 1 + l + sovAuthz(uint64(l))
+	}
+	if m.Authorization != nil {
+		l = m.Authorization.Size()
+		n += 1 + l + sovAuthz(uint64(l))
+	}
+	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expiration)
+	n += 1 + l + sovAuthz(uint64(l))
+	return n
+}
+
 func sovAuthz(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
@ -458,6 +584,189 @@ func (m *Grant) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *GrantAuthorization) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowAuthz
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: GrantAuthorization: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: GrantAuthorization: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Granter", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuthz
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Granter = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Grantee", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuthz
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Grantee = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Authorization", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuthz
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Authorization == nil {
+				m.Authorization = &types.Any{}
+			}
+			if err := m.Authorization.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Expiration", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAuthz
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expiration, dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipAuthz(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthAuthz
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func skipAuthz(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
--- a/x/authz/client/cli/query.go
+++ b/x/authz/client/cli/query.go
@ -27,6 +27,8 @@ func GetQueryCmd() *cobra.Command {

 	authorizationQueryCmd.AddCommand(
 		GetCmdQueryGrants(),
+		GetQueryGranterGrants(),
+		GetQueryGranteeGrants(),
 	)

 	return authorizationQueryCmd
@ -91,3 +93,99 @@ $ %s query %s grants cosmos1skjw.. cosmos1skjwj.. %s
 	flags.AddPaginationFlagsToCmd(cmd, "grants")
 	return cmd
 }
+
+func GetQueryGranterGrants() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "granter-grants [granter-addr]",
+		Args:  cobra.ExactArgs(1),
+		Short: "query authorization grants granted by granter",
+		Long: strings.TrimSpace(
+			fmt.Sprintf(`Query authorization grants granted by granter.
+Examples:
+$ %s q %s granter-grants cosmos1skj..
+`,
+				version.AppName, authz.ModuleName),
+		),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			clientCtx, err := client.GetClientQueryContext(cmd)
+			if err != nil {
+				return err
+			}
+
+			granter, err := sdk.AccAddressFromBech32(args[0])
+			if err != nil {
+				return err
+			}
+
+			pageReq, err := client.ReadPageRequest(cmd.Flags())
+			if err != nil {
+				return err
+			}
+
+			queryClient := authz.NewQueryClient(clientCtx)
+			res, err := queryClient.GranterGrants(
+				cmd.Context(),
+				&authz.QueryGranterGrantsRequest{
+					Granter:    granter.String(),
+					Pagination: pageReq,
+				},
+			)
+			if err != nil {
+				return err
+			}
+
+			return clientCtx.PrintProto(res)
+		},
+	}
+	flags.AddQueryFlagsToCmd(cmd)
+	flags.AddPaginationFlagsToCmd(cmd, "granter-grants")
+	return cmd
+}
+
+func GetQueryGranteeGrants() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "grantee-grants [grantee-addr]",
+		Args:  cobra.ExactArgs(1),
+		Short: "query authorization grants granted to a grantee",
+		Long: strings.TrimSpace(
+			fmt.Sprintf(`Query authorization grants granted to a grantee.
+Examples:
+$ %s q %s grantee-grants cosmos1skj..
+`,
+				version.AppName, authz.ModuleName),
+		),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			clientCtx, err := client.GetClientQueryContext(cmd)
+			if err != nil {
+				return err
+			}
+
+			grantee, err := sdk.AccAddressFromBech32(args[0])
+			if err != nil {
+				return err
+			}
+
+			pageReq, err := client.ReadPageRequest(cmd.Flags())
+			if err != nil {
+				return err
+			}
+
+			queryClient := authz.NewQueryClient(clientCtx)
+			res, err := queryClient.GranteeGrants(
+				cmd.Context(),
+				&authz.QueryGranteeGrantsRequest{
+					Grantee:    grantee.String(),
+					Pagination: pageReq,
+				},
+			)
+			if err != nil {
+				return err
+			}
+
+			return clientCtx.PrintProto(res)
+		},
+	}
+	flags.AddQueryFlagsToCmd(cmd)
+	flags.AddPaginationFlagsToCmd(cmd, "grantee-grants")
+	return cmd
+}
--- a/x/authz/client/rest/grpc_query_test.go
+++ b/x/authz/client/rest/grpc_query_test.go
@ -1,3 +1,4 @@
+//go:build norace
 // +build norace

 package rest_test
@ -218,7 +219,9 @@ func (s *IntegrationTestSuite) TestQueryGrantsGRPC() {
 		tc := tc
 		s.Run(tc.name, func() {
 			tc.preRun()
-			resp, _ := rest.GetRequest(tc.url)
+			resp, err := rest.GetRequest(tc.url)
+			s.Require().NoError(err)
+
 			if tc.expectErr {
 				s.Require().Contains(string(resp), tc.errMsg)
 			} else {
@ -232,6 +235,108 @@ func (s *IntegrationTestSuite) TestQueryGrantsGRPC() {
 	}
 }

-func TestIntegrationTestSuite(t *testing.T) {
-	suite.Run(t, new(IntegrationTestSuite))
+func (s *IntegrationTestSuite) TestQueryGranterGrantsGRPC() {
+	val := s.network.Validators[0]
+	grantee := s.grantee[1]
+	require := s.Require()
+
+	testCases := []struct {
+		name      string
+		url       string
+		expectErr bool
+		errMsg    string
+		numItems  int
+	}{
+		{
+			"invalid account address",
+			fmt.Sprintf("%s/cosmos/authz/v1beta1/grants/granter/%s", val.APIAddress, "invalid address"),
+			true,
+			"decoding bech32 failed",
+			0,
+		},
+		{
+			"no authorizations found",
+			fmt.Sprintf("%s/cosmos/authz/v1beta1/grants/granter/%s", val.APIAddress, grantee.String()),
+			false,
+			"",
+			0,
+		},
+		{
+			"valid query",
+			fmt.Sprintf("%s/cosmos/authz/v1beta1/grants/granter/%s", val.APIAddress, val.Address.String()),
+			false,
+			"",
+			7,
+		},
+	}
+	for _, tc := range testCases {
+		s.Run(tc.name, func() {
+			resp, err := rest.GetRequest(tc.url)
+			require.NoError(err)
+
+			if tc.expectErr {
+				require.Contains(string(resp), tc.errMsg)
+			} else {
+				var authorizations authz.QueryGranterGrantsResponse
+				err := val.ClientCtx.Codec.UnmarshalJSON(resp, &authorizations)
+				require.NoError(err)
+				// FIXME: https://github.com/cosmos/cosmos-sdk/issues/10965
+				require.Len(authorizations.Grants, tc.numItems)
+			}
+
+		})
+	}
+}
+
+func (s *IntegrationTestSuite) TestQueryGranteeGrantsGRPC() {
+	val := s.network.Validators[0]
+	grantee := s.grantee[1]
+	require := s.Require()
+
+	testCases := []struct {
+		name      string
+		url       string
+		expectErr bool
+		errMsg    string
+		numItems  int
+	}{
+		{
+			"invalid account address",
+			fmt.Sprintf("%s/cosmos/authz/v1beta1/grants/grantee/%s", val.APIAddress, "invalid address"),
+			true,
+			"decoding bech32 failed",
+			0,
+		},
+		{
+			"no authorizations found",
+			fmt.Sprintf("%s/cosmos/authz/v1beta1/grants/grantee/%s", val.APIAddress, val.Address.String()),
+			false,
+			"",
+			0,
+		},
+		{
+			"valid query",
+			fmt.Sprintf("%s/cosmos/authz/v1beta1/grants/grantee/%s", val.APIAddress, grantee.String()),
+			false,
+			"",
+			1,
+		},
+	}
+	for _, tc := range testCases {
+		s.Run(tc.name, func() {
+			resp, err := rest.GetRequest(tc.url)
+			require.NoError(err)
+
+			if tc.expectErr {
+				require.Contains(string(resp), tc.errMsg)
+			} else {
+				var authorizations authz.QueryGranteeGrantsResponse
+				err := val.ClientCtx.Codec.UnmarshalJSON(resp, &authorizations)
+				require.NoError(err)
+				// FIXME: https://github.com/cosmos/cosmos-sdk/issues/10965
+				require.Len(authorizations.Grants, tc.numItems)
+			}
+
+		})
+	}
 }
--- a/x/authz/client/testutil/cli_test.go
+++ b/x/authz/client/testutil/cli_test.go
@ -1,3 +1,4 @@
+//go:build norace
 // +build norace

 package testutil
--- a/x/authz/genesis.pb.go
+++ b/x/authz/genesis.pb.go
@ -5,23 +5,17 @@ package authz

 import (
 	fmt "fmt"
-	types "github.com/cosmos/cosmos-sdk/codec/types"
 	_ "github.com/gogo/protobuf/gogoproto"
 	proto "github.com/gogo/protobuf/proto"
-	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
-	_ "github.com/regen-network/cosmos-proto"
-	_ "google.golang.org/protobuf/types/known/timestamppb"
 	io "io"
 	math "math"
 	math_bits "math/bits"
-	time "time"
 )

 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
-var _ = time.Kitchen

 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
@ -74,78 +68,8 @@ func (m *GenesisState) GetAuthorization() []GrantAuthorization {
 	return nil
 }

-// GrantAuthorization defines the GenesisState/GrantAuthorization type.
-type GrantAuthorization struct {
-	Granter       string     `protobuf:"bytes,1,opt,name=granter,proto3" json:"granter,omitempty"`
-	Grantee       string     `protobuf:"bytes,2,opt,name=grantee,proto3" json:"grantee,omitempty"`
-	Authorization *types.Any `protobuf:"bytes,3,opt,name=authorization,proto3" json:"authorization,omitempty"`
-	Expiration    time.Time  `protobuf:"bytes,4,opt,name=expiration,proto3,stdtime" json:"expiration"`
-}
-
-func (m *GrantAuthorization) Reset()         { *m = GrantAuthorization{} }
-func (m *GrantAuthorization) String() string { return proto.CompactTextString(m) }
-func (*GrantAuthorization) ProtoMessage()    {}
-func (*GrantAuthorization) Descriptor() ([]byte, []int) {
-	return fileDescriptor_4c2fbb971da7c892, []int{1}
-}
-func (m *GrantAuthorization) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *GrantAuthorization) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	if deterministic {
-		return xxx_messageInfo_GrantAuthorization.Marshal(b, m, deterministic)
-	} else {
-		b = b[:cap(b)]
-		n, err := m.MarshalToSizedBuffer(b)
-		if err != nil {
-			return nil, err
-		}
-		return b[:n], nil
-	}
-}
-func (m *GrantAuthorization) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GrantAuthorization.Merge(m, src)
-}
-func (m *GrantAuthorization) XXX_Size() int {
-	return m.Size()
-}
-func (m *GrantAuthorization) XXX_DiscardUnknown() {
-	xxx_messageInfo_GrantAuthorization.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GrantAuthorization proto.InternalMessageInfo
-
-func (m *GrantAuthorization) GetGranter() string {
-	if m != nil {
-		return m.Granter
-	}
-	return ""
-}
-
-func (m *GrantAuthorization) GetGrantee() string {
-	if m != nil {
-		return m.Grantee
-	}
-	return ""
-}
-
-func (m *GrantAuthorization) GetAuthorization() *types.Any {
-	if m != nil {
-		return m.Authorization
-	}
-	return nil
-}
-
-func (m *GrantAuthorization) GetExpiration() time.Time {
-	if m != nil {
-		return m.Expiration
-	}
-	return time.Time{}
-}
-
 func init() {
 	proto.RegisterType((*GenesisState)(nil), "cosmos.authz.v1beta1.GenesisState")
-	proto.RegisterType((*GrantAuthorization)(nil), "cosmos.authz.v1beta1.GrantAuthorization")
 }

 func init() {
@ -153,29 +77,20 @@ func init() {
 }

 var fileDescriptor_4c2fbb971da7c892 = []byte{
-	// 337 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x52, 0xbb, 0x6e, 0xc2, 0x30,
-	0x14, 0x8d, 0x0b, 0xea, 0xc3, 0x94, 0xa1, 0x11, 0x43, 0xca, 0x60, 0x10, 0xea, 0x90, 0x05, 0x5b,
-	0xd0, 0xbd, 0x12, 0x51, 0x25, 0xa6, 0x2e, 0x94, 0xa9, 0x4b, 0xe5, 0x80, 0x6b, 0xac, 0x36, 0x31,
-	0x8a, 0x4d, 0x05, 0x7c, 0x05, 0x1f, 0xd3, 0x8f, 0x40, 0x9d, 0x18, 0xbb, 0xf4, 0x21, 0xf8, 0x91,
-	0x2a, 0x76, 0xa2, 0xf2, 0xe8, 0x94, 0x7b, 0x73, 0xce, 0x3d, 0xe7, 0xf8, 0xda, 0xb0, 0x31, 0x90,
-	0x2a, 0x92, 0x8a, 0xd0, 0x89, 0x1e, 0xcd, 0xc9, 0x6b, 0x2b, 0x64, 0x9a, 0xb6, 0x08, 0x67, 0x31,
-	0x53, 0x42, 0xe1, 0x71, 0x22, 0xb5, 0x74, 0x2b, 0x96, 0x83, 0x0d, 0x07, 0x67, 0x9c, 0x6a, 0x8d,
-	0x4b, 0xc9, 0x5f, 0x18, 0x31, 0x9c, 0x70, 0xf2, 0x44, 0xb4, 0x88, 0x98, 0xd2, 0x34, 0x1a, 0xdb,
-	0xb1, 0xea, 0xe5, 0x3e, 0x81, 0xc6, 0xb3, 0x0c, 0xaa, 0x70, 0xc9, 0xa5, 0x29, 0x49, 0x5a, 0xe5,
-	0x03, 0xd6, 0xe7, 0xd1, 0x02, 0x99, 0xa9, 0x69, 0x1a, 0x43, 0x78, 0xde, 0xb5, 0x99, 0xee, 0x35,
-	0xd5, 0xcc, 0xed, 0xc3, 0x72, 0x9a, 0x46, 0x26, 0x62, 0x4e, 0xb5, 0x90, 0xb1, 0x07, 0xea, 0x05,
-	0xbf, 0xd4, 0xf6, 0xf1, 0x7f, 0x51, 0x71, 0x37, 0xa1, 0xb1, 0xee, 0x6c, 0xf3, 0x83, 0xe2, 0xf2,
-	0xab, 0xe6, 0xf4, 0x76, 0x45, 0x1a, 0x9f, 0x00, 0xba, 0x87, 0x5c, 0xd7, 0x83, 0x27, 0x3c, 0xfd,
-	0xcb, 0x12, 0x0f, 0xd4, 0x81, 0x7f, 0xd6, 0xcb, 0xdb, 0x3f, 0x84, 0x79, 0x47, 0xdb, 0x08, 0x73,
-	0xef, 0xf6, 0x03, 0x16, 0xea, 0xc0, 0x2f, 0xb5, 0x2b, 0xd8, 0x2e, 0x05, 0xe7, 0x4b, 0xc1, 0x9d,
-	0x78, 0x16, 0x5c, 0xbc, 0xbf, 0x35, 0xcb, 0x3b, 0x9e, 0x7b, 0xc9, 0xdc, 0x5b, 0x08, 0xd9, 0x74,
-	0x2c, 0x12, 0xab, 0x55, 0x34, 0x5a, 0xd5, 0x03, 0xad, 0x7e, 0x7e, 0x03, 0xc1, 0x69, 0x7a, 0xbc,
-	0xc5, 0x77, 0x0d, 0xf4, 0xb6, 0xe6, 0x82, 0x9b, 0xe5, 0x1a, 0x81, 0xd5, 0x1a, 0x81, 0x9f, 0x35,
-	0x02, 0x8b, 0x0d, 0x72, 0x56, 0x1b, 0xe4, 0x7c, 0x6c, 0x90, 0xf3, 0x70, 0xc5, 0x85, 0x1e, 0x4d,
-	0x42, 0x3c, 0x90, 0x51, 0xb6, 0xf8, 0xec, 0xd3, 0x54, 0xc3, 0x67, 0x32, 0xb5, 0xcf, 0x23, 0x3c,
-	0x36, 0x4e, 0xd7, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x7c, 0xdb, 0x6c, 0xcb, 0x35, 0x02, 0x00,
-	0x00,
+	// 206 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x4a, 0xce, 0x2f, 0xce,
+	0xcd, 0x2f, 0xd6, 0x4f, 0x2c, 0x2d, 0xc9, 0xa8, 0xd2, 0x2f, 0x33, 0x4c, 0x4a, 0x2d, 0x49, 0x34,
+	0xd4, 0x4f, 0x4f, 0xcd, 0x4b, 0x2d, 0xce, 0x2c, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12,
+	0x81, 0xa8, 0xd1, 0x03, 0xab, 0xd1, 0x83, 0xaa, 0x91, 0x12, 0x49, 0xcf, 0x4f, 0xcf, 0x07, 0x2b,
+	0xd0, 0x07, 0xb1, 0x20, 0x6a, 0xa5, 0x14, 0xb0, 0x9a, 0x07, 0xd1, 0x09, 0x56, 0xa1, 0x94, 0xc2,
+	0xc5, 0xe3, 0x0e, 0x31, 0x3e, 0xb8, 0x24, 0xb1, 0x24, 0x55, 0x28, 0x84, 0x8b, 0x17, 0x24, 0x9d,
+	0x5f, 0x94, 0x59, 0x95, 0x58, 0x92, 0x99, 0x9f, 0x27, 0xc1, 0xa8, 0xc0, 0xac, 0xc1, 0x6d, 0xa4,
+	0xa1, 0x87, 0xcd, 0x56, 0x3d, 0xf7, 0xa2, 0xc4, 0xbc, 0x12, 0x47, 0x64, 0xf5, 0x4e, 0x2c, 0x27,
+	0xee, 0xc9, 0x33, 0x04, 0xa1, 0x1a, 0xe2, 0x64, 0x77, 0xe2, 0x91, 0x1c, 0xe3, 0x85, 0x47, 0x72,
+	0x8c, 0x0f, 0x1e, 0xc9, 0x31, 0x4e, 0x78, 0x2c, 0xc7, 0x70, 0xe1, 0xb1, 0x1c, 0xc3, 0x8d, 0xc7,
+	0x72, 0x0c, 0x51, 0x2a, 0xe9, 0x99, 0x25, 0x19, 0xa5, 0x49, 0x7a, 0xc9, 0xf9, 0xb9, 0xfa, 0x50,
+	0xc7, 0x42, 0x28, 0xdd, 0xe2, 0x94, 0x6c, 0xfd, 0x0a, 0x88, 0x5b, 0x93, 0xd8, 0xc0, 0x8e, 0x35,
+	0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0xb9, 0xd2, 0x41, 0x42, 0x20, 0x01, 0x00, 0x00,
 }

 func (m *GenesisState) Marshal() (dAtA []byte, err error) {
@ -215,63 +130,6 @@ func (m *GenesisState) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }

-func (m *GrantAuthorization) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *GrantAuthorization) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *GrantAuthorization) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expiration, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expiration):])
-	if err1 != nil {
-		return 0, err1
-	}
-	i -= n1
-	i = encodeVarintGenesis(dAtA, i, uint64(n1))
-	i--
-	dAtA[i] = 0x22
-	if m.Authorization != nil {
-		{
-			size, err := m.Authorization.MarshalToSizedBuffer(dAtA[:i])
-			if err != nil {
-				return 0, err
-			}
-			i -= size
-			i = encodeVarintGenesis(dAtA, i, uint64(size))
-		}
-		i--
-		dAtA[i] = 0x1a
-	}
-	if len(m.Grantee) > 0 {
-		i -= len(m.Grantee)
-		copy(dAtA[i:], m.Grantee)
-		i = encodeVarintGenesis(dAtA, i, uint64(len(m.Grantee)))
-		i--
-		dAtA[i] = 0x12
-	}
-	if len(m.Granter) > 0 {
-		i -= len(m.Granter)
-		copy(dAtA[i:], m.Granter)
-		i = encodeVarintGenesis(dAtA, i, uint64(len(m.Granter)))
-		i--
-		dAtA[i] = 0xa
-	}
-	return len(dAtA) - i, nil
-}
-
 func encodeVarintGenesis(dAtA []byte, offset int, v uint64) int {
 	offset -= sovGenesis(v)
 	base := offset
@ -298,29 +156,6 @@ func (m *GenesisState) Size() (n int) {
 	return n
 }

-func (m *GrantAuthorization) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = len(m.Granter)
-	if l > 0 {
-		n += 1 + l + sovGenesis(uint64(l))
-	}
-	l = len(m.Grantee)
-	if l > 0 {
-		n += 1 + l + sovGenesis(uint64(l))
-	}
-	if m.Authorization != nil {
-		l = m.Authorization.Size()
-		n += 1 + l + sovGenesis(uint64(l))
-	}
-	l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expiration)
-	n += 1 + l + sovGenesis(uint64(l))
-	return n
-}
-
 func sovGenesis(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
@ -411,189 +246,6 @@ func (m *GenesisState) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *GrantAuthorization) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenesis
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= uint64(b&0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: GrantAuthorization: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: GrantAuthorization: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Granter", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenesis
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Granter = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Grantee", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenesis
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Grantee = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Authorization", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenesis
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Authorization == nil {
-				m.Authorization = &types.Any{}
-			}
-			if err := m.Authorization.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Expiration", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenesis
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.Expiration, dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenesis(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
-				return ErrInvalidLengthGenesis
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func skipGenesis(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
--- a/x/authz/keeper/grpc_query.go
+++ b/x/authz/keeper/grpc_query.go
@ -90,6 +90,109 @@ func (k Keeper) Grants(c context.Context, req *authz.QueryGrantsRequest) (*authz
 	}, nil
 }

+// GranterGrants implements the Query/GranterGrants gRPC method.
+func (k Keeper) GranterGrants(c context.Context, req *authz.QueryGranterGrantsRequest) (*authz.QueryGranterGrantsResponse, error) {
+	if req == nil {
+		return nil, status.Errorf(codes.InvalidArgument, "empty request")
+	}
+
+	granter, err := sdk.AccAddressFromBech32(req.Granter)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx := sdk.UnwrapSDKContext(c)
+	store := ctx.KVStore(k.storeKey)
+	authzStore := prefix.NewStore(store, grantStoreKey(nil, granter, ""))
+
+	var grants []*authz.GrantAuthorization
+	pageRes, err := query.FilteredPaginate(authzStore, req.Pagination, func(key []byte, value []byte,
+		accumulate bool) (bool, error) {
+		auth, err := unmarshalAuthorization(k.cdc, value)
+		if err != nil {
+			return false, err
+		}
+
+		auth1 := auth.GetAuthorization()
+		if accumulate {
+			any, err := codectypes.NewAnyWithValue(auth1)
+			if err != nil {
+				return false, status.Errorf(codes.Internal, err.Error())
+			}
+
+			grantee := firstAddressFromGrantStoreKey(key)
+			grants = append(grants, &authz.GrantAuthorization{
+				Granter:       granter.String(),
+				Grantee:       grantee.String(),
+				Authorization: any,
+				Expiration:    auth.Expiration,
+			})
+		}
+		return true, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &authz.QueryGranterGrantsResponse{
+		Grants:     grants,
+		Pagination: pageRes,
+	}, nil
+}
+
+// GranteeGrants implements the Query/GranteeGrants gRPC method.
+func (k Keeper) GranteeGrants(c context.Context, req *authz.QueryGranteeGrantsRequest) (*authz.QueryGranteeGrantsResponse, error) {
+	if req == nil {
+		return nil, status.Errorf(codes.InvalidArgument, "empty request")
+	}
+
+	grantee, err := sdk.AccAddressFromBech32(req.Grantee)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx := sdk.UnwrapSDKContext(c)
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), GrantKey)
+
+	var authorizations []*authz.GrantAuthorization
+	pageRes, err := query.FilteredPaginate(store, req.Pagination, func(key []byte, value []byte,
+		accumulate bool) (bool, error) {
+		auth, err := unmarshalAuthorization(k.cdc, value)
+		if err != nil {
+			return false, err
+		}
+
+		granter, g := addressesFromGrantStoreKey(append(GrantKey, key...))
+		if !g.Equals(grantee) {
+			return false, nil
+		}
+
+		auth1 := auth.GetAuthorization()
+		if accumulate {
+			any, err := codectypes.NewAnyWithValue(auth1)
+			if err != nil {
+				return false, status.Errorf(codes.Internal, err.Error())
+			}
+
+			authorizations = append(authorizations, &authz.GrantAuthorization{
+				Authorization: any,
+				Expiration:    auth.Expiration,
+				Granter:       granter.String(),
+				Grantee:       grantee.String(),
+			})
+		}
+		return true, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &authz.QueryGranteeGrantsResponse{
+		Grants:     authorizations,
+		Pagination: pageRes,
+	}, nil
+}
+
 // unmarshal an authorization from a store value
 func unmarshalAuthorization(cdc codec.BinaryCodec, value []byte) (v authz.Grant, err error) {
 	err = cdc.Unmarshal(value, &v)
--- a/x/authz/keeper/grpc_query_test.go
+++ b/x/authz/keeper/grpc_query_test.go
@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/require"

 	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/types/query"
 	"github.com/cosmos/cosmos-sdk/x/authz"
 	banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
 )
@ -162,3 +163,155 @@ func (suite *TestSuite) TestGRPCQueryAuthorizations() {
 		})
 	}
 }
+
+func (suite *TestSuite) TestGRPCQueryGranterGrants() {
+	require := suite.Require()
+	app, ctx, queryClient, addrs := suite.app, suite.ctx, suite.queryClient, suite.addrs
+
+	testCases := []struct {
+		msg      string
+		preRun   func()
+		expError bool
+		request  authz.QueryGranterGrantsRequest
+		numItems int
+	}{
+		{
+			"fail invalid granter addr",
+			func() {},
+			true,
+			authz.QueryGranterGrantsRequest{},
+			0,
+		},
+		{
+			"valid case, single authorization",
+			func() {
+				now := ctx.BlockHeader().Time
+				newCoins := sdk.NewCoins(sdk.NewInt64Coin("steak", 100))
+				authorization := &banktypes.SendAuthorization{SpendLimit: newCoins}
+				err := app.AuthzKeeper.SaveGrant(ctx, addrs[1], addrs[0], authorization, now.Add(time.Hour))
+				require.NoError(err)
+			},
+			false,
+			authz.QueryGranterGrantsRequest{
+				Granter: addrs[0].String(),
+			},
+			1,
+		},
+		{
+			"valid case, multiple authorization",
+			func() {
+				now := ctx.BlockHeader().Time
+				newCoins := sdk.NewCoins(sdk.NewInt64Coin("steak", 100))
+				authorization := &banktypes.SendAuthorization{SpendLimit: newCoins}
+				err := app.AuthzKeeper.SaveGrant(ctx, addrs[2], addrs[0], authorization, now.Add(time.Hour))
+				require.NoError(err)
+			},
+			false,
+			authz.QueryGranterGrantsRequest{
+				Granter: addrs[0].String(),
+			},
+			2,
+		},
+		{
+			"valid case, pagination",
+			func() {},
+			false,
+			authz.QueryGranterGrantsRequest{
+				Granter: addrs[0].String(),
+				Pagination: &query.PageRequest{
+					Limit: 1,
+				},
+			},
+			1,
+		},
+	}
+
+	for _, tc := range testCases {
+		suite.Run(fmt.Sprintf("Case %s", tc.msg), func() {
+			tc.preRun()
+			result, err := queryClient.GranterGrants(gocontext.Background(), &tc.request)
+			if tc.expError {
+				require.Error(err)
+			} else {
+				require.NoError(err)
+				require.Len(result.Grants, tc.numItems)
+			}
+		})
+	}
+}
+
+func (suite *TestSuite) TestGRPCQueryGranteeGrants() {
+	require := suite.Require()
+	app, ctx, queryClient, addrs := suite.app, suite.ctx, suite.queryClient, suite.addrs
+
+	testCases := []struct {
+		msg      string
+		preRun   func()
+		expError bool
+		request  authz.QueryGranteeGrantsRequest
+		numItems int
+	}{
+		{
+			"fail invalid granter addr",
+			func() {},
+			true,
+			authz.QueryGranteeGrantsRequest{},
+			0,
+		},
+		{
+			"valid case, single authorization",
+			func() {
+				now := ctx.BlockHeader().Time
+				newCoins := sdk.NewCoins(sdk.NewInt64Coin("steak", 100))
+				authorization := &banktypes.SendAuthorization{SpendLimit: newCoins}
+				err := app.AuthzKeeper.SaveGrant(ctx, addrs[0], addrs[1], authorization, now.Add(time.Hour))
+				require.NoError(err)
+			},
+			false,
+			authz.QueryGranteeGrantsRequest{
+				Grantee: addrs[0].String(),
+			},
+			1,
+		},
+		{
+			"valid case, multiple authorization",
+			func() {
+				now := ctx.BlockHeader().Time
+				newCoins := sdk.NewCoins(sdk.NewInt64Coin("steak", 100))
+				authorization := &banktypes.SendAuthorization{SpendLimit: newCoins}
+				err := app.AuthzKeeper.SaveGrant(ctx, addrs[0], addrs[2], authorization, now.Add(time.Hour))
+				require.NoError(err)
+			},
+			false,
+			authz.QueryGranteeGrantsRequest{
+				Grantee: addrs[0].String(),
+			},
+			2,
+		},
+		{
+			"valid case, pagination",
+			func() {},
+			false,
+			authz.QueryGranteeGrantsRequest{
+				Grantee: addrs[0].String(),
+				Pagination: &query.PageRequest{
+					Limit: 1,
+				},
+			},
+			1,
+		},
+	}
+
+	for _, tc := range testCases {
+		suite.Run(fmt.Sprintf("Case %s", tc.msg), func() {
+			tc.preRun()
+			result, err := queryClient.GranteeGrants(gocontext.Background(), &tc.request)
+			if tc.expError {
+				require.Error(err)
+			} else {
+				require.NoError(err)
+				require.Len(result.Grants, tc.numItems)
+			}
+		})
+	}
+}
--- a/x/authz/keeper/keys.go
+++ b/x/authz/keeper/keys.go
@ -45,3 +45,9 @@ func addressesFromGrantStoreKey(key []byte) (granterAddr, granteeAddr sdk.AccAdd

 	return granterAddr, granteeAddr
 }
+
+// firstAddressFromGrantStoreKey parses the first address only
+func firstAddressFromGrantStoreKey(key []byte) sdk.AccAddress {
+	addrLen := key[0]
+	return sdk.AccAddress(key[1 : 1+addrLen])
+}
--- a/x/authz/query.pb.go
+++ b/x/authz/query.pb.go
--- a/x/authz/query.pb.gw.go
+++ b/x/authz/query.pb.gw.go
@ -67,6 +67,150 @@ func local_request_Query_Grants_0(ctx context.Context, marshaler runtime.Marshal

 }

+var (
+	filter_Query_GranterGrants_0 = &utilities.DoubleArray{Encoding: map[string]int{"granter": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
+)
+
+func request_Query_GranterGrants_0(ctx context.Context, marshaler runtime.Marshaler, client QueryClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq QueryGranterGrantsRequest
+	var metadata runtime.ServerMetadata
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["granter"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "granter")
+	}
+
+	protoReq.Granter, err = runtime.String(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "granter", err)
+	}
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_GranterGrants_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.GranterGrants(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_Query_GranterGrants_0(ctx context.Context, marshaler runtime.Marshaler, server QueryServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq QueryGranterGrantsRequest
+	var metadata runtime.ServerMetadata
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["granter"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "granter")
+	}
+
+	protoReq.Granter, err = runtime.String(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "granter", err)
+	}
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_GranterGrants_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.GranterGrants(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
+var (
+	filter_Query_GranteeGrants_0 = &utilities.DoubleArray{Encoding: map[string]int{"grantee": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
+)
+
+func request_Query_GranteeGrants_0(ctx context.Context, marshaler runtime.Marshaler, client QueryClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq QueryGranteeGrantsRequest
+	var metadata runtime.ServerMetadata
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["grantee"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "grantee")
+	}
+
+	protoReq.Grantee, err = runtime.String(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "grantee", err)
+	}
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_GranteeGrants_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.GranteeGrants(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_Query_GranteeGrants_0(ctx context.Context, marshaler runtime.Marshaler, server QueryServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq QueryGranteeGrantsRequest
+	var metadata runtime.ServerMetadata
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["grantee"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "grantee")
+	}
+
+	protoReq.Grantee, err = runtime.String(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "grantee", err)
+	}
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_GranteeGrants_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.GranteeGrants(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
 // RegisterQueryHandlerServer registers the http handlers for service Query to "mux".
 // UnaryRPC     :call QueryServer directly.
 // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906.
@ -93,6 +237,46 @@ func RegisterQueryHandlerServer(ctx context.Context, mux *runtime.ServeMux, serv

 	})

+	mux.Handle("GET", pattern_Query_GranterGrants_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_Query_GranterGrants_0(rctx, inboundMarshaler, server, req, pathParams)
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_Query_GranterGrants_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_Query_GranteeGrants_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_Query_GranteeGrants_0(rctx, inboundMarshaler, server, req, pathParams)
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_Query_GranteeGrants_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	return nil
 }

@ -154,13 +338,61 @@ func RegisterQueryHandlerClient(ctx context.Context, mux *runtime.ServeMux, clie

 	})

+	mux.Handle("GET", pattern_Query_GranterGrants_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_Query_GranterGrants_0(rctx, inboundMarshaler, client, req, pathParams)
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_Query_GranterGrants_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
+	mux.Handle("GET", pattern_Query_GranteeGrants_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_Query_GranteeGrants_0(rctx, inboundMarshaler, client, req, pathParams)
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_Query_GranteeGrants_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	return nil
 }

 var (
 	pattern_Query_Grants_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"cosmos", "authz", "v1beta1", "grants"}, "", runtime.AssumeColonVerbOpt(false)))
+
+	pattern_Query_GranterGrants_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 2, 4, 1, 0, 4, 1, 5, 4}, []string{"cosmos", "authz", "v1beta1", "grants", "granter"}, "", runtime.AssumeColonVerbOpt(false)))
+
+	pattern_Query_GranteeGrants_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 2, 4, 1, 0, 4, 1, 5, 4}, []string{"cosmos", "authz", "v1beta1", "grants", "grantee"}, "", runtime.AssumeColonVerbOpt(false)))
 )

 var (
 	forward_Query_Grants_0 = runtime.ForwardResponseMessage
+
+	forward_Query_GranterGrants_0 = runtime.ForwardResponseMessage
+
+	forward_Query_GranteeGrants_0 = runtime.ForwardResponseMessage
 )