A bug was raised in the tracker item was raised 2 years ago but it remains unresolved (I was able to replicate it on Mount Orange): https://tracker.moodle.org/browse/MDL-60799
I'm flagging it here because I think it is a potentially serious issue that could cause data breaches within an organisation e.g. if a cohort was synced with a teacher role by mistake, and then an admin attempted to take corrective action to instead set it to be synced to a student role they would expect that the members of the cohort would no longer have teacher access. However, they would (and therefore access to the gradebook). Deleting a cohort method removes lots of data so often not a feasible workaround.
Hoping to draw attention to it in the right area here!