The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/15/role-membership.html Description:
Regarding this paragraph: "The role attributes LOGIN, SUPERUSER, CREATEDB, and CREATEROLE can be thought of as special privileges, but they are never inherited as ordinary privileges on database objects are. You must actually SET ROLE to a specific role having one of these attributes in order to make use of the attribute. Continuing the above example, we might choose to grant CREATEDB and CREATEROLE to the admin role. Then a session connecting as role joe would not have these privileges immediately, only after doing SET ROLE admin." I have checked this for CREATEROLE and this role attribute is definitely inheritable. I've created a new user with CREATE ROLE and no additional options. I've tried to create a role and could not. Then I made this user a member of a role that have the CREATEROLE attribute set to TRUE (with GRANT user_with_createrole TO new_user). With the same new user I could now create new roles. This has to mean inheritance works for this attribute. I am using DataGrip IDE and made sure in the output window that the program does not issue a 'SET ROLE' command before attempting to create a role. So creating a new role worked with the new user (by inheritance) without using 'SET ROLE' before.
