This tip « It is good practice to create a role that has the CREATEDB and CREATEROLE privileges, but is not a superuser, and then use this role for all routine management of databases and roles. This approach avoids the dangers of operating as a superuser for tasks that do not really require it. »
used to be found in all versions of the PG doc from (at least) Version 11 through Version 15. It was in the chapter "Role Attributes" (22.2 in "current", 21.2 in Version 11). It immediately followed this: «A role's attributes can be modified after creation with ALTER ROLE. See the reference pages for the CREATE ROLE and ALTER ROLE commands for details.» You can still find it in "privately" staged copies of the PG doc like, for example, here: postgrespro.com/docs/postgresql/10/role-attributes access.crunchydata.com/documentation/postgresql15/15.1/role-attributes.html But now it's simply vanished from both the Version 11 doc and the "current" doc. (I didn't check the versions in between.) What was the rationale for removing it? The practice recommendation makes sense to me. And I've implemented a scheme for database and role provisioning that uses just such a non-superuser with CREATEDB and CREATEROLE. I'm pleased with it.
