On Wed, Jan 25, 2023 at 7:35 AM Bruce Momjian <br...@momjian.us> wrote:
> > So, how would someone with CREATEROLE permission add people to their own > role, without superuser permission? Are we adding any security by > preventing this? > > As an encouraged design choice you wouldn't. You'd create a new group and add both yourself and the new role to it - then grant it the desired permissions. A CREATEROLE role should probably be a user (LOGIN) role and user roles should not have members. David J.
