On Wed, Sep 11, 2024 at 5:09 PM Adrian Klaver <adrian.klaver@aklaver.com> wrote:
> What user did you do the above as?
My own user, which lacks SUPERUSER (I have CREATEROLE and CREATEDB
only, and LOGIN of course).
> On my Postgres 16.4 instance logged in as postgres:
> test=# create role dd_owner createrole;
> CREATE ROLE
> test=# create role dd_admin noinherit;
> CREATE ROLE
> test=# grant dd_owner to dd_admin;
> GRANT ROLE
> test=# set role dd_owner;
> SET
This failed for me, but works for you, probably because you are SUPERUSER.
> test=> grant dd_owner to current_user;
> ERROR: permission denied to grant role "dd_owner"
> DETAIL: Only roles with the ADMIN option on role "dd_owner" may grant
> this role.
A role can't grant itself to someone? Hmmm...
> test=> create role dd_user;
> CREATE ROLE
> test=> grant dd_admin to dd_user;
> ERROR: permission denied to grant role "dd_admin"
> DETAIL: Only roles with the ADMIN option on role "dd_admin" may grant
> this role.
This is the error I'm trying to fix on v16, and was OK on v14.
So your v16.4 behaves the same as my v16.1 it seems. --DD
