I created a role with createrole
flag, but users in this role trying to create users fail with permissions denied. Do I need to assign the createrole to each user instead of just the role (group)?
my steps were as follow:
create role group1 with nologin createrole;
create user user1 PASSWORD 'password' in role group1;
then login as user1 and trying to create user newuser
fails with the error permission denied to create role
Best Answer
According to the docs, you have to use
SET ROLE
before actually using the createrole privilege.Connect as
user1
and issueAlso, beware - CREATEROLE is in fact equivalent of superuser. This is also said in the docs.