"David Legault" <legault.david@xxxxxxxxx> writes: > I thought it would transfer that CREATEROLE privilege too. This is documented someplace ... ah, under CREATE ROLE: : The INHERIT attribute governs inheritance of grantable privileges (that : is, access privileges for database objects and role memberships). It : does not apply to the special role attributes set by CREATE ROLE and : ALTER ROLE. For example, being a member of a role with CREATEDB : privilege does not immediately grant the ability to create databases, : even if INHERIT is set; it would be necessary to become that role via : SET ROLE before creating a database. The main reason we did that is that SUPERUSER seemed a bit too dangerous to be an inheritable privilege. You could argue the other role attribute bits either way, but for simplicity they all act the same. regards, tom lane
