[Question posted by a user on YugabyteDB Community Slack ]
I’m creating a new role that can CREATEDB which can be inherited by other roles/users:
CREATE ROLE new_role NOSUPERUSER INHERIT CREATEDB NOCREATEROLE;
CREATE ROLE new_user LOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
GRANT new_role TO new_user;
Now after I connect as new_user
, I can’t create a database:
yugabyte=> CREATE DATABASE foobar;
ERROR: permission denied to create database
Not all attributes (including CREATEDB) are inherited in PostgreSQL. You must manually assign them.
From PostgreSQL docs: PostgreSQL: Documentation: 16: 22.3. Role Membership
The role attributes LOGIN , SUPERUSER , CREATEDB , and CREATEROLE can be thought of as special privileges, but they are never inherited as ordinary privileges on database objects are.
You must actually SET ROLE
to a specific role having one of these attributes in order to make use of the attribute.