While the function owner has their own pg_db_role_setting preference for this setting,
Should we be pointing out that if the role with CREATEROLE isn't also a LOGIN role then there is little point to setting createrole_self_grant on it specifically? Instead this setting should be set for any user that can SET to the CREATEROLE role but does have a LOGIN attribute.