These patches have been split off the now deprecated monolithic "Delegating superuser tasks to new security roles"
threadat [1].
The purpose of these patches is to fix the CREATEROLE escalation attack vector misfeature. (Not everyone will see
CREATEROLEthat way, but the perceived value of the patch set likely depends on how much you see CREATEROLE in that
light.)
[1] https://www.postgresql.org/message-id/flat/F9408A5A-B20B-42D2-9E7F-49CD3D1547BC%40enterprisedb.com
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company