Hi, I observed some difference in behavior for granting roles.
Running as a superuser (postgres).
SQL:
create role test_group;
create role test_user;
create role test_su with superuser;
grant test_group to test_user granted by test_su;
Output on PG16 & PG17:
CREATE ROLE
CREATE ROLE
CREATE ROLE
ERROR: permission denied to grant privileges as role "test_su"
DETAIL: The grantor must have the ADMIN option on role "test_group".
The same succeeds on PG15.
This likely has to do with work that was done by Robert Haas on introducing this ADMIN option in PG16.
Surely doing “granted by some_superuser” should be allowed regardless of the ADMIN option though, right?
-Floris