Re: Q: GRANT ... WITH ADMIN on PG 17
David G. Johnston <david.g.johnston@gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Karsten Hilbert <Karsten.Hilbert@gmx.net>
Cc: Adrian Klaver <adrian.klaver@aklaver.com>, "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2025-08-21T16:11:57Z
Lists: pgsql-general
On Thursday, August 21, 2025, Karsten Hilbert <Karsten.Hilbert@gmx.net> wrote: > Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver: > > > >PG 17 documentation says that using "WITH ADMIN" allows the > > >role being added to another group role to grant/revoke > > >membership in said group to other roles. > > > > I would start by reading this: > > > > https://rhaas.blogspot.com/2023/01/surviving-without- > superuser-coming-to.html > > Thanks, I did, but did not find the answer to: Is there a > way for a role that can manage membership in a group role to > not itself be a member of that group role ? > A superuser can do this. Otherwise, no. In order to be made admin of a role on must be a member of said role - i.e., “with admin” is only part of the “grant” command. You won’t find docs talking about alternatives because they don’t exist. David J.