Cannot create or grant roles

[Ranguna]

Running the following query:

BEGIN;
    create role test_role;
    create user test_user with encrypted password '***';
    grant test_role to test_user:
COMMIT;

Results in the following error:

ERROR: permission denied to create role (SQLSTATE 42501)

The query was performed from the UI and also programmatically with the DB owner credentials.

I tried to workaround this by creating two users through the neon UI console and then granting one user to the other (just a workaround so I can test the rest of my migration), but I was not able to grant one user to the other:

grant one_existing_user to another_existing_users;

Results in:

ERROR: must have admin option on role "one_existing_user" (SQLSTATE 42501)

The use case:
My existing migrations depend on test_role to exist and expect test_role to be granted to test_user. test_role is used in the migration scripts whilst test_user is used by the application to query the database. The migrations grant limited table access to test_role. In the future, test_role can be granted to other users to be used by other applications.

Upon further investigation, it seems the only user that has the ability to create roles is the zenith_admin user.

Is it possible to give this permission to the DB owner as well?
Seems that this is locking me out of my own DB a bit.

[Ranguna]

Any acknowledgment of the issue ?

Am I doing something wrong here ?

[kelvich]

Hey! Sorry for the slow reply. We are going to start working on this soon. Some details: #2104 We have some pipeline of features/fixes in progress, so I think we probably get to this one in September.

[Ranguna]

Thanks for the update!

[Ranguna]

Hello @kelvich were there any advancements for this one?

[Ranguna]

Any updates @kelvich ?

[kelvich]

Hey @Ranguna! Not really unfortunately. We've prioritized branching release and several integrations in favor of allowing manual user managements. Now we mostly busy with launching more aws regions and consumption metering -- we select areas of work which receive most of complains. So it is still on a roadmap waiting to be implemented.

[Ranguna]

All right, thanks for the info!

[Ranguna]

Hello @kelvich :)
Any news about this one?

[kelvich]

Hey, @Ranguna

Now we started some preparatory work for this =) High chances that it will be shipped in Q1.

As a side note -- probably we can make our roadmap more public to make it easier to track. WDYT @stepashka? Should we just open neon roadmap?

[Ranguna]

@kelvich amazing news, keep up the awesome work everyone!

[Ranguna]

Hello @kelvich, I saw that the #2104 was moved to draft, are there any updates that can be shared other than that?

[Ranguna]

Hello @kelvich!

Are there any updates that can be shared about this?

[kelvich]

Hey, @Ranguna! Yes, we've recently merged #3891 and few other patches, and will release it to prod soon. cc @save-buffer

[Ranguna]

Wow best news I've had all week, and it wasn't a calm week xD

Thanks for the update, can't wait to take neon for a spin once again!

[Ranguna]

Hello @kelvich !

Any news on this one?

[kelvich]

Hey! You can create roles now: https://neon.tech/docs/manage/roles#manage-roles-with-sql

Forgot to close this issue. Closing it now.

[Ranguna]

Nice!!!!
Thanks for all the effort and keep up the amazing work ♥