This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 44%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
Since migrating my flexible server to postgresql version 16 my admin user can't modify roles anymore.
With version 16 it's mandatory to have WITH ADMIN OPTION on roles to be able to alter them. My problem is that it wasn't the case on version 14 and my admin user doesn't have this option before the migration.
The problem is that we can't add this option after the migration andit is not possible to rollback to version 14 of postgresql. Although in Azure it's not possible to log as a superuser so I'm really blocked right now.
Does anyone has encouter the same issue with migration to postgresql 16 and do you have a solution or workaround for this problem.
Thanks for your help.
@Davi, Thomas Welcome to Microsoft Q&A thanks for posting your question.
Sorry for the inconvenience caused when you say can't modify the roles what is the error message you are seeing?
you can also find the reascent post here which I have answered on the Postgres 16 limitations. https://learn.microsoft.com/en-us/answers/questions/1654278/azure-postgresql-flexible-server-unable-to-transfe
Regards
Geetha
@GeethaThatipatri-MSFT this is my error message. I got it with my administrator account.
ERROR: permission denied to alter role
DETAIL: To change another role's password, the current user must have the CREATEROLE attribute and the ADMIN option on the role.
@Davi, Thomas Thanks for sharing additional information, yes this is part of Postgres 16 limitation which you can go through here https://www.postgresql.org/docs/16/release-16.html
To resolve your issue, you can modify the role as shown sample below, let me know if you find any issue.
Regards
Geetha
@Davi, Thomas I am checking to see if you got a chance to look into the below response. Please let me know if you have any further questions.
Regards
Geetha
@GeethaThatipatri-MSFT This solution can't work for me as the user I want to alter is already existing. So I can't execute the CREATE USER command.
Also my admin user can't alter any role as he doesn't have the "WITH ADMIN OPTION".
For me the only solution is to have a "Super User" to grant "WITH ADMIN OPTION" to my admin user.
@Davi, Thomas Yes I understand you have to Alter the role with creator role as I mentioned above.
Regards
Geetha
@Davi, Thomas Did you get a chance to check the above message, Alter the role with creator role.
Regards
Geetha
Hey @GeethaThatipatri-MSFT , we are having the exact same problem.
We had a bunch of accounts that were created in postgres 14 and we then upgraded to 16.
Our admins only have INHERIT and SET over those roles and thus we can't, for example, drop them.
I've tried what you suggested above but I couldn't do much with it.
Can you explain it more thoroughly or provide any other solution?
Perimissions example:
psql_my_admin | service_account_staging | INHERIT, SET | azuresu
and I can't do anything on the role:
GRANT service_account_staging TO azureuser; ERROR: permission denied to grant role "service_account_staging" DETAIL: Only roles with the ADMIN option on role "service_account_staging" may grant this role.
Thanks