Only postgres user or superuser can grant CREATEROLE permission to a user or role in postgres. If you don’t have this permission, you will get ERROR: permission denied to create role.
Check permissions assigned to a user:
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------
appadm | | {}
postgres | Superuser, Create role, Create DB, | {}
Replication
Here, we can see that appadm user doesn’t have createrole privilege to create a role.
To grant CREATEROLE permission to a user in Postgres:
Connect to postgres user or any superuser and execute below command. postgres=# ALTER USER appadm createrole;
As we can see above, now appadm user has permission to create role in postgres.
You can also check Alter user options available here for more details.