Creation and maintenance of roles should not require superuser status

Currently, only roles with superuser status are permitted to create/drop/grant/revoke roles, which violates the principal of least privilege. In addition, in order to run ALTER ROLE statements a user must log in directly as that role or else be a superuser. This requirement increases the (ab)use of superuser privileges, especially where roles are created without LOGIN privileges to model groups of permissions granted to individual db users. In this scenario, a superuser is always required if such roles are to be granted and modified.

We should add more granular permissions to allow administration of roles without requiring superuser status.