In Fujitsu Enterprise Postgres 16, if you want to use a non-superuser role as a confidentiality management role, you may need to set additional permissions for the confidentiality management role.

The confidentiality management role must already have the privileges it expects to operate on, other than the CREATEROLE privilege.

[Example]

If the confidentiality management role "manager_role" is also going to work with CREATEDB privileges, it will also set CREATEDB privileges when the role is created, like this:

CREATE ROLE manager_role LOGIN CREATEROLE CREATEDB;

If the required permissions are not set, the sensitivity management API terminates abnormally with a message similar to the following:

ERROR:  permission denied to create role
DETAIL:  Only roles with the CREATEDB attribute may create roles with the CREATEDB attribute.