In Fujitsu Enterprise Postgres 16, if you want to use a non-superuser role as a secret management role, the permissions on the roles that can be set in the secret group are different, and the roles that you set in the secret group must be granted ADMIN OPTION permission on the secret confidentiality management role before they can be used.

Take one of the following actions:

• A role created with the privileges of the confidentiality management role is to be managed in the confidential group. This creates a role that grants only the ADMIN OPTIN privilege to the sensitive confidentiality management role.

• Grant ADMIN OPTION permission on the role to the sensitive management role before setting the managed role to the sensitive group.

[Example]

You want to grant only the ADMIN OPTION privilege for role "user _role1" to the confidentiality management role "manager_role".

GRANT user_role1 TO manager_role WITH ADMIN TRUE, INHERIT FALSE, SET FALSE;

If the required permissions are not set, the sensitivity management API terminates abnormally with a message similar to the following:

ERROR:  permission denied to alter role
DETAIL:  Only roles with the CREATEROLE attribute and the ADMIN option on role "user_role1" may alter this role.