Restrict CREATEROLE privilege grant to NOLOGIN only?

Is it possible to create a login user who themselves can CREATE ROLE NOLOGIN but not CREATE ROLE LOGIN? Here’s an example of the behavior I’d like to achieve.

$ psql
postgres=> CREATE USER admin WITH PASSWORD 'mypassword' CREATEROLE;
postgres=> — revoke something?
postgres=> \q

$ psql -U admin -W
postgres=> CREATE ROLE myrole;
CREATE ROLE
postgres=> CREATE USER myuser WITH PASSWORD '1234’;
ERROR: permission denied to create role

Of course, as written the final “CREATE USER” statement succeeds in reality.

Thanks,
Alex

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general