Hi Sergio,
Thanks for your response. How do you define an "admin"? It seems like any catalog (runtime) role, regardless of who creates it, can only be revoked by the grantor of the role. Are you referring to repository roles?
Then back to my 2nd question, what's the rationale behind not allowing ROLE ADMIN users to revoke a role granted by someone else? I don't really get it, and it's causing pain. It means the only way to revoke a role granted by another user would be to deactivate that user, which may have other negative side effects.
It seems like repository roles don't have the same issue (i.e. the role can be revoked by a user other than the grantor), so there's an inconsistency between role types.