diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 0db174e6f1..0c84886e82 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -30,6 +30,7 @@
 #include "commands/defrem.h"
 #include "commands/seclabel.h"
 #include "commands/user.h"
+#include "lib/qunique.h"
 #include "libpq/crypt.h"
 #include "miscadmin.h"
 #include "storage/lmgr.h"
@@ -489,7 +490,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
 	 * Advance command counter so we can see new record; else tests in
 	 * AddRoleMems may fail.
 	 */
-	if (addroleto || adminmembers || rolemembers)
+	if (addroleto || adminmembers || rolemembers || !superuser())
 		CommandCounterIncrement();
 
 	/* Default grant. */
@@ -1904,7 +1905,8 @@ AddRoleMems(Oid currentUserId, const char *rolename, Oid roleid,
 		else
 		{
 			Oid			objectId;
-			Oid		   *newmembers = palloc(sizeof(Oid));
+			Oid		   *newmembers = (Oid *) palloc(3 * sizeof(Oid));
+			int			nnewmembers;
 
 			/*
 			 * The values for these options can be taken directly from 'popt'.
@@ -1946,12 +1948,22 @@ AddRoleMems(Oid currentUserId, const char *rolename, Oid roleid,
 									new_record, new_record_nulls);
 			CatalogTupleInsert(pg_authmem_rel, tuple);
 
-			/* updateAclDependencies wants to pfree array inputs */
-			newmembers[0] = grantorId;
+			/*
+			 * Record dependencies on the roleid, member, and grantor, as if a
+			 * pg_auth_members entry were an object ACL.
+			 * updateAclDependencies() requires an input array that is
+			 * palloc'd (it will free it), sorted, and de-duped.
+			 */
+			newmembers[0] = roleid;
+			newmembers[1] = memberid;
+			newmembers[2] = grantorId;
+			qsort(newmembers, 3, sizeof(Oid), oid_cmp);
+			nnewmembers = qunique(newmembers, 3, sizeof(Oid), oid_cmp);
+
 			updateAclDependencies(AuthMemRelationId, objectId,
 								  0, InvalidOid,
 								  0, NULL,
-								  1, newmembers);
+								  nnewmembers, newmembers);
 		}
 
 		/* CCI after each change, in case there are duplicates in list */