diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9339925..7bdb463 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,6 +1,10 @@
 name: CI
 
-on: [push, pull_request]
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   test:
diff --git a/src/supautils.c b/src/supautils.c
index bf5cfd8..c262511 100644
--- a/src/supautils.c
+++ b/src/supautils.c
@@ -3,6 +3,7 @@
 #include <access/xact.h>
 #include <catalog/namespace.h>
 #include <catalog/pg_authid.h>
+#include <commands/defrem.h>
 #include <executor/spi.h>
 #include <fmgr.h>
 #include <miscadmin.h>
@@ -434,7 +435,7 @@ supautils_hook(PROCESS_UTILITY_PARAMS)
 							hasrolemembers = true;
 
 						// Setting the superuser attribute is not allowed.
-						if (strcmp(defel->defname, "superuser") == 0) {
+						if (strcmp(defel->defname, "superuser") == 0 && defGetBoolean(defel)) {
 							ereport(ERROR,
 									(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 									 errmsg("permission denied to create role"),
diff --git a/test/expected/privileged_role.out b/test/expected/privileged_role.out
index f587bb5..7ba3595 100644
--- a/test/expected/privileged_role.out
+++ b/test/expected/privileged_role.out
@@ -176,11 +176,19 @@ alter role authenticator nologin;
 ERROR:  "authenticator" is a reserved role, only superusers can modify it
 \echo
 
--- privileged_role cannot manage [no]superuser attribute
+-- privileged_role can create nosuperuser
+create role r nosuperuser;
+drop role r;
+\echo
+
+-- privileged_role cannot create superuser or alter [no]superuser
 create role r superuser;
 ERROR:  permission denied to create role
 DETAIL:  Only roles with the SUPERUSER attribute may create roles with the SUPERUSER attribute.
 create role r;
+alter role r nosuperuser;
+ERROR:  permission denied to alter role
+DETAIL:  Only roles with the SUPERUSER attribute may alter roles with the SUPERUSER attribute.
 alter role r superuser;
 ERROR:  permission denied to alter role
 DETAIL:  Only roles with the SUPERUSER attribute may alter roles with the SUPERUSER attribute.
diff --git a/test/sql/privileged_role.sql b/test/sql/privileged_role.sql
index 7fdc495..29b5366 100644
--- a/test/sql/privileged_role.sql
+++ b/test/sql/privileged_role.sql
@@ -132,9 +132,16 @@ alter role authenticator rename to authorized;
 alter role authenticator nologin;
 \echo
 
--- privileged_role cannot manage [no]superuser attribute
+-- privileged_role can create nosuperuser
+create role r nosuperuser;
+
+drop role r;
+\echo
+
+-- privileged_role cannot create superuser or alter [no]superuser
 create role r superuser;
 create role r;
+alter role r nosuperuser;
 alter role r superuser;
 alter role postgres nosuperuser;