From d0fc03d92c5dd669c9303838ee466a59d190a8e6 Mon Sep 17 00:00:00 2001
From: Rich Loveland <rich@cockroachlabs.com>
Date: Wed, 29 Oct 2025 13:39:04 -0400
Subject: [PATCH] Unblock user table changes from long-running txns

Fixes DOC-14612
---
 src/current/v25.4/create-user.md | 1 +
 src/current/v25.4/grant.md       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/current/v25.4/create-user.md b/src/current/v25.4/create-user.md
index fa26510cc33..deee6a013c0 100644
--- a/src/current/v25.4/create-user.md
+++ b/src/current/v25.4/create-user.md
@@ -16,6 +16,7 @@ You can use the keywords `ROLE` and `USER` interchangeably. `CREATE USER` is equ
 - After creating users, you must [grant them privileges to databases and tables]({% link {{ page.version.version }}/grant.md %}).
 - All users belong to the `public` role, to which you can [grant]({% link {{ page.version.version }}/grant.md %}) and [revoke]({% link {{ page.version.version }}/revoke.md %}) privileges.
 - On secure clusters, you must [create client certificates for users]({% link {{ page.version.version }}/cockroach-cert.md %}#create-the-certificate-and-key-pair-for-a-client) and users must [authenticate their access to the cluster](#user-authentication).
+- {% include_cached new-in.html version="v25.4" %} The `CREATE USER` statement waits for full-cluster visibility of the new user metadata. It is not blocked by long-running transactions that may have accessed older metadata, and it does not create a [background job]({% link {{ page.version.version }}/show-jobs.md %}).
 
 ## Required privileges
 
diff --git a/src/current/v25.4/grant.md b/src/current/v25.4/grant.md
index 0bdeb6bac7c..68e3cf4278a 100644
--- a/src/current/v25.4/grant.md
+++ b/src/current/v25.4/grant.md
@@ -64,6 +64,7 @@ For privileges required by specific statements, see the documentation for the re
 - The `root` user is automatically created as an `admin` role and assigned the `ALL` privilege for new databases.
 - All privileges of a role are inherited by all its members.
 - Membership loops are not allowed (direct: `A is a member of B is a member of A` or indirect: `A is a member of B is a member of C ... is a member of A`).
+- {% include_cached new-in.html version="v25.4" %} When you grant role membership (for example, `GRANT {role} TO {user}`), CockroachDB waits for full-cluster visibility of the updated role metadata. The operation is not blocked by long-running transactions that may have accessed older metadata, and it does not create a [background job]({% link {{ page.version.version }}/show-jobs.md %}).
 
 ## Known limitations