Unblock user table changes from long-running txns

src/current/v25.4/create-user.md

@@ -16,6 +16,7 @@ You can use the keywords `ROLE` and `USER` interchangeably. `CREATE USER` is equ
 - After creating users, you must [grant them privileges to databases and tables]({% link {{ page.version.version }}/grant.md %}).
 - All users belong to the `public` role, to which you can [grant]({% link {{ page.version.version }}/grant.md %}) and [revoke]({% link {{ page.version.version }}/revoke.md %}) privileges.
 - On secure clusters, you must [create client certificates for users]({% link {{ page.version.version }}/cockroach-cert.md %}#create-the-certificate-and-key-pair-for-a-client) and users must [authenticate their access to the cluster](#user-authentication).
+- {% include_cached new-in.html version="v25.4" %} The `CREATE USER` statement waits for full-cluster visibility of the new user metadata. It is not blocked by long-running transactions that may have accessed older metadata, and it does not create a [background job]({% link {{ page.version.version }}/show-jobs.md %}).
 
 ## Required privileges
 

src/current/v25.4/grant.md

@@ -64,6 +64,7 @@ For privileges required by specific statements, see the documentation for the re
 - The `root` user is automatically created as an `admin` role and assigned the `ALL` privilege for new databases.
 - All privileges of a role are inherited by all its members.
 - Membership loops are not allowed (direct: `A is a member of B is a member of A` or indirect: `A is a member of B is a member of C ... is a member of A`).
+- {% include_cached new-in.html version="v25.4" %} When you grant role membership (for example, `GRANT {role} TO {user}`), CockroachDB waits for full-cluster visibility of the updated role metadata. The operation is not blocked by long-running transactions that may have accessed older metadata, and it does not create a [background job]({% link {{ page.version.version }}/show-jobs.md %}).
 
 ## Known limitations