Skip to content

create-role-transact-sql.md

Latest commit

 

History

History
129 lines (97 loc) · 5.28 KB

create-role-transact-sql.md

File metadata and controls

129 lines (97 loc) · 5.28 KB
title CREATE ROLE (Transact-SQL) | Microsoft Docs
ms.custom
ms.date 03/23/2016
ms.prod sql-non-specified
ms.reviewer
ms.suite
ms.technology
database-engine
ms.tgt_pltfrm
ms.topic language-reference
f1_keywords
CREATE ROLE
DATABASE ROLE
ROLE_TSQL
DATABASE_ROLE_TSQL
CREATE_ROLE_TSQL
CREATE DATABASE ROLE
ROLE
CREATE_DATABASE_ROLE_TSQL
dev_langs
TSQL
helpviewer_keywords
database roles [SQL Server], creating
CREATE DATABASE ROLE statement
roles [SQL Server], creating
CREATE ROLE statement
ms.assetid b0cd54ad-e81d-4d71-acec-8a6d7261ca08
caps.latest.revision 54
author BYHAM
ms.author rickbyh
manager jhubbard

CREATE ROLE (Transact-SQL)

[!INCLUDEtsql-appliesto-ss2008-all_md]

Creates a new database role in the current database.

Topic link icon Transact-SQL Syntax Conventions

Syntax

-- Syntax for SQL Server, Azure SQL Database, Azure SQL Data Warehouse, Parallel Data Warehouse  
  
CREATE ROLE role_name [ AUTHORIZATION owner_name ]

Arguments

role_name
Is the name of the role to be created.

AUTHORIZATION owner_name
Is the database user or role that is to own the new role. If no user is specified, the role will be owned by the user that executes CREATE ROLE.

Remarks

Roles are database-level securables. After you create a role, configure the database-level permissions of the role by using GRANT, DENY, and REVOKE. To add members to a database role, use ALTER ROLE (Transact-SQL). For more information, see Database-Level Roles.

Database roles are visible in the sys.database_role_members and sys.database_principals catalog views.

For information about designing a permissions system, see Getting Started with Database Engine Permissions.

Caution

[!INCLUDEssCautionUserSchema]

Permissions

Requires CREATE ROLE permission on the database or membership in the db_securityadmin fixed database role. When you use the AUTHORIZATION option, the following permissions are also required:

  • To assign ownership of a role to another user, requires IMPERSONATE permission on that user.

  • To assign ownership of a role to another role, requires membership in the recipient role or ALTER permission on that role.

  • To assign ownership of a role to an application role, requires ALTER permission on the application role.

Examples

A. Creating a database role that is owned by a database user

The following example creates the database role buyers that is owned by user BenMiller.

USE AdventureWorks2012;  
CREATE ROLE buyers AUTHORIZATION BenMiller;  
GO

B. Creating a database role that is owned by a fixed database role

The following example creates the database role auditors that is owned the db_securityadmin fixed database role.

USE AdventureWorks2012;  
CREATE ROLE auditors AUTHORIZATION db_securityadmin;  
GO

Examples: [!INCLUDEssSDWfull] and [!INCLUDEssPDW]

C. Creating a database role that is owned by a database user

The following example creates the database role buyers that is owned by user BenMiller.

-- Uses AdventureWorks  
  
CREATE ROLE buyers AUTHORIZATION BenMiller;  
GO

D. Creating a database role that is owned by a fixed database role

The following example creates the database role auditors that is owned the db_securityadmin fixed database role.

-- Uses AdventureWorks  
  
CREATE ROLE auditors AUTHORIZATION db_securityadmin;  
GO

See Also

Principals (Database Engine)
ALTER ROLE (Transact-SQL)
DROP ROLE (Transact-SQL)
EVENTDATA (Transact-SQL)
sp_addrolemember (Transact-SQL)
sys.database_role_members (Transact-SQL)
sys.database_principals (Transact-SQL)
Getting Started with Database Engine Permissions