Skip to content

alter-role-transact-sql.md

Latest commit

 

History

History
155 lines (110 loc) · 7.21 KB

alter-role-transact-sql.md

File metadata and controls

155 lines (110 loc) · 7.21 KB
title ALTER ROLE (Transact-SQL)
description ALTER ROLE (Transact-SQL)
author VanMSFT
ms.author vanto
ms.date 03/13/2018
ms.prod sql
ms.prod_service database-engine, sql-database
ms.technology t-sql
ms.topic reference
f1_keywords
ALTER_ROLE_TSQL
ALTER ROLE
helpviewer_keywords
modifying database roles
ALTER ROLE statement
renaming database roles
database roles [SQL Server], modifying
names [SQL Server], database roles
dev_langs
TSQL
monikerRange >=aps-pdw-2016||=azuresqldb-current||=azure-sqldw-latest||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current

ALTER ROLE (Transact-SQL)

[!INCLUDE sql-asdb-asdbmi-asa-pdw]

Adds or removes members to or from a database role, or changes the name of a user-defined database role.

Note

To alter roles adding or dropping members in [!INCLUDEssSDW] or [!INCLUDEssPDW], use sp_addrolemember (Transact-SQL) and sp_droprolemember (Transact-SQL).

Topic link icon Transact-SQL Syntax Conventions

Syntax

-- Syntax for SQL Server (starting with 2012) and Azure SQL Database  
  
ALTER ROLE  role_name  
{  
       ADD MEMBER database_principal  
    |  DROP MEMBER database_principal  
    |  WITH NAME = new_name  
}  
[;]  

-- Syntax for SQL Server 2008, Azure Synapse Analytics and Parallel Data Warehouse
  
-- Change the name of a user-defined database role  
ALTER ROLE role_name   
    WITH NAME = new_name  
[;]

[!INCLUDEsql-server-tsql-previous-offline-documentation]

Arguments

role_name
Applies to: [!INCLUDEssNoVersion] (starting with 2008), [!INCLUDEssSDSfull]

Specifies the database role to change.

ADD MEMBER database_principal
Applies to: [!INCLUDEssNoVersion] (starting with 2012), [!INCLUDEssSDSfull]

Specifies to add the database principal to the membership of a database role.

  • database_principal is a database user or a user-defined database role.

  • database_principal cannot be a fixed database role or a server principal.

DROP MEMBER database_principal
Applies to: [!INCLUDEssNoVersion] (starting with 2012), [!INCLUDEssSDSfull]

Specifies to remove a database principal from the membership of a database role.

  • database_principal is a database user or a user-defined database role.

  • database_principal cannot be a fixed database role or a server principal.

WITH NAME = new_name
Applies to: [!INCLUDEssNoVersion] (starting with 2008), [!INCLUDEssSDSfull]

Specifies to change the name of a user-defined database role. The new name must not already exist in the database.

Changing the name of a database role does not change ID number, owner, or permissions of the role.

Permissions

To run this command you need one or more of these permissions or memberships:

  • ALTER permission on the role
  • ALTER ANY ROLE permission on the database
  • Membership in the db_securityadmin fixed database role

Additionally, to change the membership in a fixed database role you need:

  • Membership in the db_owner fixed database role

Limitations and restrictions

You cannot change the name of a fixed database role.

Metadata

These system views contain information about database roles and database principals.

Examples

A. Change the name of a database role

Applies to: [!INCLUDEssNoVersion] (starting with 2008), [!INCLUDEssSDS]

The following example changes the name of role buyers to purchasing. This example can be executed in the AdventureWorks sample database.

ALTER ROLE buyers WITH NAME = purchasing;

B. Add or remove role members

Applies to: [!INCLUDEssNoVersion] (starting with 2012), [!INCLUDEssSDS]

This example creates a database role named Sales. It adds a database user named Barry to the membership, and then shows how to remove the member Barry. This example can be executed in the AdventureWorks sample database.

CREATE ROLE Sales;  
ALTER ROLE Sales ADD MEMBER Barry;  
ALTER ROLE Sales DROP MEMBER Barry;

C. Add a role member to special roles for Azure SQL Database and Azure Synapse Analytics

Applies to: [!INCLUDEssNoVersion] (Azure SQL Database and Azure Synapse), [!INCLUDEssSDS]

This example creates a SQL login in the master database, creates a database user that's related to that server login, and adds the database user as a member of the special role dbmanager. The example allows the user permissions to create and drop databases on an Azure SQL Database logical server. Run the example on the master database of the Azure SQL Database logical server.

 CREATE LOGIN sqllogin_nlastname WITH password='aah3%#om1os';
    
 CREATE USER sqllogin_nlastname FOR LOGIN sqllogin_nlastname 
 WITH DEFAULT_SCHEMA = master;
    
 ALTER ROLE [dbmanager] add member sqllogin_nlastname;

See Also

CREATE ROLE (Transact-SQL)
Principals (Database Engine)
DROP ROLE (Transact-SQL)
sp_addrolemember (Transact-SQL)
sys.database_role_members (Transact-SQL)
sys.database_principals (Transact-SQL)