--- title: "CREATE APPLICATION ROLE (Transact-SQL) | Microsoft Docs" ms.custom: "" ms.date: "03/14/2017" ms.prod: "sql-non-specified" ms.prod_service: "database-engine, sql-database" ms.service: "" ms.component: "t-sql|statements" ms.reviewer: "" ms.suite: "sql" ms.technology: - "database-engine" ms.tgt_pltfrm: "" ms.topic: "language-reference" f1_keywords: - "APPLICATION_ROLE_TSQL" - "CREATE APPLICATION ROLE" - "sql13.swb.applicationrole.permissions.f1" - "APPLICATION" - "APPLICATION ROLE" - "CREATE_APPLICATION_ROLE_TSQL" - "APPLICATION_TSQL" dev_langs: - "TSQL" helpviewer_keywords: - "CREATE APPLICATION ROLE statement" - "application roles [SQL Server], creating" ms.assetid: 647386da-ee80-41cf-86c9-dd590f9d66b6 caps.latest.revision: 37 author: "edmacauley" ms.author: "edmaca" manager: "craigg" ms.workload: "Inactive" --- # CREATE APPLICATION ROLE (Transact-SQL) [!INCLUDE[tsql-appliesto-ss2008-asdb-xxxx-xxx-md](../../includes/tsql-appliesto-ss2008-asdb-xxxx-xxx-md.md)] Adds an application role to the current database. ![Topic link icon](../../database-engine/configure-windows/media/topic-link.gif "Topic link icon") [Transact-SQL Syntax Conventions](../../t-sql/language-elements/transact-sql-syntax-conventions-transact-sql.md) ## Syntax ``` CREATE APPLICATION ROLE application_role_name WITH PASSWORD = 'password' [ , DEFAULT_SCHEMA = schema_name ] ``` ## Arguments *application_role_name* Specifies the name of the application role. This name must not already be used to refer to any principal in the database. PASSWORD **='***password***'** Specifies the password that database users will use to activate the application role. You should always use strong passwords. *password* must meet the Windows password policy requirements of the computer that is running the instance of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. DEFAULT_SCHEMA **=***schema_name* Specifies the first schema that will be searched by the server when it resolves the names of objects for this role. If DEFAULT_SCHEMA is left undefined, the application role will use DBO as its default schema. *schema_name* can be a schema that does not exist in the database. ## Remarks > [!IMPORTANT] > Password complexity is checked when application role passwords are set. Applications that invoke application roles must store their passwords. Application role passwords should always be stored encrypted. Application roles are visible in the [sys.database_principals](../../relational-databases/system-catalog-views/sys-database-principals-transact-sql.md) catalog view. For information about how to use application roles, see [Application Roles](../../relational-databases/security/authentication-access/application-roles.md). > [!CAUTION] > [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)] ## Permissions Requires ALTER ANY APPLICATION ROLE permission on the database. ## Examples The following example creates an application role called `weekly_receipts` that has the password `987Gbv876sPYY5m23` and `Sales` as its default schema. ``` CREATE APPLICATION ROLE weekly_receipts WITH PASSWORD = '987G^bv876sPY)Y5m23' , DEFAULT_SCHEMA = Sales; GO ``` ## See Also [Application Roles](../../relational-databases/security/authentication-access/application-roles.md) [sp_setapprole (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-setapprole-transact-sql.md) [ALTER APPLICATION ROLE (Transact-SQL)](../../t-sql/statements/alter-application-role-transact-sql.md) [DROP APPLICATION ROLE (Transact-SQL)](../../t-sql/statements/drop-application-role-transact-sql.md) [Password Policy](../../relational-databases/security/password-policy.md) [EVENTDATA (Transact-SQL)](../../t-sql/functions/eventdata-transact-sql.md)