title

description

author

ms.author

ms.date

ms.service

ms.subservice

ms.topic

f1_keywords

helpviewer_keywords

dev_langs

monikerRange

CREATE ROLE (Transact-SQL)

VanMSFT

vanto

04/10/2017

sql

t-sql

reference

CREATE ROLE

DATABASE ROLE

ROLE_TSQL

DATABASE_ROLE_TSQL

CREATE_ROLE_TSQL

CREATE DATABASE ROLE

ROLE

CREATE_DATABASE_ROLE_TSQL

database roles [SQL Server], creating

CREATE DATABASE ROLE statement

roles [SQL Server], creating

CREATE ROLE statement

TSQL

>=aps-pdw-2016||=azuresqldb-current||=azure-sqldw-latest||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current||=fabric

CREATE ROLE (Transact-SQL)

[!INCLUDE sql-asdb-asdbmi-asa-pdw-fabricse-fabricdw]

Creates a new database role in the current database.

:::image type="icon" source="../../includes/media/topic-link-icon.svg" border="false"::: Transact-SQL syntax conventions

Syntax

CREATE ROLE role_name [ AUTHORIZATION owner_name ]

Arguments

role_name
Is the name of the role to be created.

AUTHORIZATION owner_name
Is the database user or role that is to own the new role. If no user is specified, the role will be owned by the user that executes CREATE ROLE. The owner of the role, or any member of an owning role can add or remove members of the role.

Remarks

Roles are database-level securables. After you create a role, configure the database-level permissions of the role by using GRANT, DENY, and REVOKE. To add members to a database role, use ALTER ROLE (Transact-SQL). For more information, see Database-Level Roles.

Database roles are visible in the sys.database_role_members and sys.database_principals catalog views.

For information about designing a permissions system, see Getting Started with Database Engine Permissions.

Caution

[!INCLUDEssCautionUserSchema]

Permissions

Requires CREATE ROLE permission on the database or membership in the db_securityadmin fixed database role. When you use the AUTHORIZATION option, the following permissions are also required:

To assign ownership of a role to another user, requires IMPERSONATE permission on that user.
To assign ownership of a role to another role, requires membership in the recipient role or ALTER permission on that role.
To assign ownership of a role to an application role, requires ALTER permission on the application role.

Examples

The following examples all use the AdventureWorks database.

A. Creating a database role that is owned by a database user

The following example creates the database role buyers that is owned by user BenMiller.

CREATE ROLE buyers AUTHORIZATION BenMiller;  
GO

B. Creating a database role that is owned by a fixed database role

The following example creates the database role auditors that is owned the db_securityadmin fixed database role.

CREATE ROLE auditors AUTHORIZATION db_securityadmin;  
GO

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

create-role-transact-sql.md

create-role-transact-sql.md

CREATE ROLE (Transact-SQL)

Syntax

Arguments

Remarks

Permissions

Examples

A. Creating a database role that is owned by a database user

B. Creating a database role that is owned by a fixed database role

See Also

Files

create-role-transact-sql.md

Latest commit

History

create-role-transact-sql.md

File metadata and controls

CREATE ROLE (Transact-SQL)

Syntax

Arguments

Remarks

Permissions

Examples

A. Creating a database role that is owned by a database user

B. Creating a database role that is owned by a fixed database role

See Also