| title | description | author | ms.author | ms.date | ms.service | ms.subservice | ms.topic | f1_keywords | helpviewer_keywords | monikerRange | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Create an Application Role |
Create an application role in SQL Server by using SQL Server Management Studio or Transact-SQL to restrict access to a database except through an application. |
VanMSFT |
vanto |
03/14/2017 |
sql |
security |
how-to |
|
|
=azuresqldb-current||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current |
[!INCLUDE SQL Server Azure SQL Database Azure SQL Managed Instance] This topic describes how to create an application role in [!INCLUDEssnoversion] by using [!INCLUDEssManStudioFull] or [!INCLUDEtsql]. Application roles restrict user access to a database except through specific applications. Application roles have no users, so the Role Members list is not displayed when Application role is selected.
Important
Password complexity is checked when application role passwords are set. Applications that invoke application roles must store their passwords. Application role passwords should always be stored encrypted.
In This Topic
-
Before you begin:
-
To create an application role, using:
Requires ALTER ANY APPLICATION ROLE permission on the database.
-
In Object Explorer, expand the database where you want to create an application role.
-
Expand the Security folder.
-
Expand the Roles folder.
-
Right-click the Application Roles folder and select New Application Role....
-
In the Application Role - New dialog box, on the General Page, enter the new name of the new application role in the Role name box.
-
In the Default Schema box, specify the schema that will own objects created by this role by entering the object names. Alternately, click the ellipsis (...) to open the Locate Schema dialog box.
-
In the Password box, enter a password for the new role. Enter that password again into the Confirm Password box.
-
Under Schemas owned by this role, select or view schemas that will be owned by this role. A schema can be owned by only one schema or role.
-
Select OK.
The Application Role - New dialog box also offers options on two additional pages: Securables and Extended Properties.
-
The Securables page lists all possible securables and the permissions on those securables that can be granted to the login.
-
The Extended properties page allows you to add custom properties to database users.
-
In Object Explorer, connect to an instance of [!INCLUDEssDE].
-
On the Standard bar, click New Query.
-
Copy and paste the following example into the query window and click Execute.
-- Creates an application role called "weekly_receipts" that has the password "987Gbv876sPYY5m23" and "Sales" as its default schema. CREATE APPLICATION ROLE weekly_receipts WITH PASSWORD = '987G^bv876sPY)Y5m23' , DEFAULT_SCHEMA = Sales; GO
For more information, see CREATE APPLICATION ROLE (Transact-SQL).