Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
CREATE SERVER ROLE (Transact-SQL)
Collapse the table of content
Expand the table of content

CREATE SERVER ROLE (Transact-SQL)

 

Applies To: SQL Server 2014, SQL Server 2016 Preview

Creates a new user-defined server role.

Applies to: SQL Server (SQL Server 2012 through current version), Azure SQL Data Warehouse Public Preview.

Topic link icon Transact-SQL Syntax Conventions


CREATE SERVER ROLE role_name [ AUTHORIZATION server_principal ]

role_name

Is the name of the server role to be created.

AUTHORIZATION server_principal

Is the login that will own the new server role. If no login is specified, the server role will be owned by the login that executes CREATE SERVER ROLE.

Server roles are server-level securables. After you create a server role, configure the server-level permissions of the role by using GRANT, DENY, and REVOKE. To add logins to or remove logins from a server role, use ALTER SERVER ROLE (Transact-SQL). To drop a server role, use DROP SERVER ROLE (Transact-SQL). For more information, see sys.server_principals (Transact-SQL).

You can view the server roles by querying the sys.server_role_members and sys.server_principals catalog views.

Server roles cannot be granted permission on database-level securables. To create database roles, see CREATE ROLE (Transact-SQL).

Requires CREATE SERVER ROLE permission or membership in the sysadmin fixed server role.

Also requires IMPERSONATE on the server_principal for logins, ALTER permission for server roles used as the server_principal, or membership in a Windows group that is used as the server_principal.

This will fire the Audit Server Principal Management event with the object type set to server role and event type to add.

When you use the AUTHORIZATION option to assign server role ownership, the following permissions are also required:

  • To assign ownership of a server role to another login, requires IMPERSONATE permission on that login.

  • To assign ownership of a server role to another server role, requires membership in the recipient server role or ALTER permission on that server role.

The following example creates the server role buyers that is owned by login BenMiller.

USE master;
CREATE SERVER ROLE buyers AUTHORIZATION BenMiller;
GO

The following example creates the server role auditors that is owned the securityadmin fixed server role.

USE master;
CREATE SERVER ROLE auditors AUTHORIZATION securityadmin;
GO

Community Additions

ADD
Show:
© 2015 Microsoft