Events
Sep 15, 6 AM - Sep 17, 3 PM
The best SQL community-led learning event. Sept 2025. Save €200 with code FABLEARN.
Get registeredNote
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Azure Synapse Analytics
Analytics Platform System (PDW)
SQL analytics endpoint in Microsoft Fabric
Warehouse in Microsoft Fabric
SQL database in Microsoft Fabric Preview
Creates a new database role in the current database.
Transact-SQL syntax conventions
CREATE ROLE role_name [ AUTHORIZATION owner_name ]
role_name
Is the name of the role to be created.
AUTHORIZATION owner_name
Is the database user or role that is to own the new role. If no user is specified, the role will be owned by the user that executes CREATE ROLE. The owner of the role, or any member of an owning role can add or remove members of the role.
Roles are database-level securables. After you create a role, configure the database-level permissions of the role by using GRANT, DENY, and REVOKE. To add members to a database role, use ALTER ROLE (Transact-SQL). For more information, see Database-Level Roles.
Database roles are visible in the sys.database_role_members and sys.database_principals catalog views.
For information about designing a permissions system, see Getting Started with Database Engine Permissions.
Note
Schemas aren't equivalent to database users. Use System catalog views to identify any differences between database users and schemas.
Requires CREATE ROLE permission on the database or membership in the db_securityadmin fixed database role. When you use the AUTHORIZATION option, the following permissions are also required:
To assign ownership of a role to another user, requires IMPERSONATE permission on that user.
To assign ownership of a role to another role, requires membership in the recipient role or ALTER permission on that role.
To assign ownership of a role to an application role, requires ALTER permission on the application role.
The following examples all use the AdventureWorks database.
The following example creates the database role buyers that is owned by user BenMiller.
CREATE ROLE buyers AUTHORIZATION BenMiller;
GO
The following example creates the database role auditors that is owned the db_securityadmin fixed database role.
CREATE ROLE auditors AUTHORIZATION db_securityadmin;
GO
Principals (Database Engine)
ALTER ROLE (Transact-SQL)
DROP ROLE (Transact-SQL)
EVENTDATA (Transact-SQL)
sp_addrolemember (Transact-SQL)
sys.database_role_members (Transact-SQL)
sys.database_principals (Transact-SQL)
Getting Started with Database Engine Permissions