Create a Server Role
This topic describes how to create a new server role in SQL Server 2017 by using SQL Server Management Studio or Transact-SQL.
In This Topic
Before you begin:
To create a new server role, using:
Before You Begin
Limitations and Restrictions
Server roles cannot be granted permission on database-level securables. To create database roles, see CREATE ROLE (Transact-SQL).
Requires CREATE SERVER ROLE permission or membership in the sysadmin fixed server role.
Also requires IMPERSONATE on the server_principal for logins, ALTER permission for server roles used as the server_principal, or membership in a Windows group that is used as the server_principal.
When you use the AUTHORIZATION option to assign server role ownership, the following permissions are also required:
To assign ownership of a server role to another login, requires IMPERSONATE permission on that login.
To assign ownership of a server role to another server role, requires membership in the recipient server role or ALTER permission on that server role.
Using SQL Server Management Studio
To create a new server role
In Object Explorer, expand the server where you want to create the new server role.
Expand the Security folder.
Right-click the Server Roles folder and select New Server Role....
In the New Server Role -server_role_name dialog box, on the General page, enter a name for the new server role in the Server role name box.
In the Owner box, enter the name of the server principal that will own the new role. Alternately, click the ellipsis (...) to open the Select Server Login or Role dialog box.
Under Securables, select one or more server-level securables. When a securable is selected, this server role can be granted or denied permissions on that securable.
In the Permissions: Explicit box, select the check box to grant, grant with grant, or deny permission to this server role for the selected securables. If a permission cannot be granted or denied to all of the selected securables, the permission is represented as a partial select.
On the Members page, use the Add button to add logins that represent individuals or groups to the new server role.
A user-defined server role can be a member of another server role. On the Memberships page, select a check box to make the current user-defined server role a member of a selected server role.
To create a new server role
In Object Explorer, connect to an instance of Database Engine.
On the Standard bar, click New Query.
Copy and paste the following example into the query window and click Execute.
--Creates the server role auditors that is owned the securityadmin fixed server role. USE master; CREATE SERVER ROLE auditors AUTHORIZATION securityadmin; GO
For more information, see CREATE SERVER ROLE (Transact-SQL).