CREATE APPLICATION ROLE (Transact-SQL)CREATE APPLICATION ROLE (Transact-SQL)

适用于: 是SQL Server 是Azure SQL 数据库 否Azure Synapse Analytics (SQL DW) 否并行数据仓库 APPLIES TO: YesSQL Server YesAzure SQL Database NoAzure Synapse Analytics (SQL DW) NoParallel Data Warehouse

向当前数据库中添加应用程序角色。Adds an application role to the current database.

主题链接图标 Transact-SQL 语法约定Topic link icon Transact-SQL Syntax Conventions

语法Syntax

  
CREATE APPLICATION ROLE application_role_name   
    WITH PASSWORD = 'password' [ , DEFAULT_SCHEMA = schema_name ]  

参数Arguments

application_role_name application_role_name
指定应用程序角色的名称。Specifies the name of the application role. 该名称一定不能被用于引用数据库中任何主体。This name must not already be used to refer to any principal in the database.

PASSWORD ='password' PASSWORD ='password'
指定数据库用户将用于激活应用程序角色的密码。Specifies the password that database users will use to activate the application role. 应始终使用强密码。You should always use strong passwords. password 必须符合运行 实例的计算机的 Windows 密码策略要求SQL ServerSQL Serverpassword must meet the Windows password policy requirements of the computer that is running the instance of SQL ServerSQL Server.

DEFAULT_SCHEMA =schemaname _DEFAULT_SCHEMA =schema_name
指定服务器在解析该角色的对象名时将搜索的第一个架构。Specifies the first schema that will be searched by the server when it resolves the names of objects for this role. 如果未定义 DEFAULT_SCHEMA,则应用程序角色将使用 DBO 作为其默认架构。If DEFAULT_SCHEMA is left undefined, the application role will use DBO as its default schema. schema_name 可以是数据库中不存在的架构 。schema_name can be a schema that does not exist in the database.

备注Remarks

重要

当设置应用程序角色密码时,将检查密码复杂性。Password complexity is checked when application role passwords are set. 调用应用程序角色的应用程序必须存储其密码。Applications that invoke application roles must store their passwords. 而且应当始终以加密的形式存储应用程序角色密码。Application role passwords should always be stored encrypted.

sys.database_principals 目录视图中可以查看应用程序角色。Application roles are visible in the sys.database_principals catalog view.

有关如何使用应用程序角色的信息,请参阅应用程序角色For information about how to use application roles, see Application Roles.

注意

从 SQL Server 2005 开始,架构的行为发生了更改。Beginning with SQL Server 2005, the behavior of schemas changed. 因此,假设架构与数据库用户等价的代码不再返回正确的结果。As a result, code that assumes that schemas are equivalent to database users may no longer return correct results. 包含 sysobjects 的旧目录视图不应在曾经使用任何下列 DDL 语句的数据库中使用:CREATE SCHEMA、ALTER SCHEMA、DROP SCHEMA、CREATE USER、ALTER USER、DROP USER、CREATE ROLE、ALTER ROLE、DROP ROLE、CREATE APPROLE、ALTER APPROLE、DROP APPROLE、ALTER AUTHORIZATION。Old catalog views, including sysobjects, should not be used in a database in which any of the following DDL statements have ever been used: CREATE SCHEMA, ALTER SCHEMA, DROP SCHEMA, CREATE USER, ALTER USER, DROP USER, CREATE ROLE, ALTER ROLE, DROP ROLE, CREATE APPROLE, ALTER APPROLE, DROP APPROLE, ALTER AUTHORIZATION. 在这类数据库中,必须改用新目录视图。In such databases you must instead use the new catalog views. 新的目录视图将采用在 SQL Server 2005 中引入的使主体和架构分离的方法。The new catalog views take into account the separation of principals and schemas that was introduced in SQL Server 2005. 有关目录视图的详细信息,请参阅目录视图 (Transact-SQL)For more information about catalog views, see Catalog Views (Transact-SQL).

权限Permissions

需要对数据库具有 ALTER ANY APPLICATION ROLE 权限。Requires ALTER ANY APPLICATION ROLE permission on the database.

示例Examples

以下示例创建名为 weekly_receipts 的应用程序角色,该角色使用密码 987Gbv876sPYY5m23Sales 作为其默认架构。The following example creates an application role called weekly_receipts that has the password 987Gbv876sPYY5m23 and Sales as its default schema.

CREATE APPLICATION ROLE weekly_receipts   
    WITH PASSWORD = '987G^bv876sPY)Y5m23'   
    , DEFAULT_SCHEMA = Sales;  
GO  

另请参阅See Also

应用程序角色 Application Roles
sp_setapprole (Transact-SQL) sp_setapprole (Transact-SQL)
ALTER APPLICATION ROLE (Transact-SQL) ALTER APPLICATION ROLE (Transact-SQL)
DROP APPLICATION ROLE (Transact-SQL) DROP APPLICATION ROLE (Transact-SQL)
密码策略 Password Policy
EVENTDATA (Transact-SQL)EVENTDATA (Transact-SQL)