CREATE SERVER ROLE (Transact-SQL)CREATE SERVER ROLE (Transact-SQL)

适用对象: yesSQL ServeryesAzure SQL 数据库noAzure SQL 数据仓库no并行数据仓库APPLIES TO: yesSQL Server noAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse

创建新的用户定义的服务器角色。Creates a new user-defined server role.

主题链接图标 TRANSACT-SQL 语法约定Topic link icon Transact-SQL Syntax Conventions

语法Syntax

CREATE SERVER ROLE role_name [ AUTHORIZATION server_principal ]  

参数Arguments

role_name role_name
待创建的服务器角色的名称。Is the name of the server role to be created.

AUTHORIZATION server_principal AUTHORIZATION server_principal
将拥有新服务器角色的登录名。Is the login that will own the new server role. 如果未指定登录名,则执行 CREATE SERVER ROLE 的登录名将拥有该服务器角色。If no login is specified, the server role will be owned by the login that executes CREATE SERVER ROLE.

RemarksRemarks

服务器角色是服务器级别的安全对象。Server roles are server-level securables. 创建服务器角色后,使用 GRANT、DENY 和 REVOKE 配置角色的服务器级别权限。After you create a server role, configure the server-level permissions of the role by using GRANT, DENY, and REVOKE. 若要在数据库角色中添加登录名或从中删除登录名,请使用 ALTER SERVER ROLE (Transact-SQL)To add logins to or remove logins from a server role, use ALTER SERVER ROLE (Transact-SQL). 若要删除服务器角色,请使用 DROP SERVER ROLE (Transact SQL)To drop a server role, use DROP SERVER ROLE (Transact-SQL). 有关详细信息,请参阅 ys.server_principals (Transact-SQL)For more information, see sys.server_principals (Transact-SQL).

可通过查询 sys.server_role_memberssys.server_principals 目录视图查看服务器角色。You can view the server roles by querying the sys.server_role_members and sys.server_principals catalog views.

不能向服务器角色授予对数据库级安全对象的权限。Server roles cannot be granted permission on database-level securables. 若要创建数据库角色,请参阅 CREATE ROLE (Transact-SQL)To create database roles, see CREATE ROLE (Transact-SQL).

有关设计权限系统的信息,请参阅 Getting Started with Database Engine PermissionsFor information about designing a permissions system, see Getting Started with Database Engine Permissions.

权限Permissions

要求具有 CREATE SERVER ROLE 权限,或者 sysadmin 固定服务器角色中的成员身份。Requires CREATE SERVER ROLE permission or membership in the sysadmin fixed server role.

还需要针对登录名的 server_principal 的 IMPERSONATE 权限、针对用作 server_principal的服务器角色的 ALTER 权限或用作 server_principal 的 Windows 组的成员身份。Also requires IMPERSONATE on the server_principal for logins, ALTER permission for server roles used as the server_principal, or membership in a Windows group that is used as the server_principal.

这将触发对象类型设置为服务器角色、事件类型设置为添加的 Audit Server Principal Management 事件。This will fire the Audit Server Principal Management event withthe object type set to server role and event type to add.

使用 AUTHORIZATION 选项分配服务器角色所有权时,还需要具有下列权限:When you use the AUTHORIZATION option to assign server role ownership, the following permissions are also required:

  • 若要将服务器角色的所有权分配给另一个登录名,则需要对该登录名具有 IMPERSONATE 权限。To assign ownership of a server role to another login, requires IMPERSONATE permission on that login.

  • 若要将服务器角色的所有权分配给另一个服务器角色,则需要具有被分配服务器角色的成员身份或对该服务器角色具有 ALTER 权限。To assign ownership of a server role to another server role, requires membership in the recipient server role or ALTER permission on that server role.

示例Examples

A.A. 创建由登录名拥有的服务器角色Creating a server role that is owned by a login

以下示例将创建一个由登录名 buyers 拥有的服务器角色 BenMillerThe following example creates the server role buyers that is owned by login BenMiller.

USE master;  
CREATE SERVER ROLE buyers AUTHORIZATION BenMiller;  
GO  

B.B. 创建由固定服务器角色拥有的服务器角色Creating a server role that is owned by a fixed server role

以下示例将创建一个由 auditors 固定服务器角色拥有的服务器角色 securityadminThe following example creates the server role auditors that is owned the securityadmin fixed server role.

USE master;  
CREATE SERVER ROLE auditors AUTHORIZATION securityadmin;  
GO  

另请参阅See Also

DROP SERVER ROLE (Transact-SQL) DROP SERVER ROLE (Transact-SQL)
主体(数据库引擎) Principals (Database Engine)
EVENTDATA (Transact-SQL) EVENTDATA (Transact-SQL)
sp_addrolemember (Transact-SQL) sp_addrolemember (Transact-SQL)
sys.database_role_members (Transact-SQL) sys.database_role_members (Transact-SQL)
sys.database_principals (Transact-SQL) sys.database_principals (Transact-SQL)
数据库引擎权限入门Getting Started with Database Engine Permissions