1 out of 1 rated this helpful - Rate this topic

CREATE APPLICATION ROLE (Transact-SQL)

SQL Server 2012

Adds an application role to the current database.

Topic link icon Transact-SQL Syntax Conventions


          

CREATE APPLICATION ROLE application_role_name 
    WITH PASSWORD = 'password' [ , DEFAULT_SCHEMA = schema_name ]

Arguments

application_role_name: Specifies the name of the application role. This name must not already be used to refer to any principal in the database.
PASSWORD ='password': Specifies the password that database users will use to activate the application role. You should always use strong passwords. password must meet the Windows password policy requirements of the computer that is running the instance of SQL Server.
DEFAULT_SCHEMA =schema_name: Specifies the first schema that will be searched by the server when it resolves the names of objects for this role. If DEFAULT_SCHEMA is left undefined, the application role will use DBO as its default schema. schema_name can be a schema that does not exist in the database.

Remarks

Important
Password complexity is checked when application role passwords are set. Applications that invoke application roles must store their passwords. Application role passwords should always be stored encrypted.

Application roles are visible in the sys.database_principals catalog view.

For information about how to use application roles, see Application Roles.

Caution
Beginning with SQL Server 2005, the behavior of schemas changed. As a result, code that assumes that schemas are equivalent to database users may no longer return correct results. Old catalog views, including sysobjects, should not be used in a database in which any of the following DDL statements have ever been used: CREATE SCHEMA, ALTER SCHEMA, DROP SCHEMA, CREATE USER, ALTER USER, DROP USER, CREATE ROLE, ALTER ROLE, DROP ROLE, CREATE APPROLE, ALTER APPROLE, DROP APPROLE, ALTER AUTHORIZATION. In such databases you must instead use the new catalog views. The new catalog views take into account the separation of principals and schemas that was introduced in SQL Server 2005. For more information about catalog views, see Catalog Views (Transact-SQL).

Caution

Beginning with SQL Server 2005, the behavior of schemas changed. As a result, code that assumes that schemas are equivalent to database users may no longer return correct results. Old catalog views, including sysobjects, should not be used in a database in which any of the following DDL statements have ever been used: CREATE SCHEMA, ALTER SCHEMA, DROP SCHEMA, CREATE USER, ALTER USER, DROP USER, CREATE ROLE, ALTER ROLE, DROP ROLE, CREATE APPROLE, ALTER APPROLE, DROP APPROLE, ALTER AUTHORIZATION. In such databases you must instead use the new catalog views. The new catalog views take into account the separation of principals and schemas that was introduced in SQL Server 2005. For more information about catalog views, see Catalog Views (Transact-SQL).

Permissions

Requires ALTER ANY APPLICATION ROLE permission on the database.

Examples

The following example creates an application role called weekly_receipts that has the password 987Gbv876sPYY5m23 and Sales as its default schema.

CREATE APPLICATION ROLE weekly_receipts 
    WITH PASSWORD = '987G^bv876sPY)Y5m23' 
    , DEFAULT_SCHEMA = Sales;
GO

Reference

sp_setapprole (Transact-SQL)

ALTER APPLICATION ROLE (Transact-SQL)

DROP APPLICATION ROLE (Transact-SQL)

EVENTDATA (Transact-SQL)

Concepts

Application Roles

Password Policy

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Additions

ADD