A new feature to SQL Server 2012 is the ability to create user defined server roles and assign server level\/scope permissions to these roles. DBA’s have always had the ability to create user defined database roles which act as a security layer at the database level, but we’ve never been able to create roles at the server level until SQL Server 2012.<\/p>\n
In this post I will show you how to create user defined server roles using T-SQL and SQL Server Management Studio.<\/p>\n
First, to view the list of permissions that can be assigned to a user defined server role run the following query:<\/p>\n
USE master \r\nGO\r\nSELECT * FROM sys.fn_builtin_permissions(DEFAULT) \r\nWHERE class_desc IN ('ENDPOINT','LOGIN','SERVER','AVAILABILITY GROUP','SERVER ROLE') \r\nORDER BY class_desc, permission_name\r\nGO<\/pre>\n<\/div>\nCreate a Server Role in T-SQL<\/h3>\n
To create a server role called “juniordba” use the following:<\/p>\n
\nUSE master\r\nGO\r\nCREATE SERVER ROLE juniordba<\/pre>\n<\/div>\nNext we will create a login called Brady and then add it to the new juniordba role that was created:<\/p>\n
\nUSE master \r\nGO\r\nALTER SERVER ROLE juniordba ADD MEMBER Brady<\/pre>\n<\/div>\nWe haven’t added any permissions to the server role, so Brady shouldn’t have access. To test this we can login as Brady and run the following query:<\/p>\n
\nSELECT * FROM sys.dm_exec_connections<\/pre>\n<\/div>\nAs you can see we get the following error message:<\/p>\n