create role


Creates a user-defined role; specifies the password expiration interval, the minimum password length, and the maximum number of failed logins allowed for a specified role at creation.


create role role_name [ with passwd "password" 
	[, {"passwd expiration" | "min passwd length" | 
	"max failed_logins" } option_value ] ]



is the name of the new role. It must be unique to the server and conform to the rules for identifiers. It cannot be a variable.

with passwd

attaches a password the user must enter to activate the role.


is the password to attach to the role. Passwords must be at least 6 characters in length and must conform to the rules for identifiers. You cannot use variables for passwords.

passwd expiration

specifies the password expiration interval in days. It can be any value between 0 and 32767, inclusive.

min passwd length

specifies the minimum password length required for the specified role.

max failed_logins

specifies the number of allowable failed login attempts for the specified login.


specifies the value for passwd expiration, min passwd length, or max failed_logins.


Example 1

Creates a role named doctor_role:

create role doctor_role

Example 2

Creates a role named doctor_role with the password physician:

create role doctor_role with passwd "physician"

Example 3

Sets the password expiration for intern_role:

create role intern_role, with passwd "temp244", 
passwd expiration 7

Example 4

Sets the maximum number of failed logins allowed for intern_role:

create role intern_role with passwd “temp244”, 
max failed_logins 20

Example 5

Sets the minimum password length for intern_role:

create role intern_role with passwd "temp244", 
min passwd length 0




SQL92 – Compliance level: Transact-SQL extension.


You must be a System Security Officer to use create role.

create role permission is not included in the grant all command.

See also

Commands alter role, drop role, grant, revoke, set

System procedures sp_activeroles, sp_displaylogin, sp_displayroles, sp_helprotect, sp_modifylogin