Physical Modeling › SQL Server Physical Property Editors › SQL Server Database Objects › SQL Server Principals › Define SQL Server Application Roles

Define SQL Server Application Roles

A role uses Windows security accounts to limit the scope of access and permissions when users access the database. An application role allows access to specific data to only those users that connect through a particular application. Application roles contain no members and are inactive by default. Application roles work with both authentication modes. Access to other databases is limited to permissions granted in those databases to Guest. A database in which Guest has been disabled cannot be accessed by application roles in other databases.

Use the SQL Server Application Role Editor to define application role objects in a physical model.

To define SQL Server application roles

1. Click Principals, Application Roles on the Database menu.

   The SQL Server Application Role Editor opens.

2. Select the application role in the Navigation Grid that you want to define and work with the following options:

   Note: Click New on the toolbar to create a new application role.

   • Name

     Displays the application role name. You can change the application role name in this field.

   • Default Schema

     Specifies the default schema assigned to the application role. Select the default schema from the drop-down list.

   • Generate

     Generates SQL during forward engineering. Clear the check box if you do not want to generate SQL.

3. Click the Permission tab and work with the following options:

   Note: Click New on the toolbar to create a new permission.

   • Name

     Displays the permission name. Change the name of the permission in this field.

   • Type

     Specifies the permission type. Select the option from the drop-down list.

   • Cascade

     Specifies the cascade action for the permission. Indicates that the permission revoked is also revoked from other principals to which it has been granted by this principal.

   • With Grant

     Specifies if the user can grant this permission to other users or not.

   • Grant As Principal

     Specifies the principal used to acquire the permissions. Select a principal from the drop-down list.

4. (Optional) Click the Comment tab and enter any comments that you want to associate with the application role.
5. (Optional) Click the UDP tab to work with user-defined properties for the application role.
6. Click Close.

   The application role is defined and the SQL Server Application Role Editor closes.