Roles

A role is a container which may contain system privileges, object-level privileges, and roles. Granting privileges to and revoking privileges from a role is the same as for a user. A role and user cannot have the same name.

There are three types of roles:

• User-Defined Roles
  A user-defined role is a custom collection of system and object-level privileges, typically created to group privileges related to a specific task or set of tasks.
• System Roles
  System roles are built-in roles that are automatically created in each newly created database.
• Compatibility Roles
  Compatibility roles are like starter roles. They are also present for backward compatibility with pre-16.0 versions that support authority-based security.
• Views, Procedures and Tables That Are Owned by Roles
  Views, procedures, and tables are more easily managed when they are owned by a user-extended role instead of a user.
• Display Roles Granted
  The sp_displayroles stored procedure which returns all roles granted to the specified system privilege, system role, user-defined role, or user name, or displays the entire hierarchy tree of roles.
• Determine Roles and Privileges Granted to a User
  The sp_has_role stored function returns an integer value which indicates whether the invoker of the procedure has been granted the specified system privilege or user-defined role.