Database security can get complicated for applications with many users. In order to make it easier for both administrators and auditors, most database applications use role-based security. Roles are effectively security groups that share a common set of permissions. Combining permissions into a role allows a set of roles to be created for a given application. In addition to database roles, SQL Server and Azure SQL Managed Instance both provide several [?]. These roles assign permissions at the scope of the entire server. These items include SQL Server logins, Windows accounts, and Windows group can be added. The permissions are predefined, and no new roles of this type can be added.