-
Notifications
You must be signed in to change notification settings - Fork 227
SqlDatabasePermission
dscbot edited this page Dec 26, 2020
·
18 revisions
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| DatabaseName | Key | String | The name of the database. | |
| Name | Key | String | The name of the user that should be granted or denied the permission. | |
| PermissionState | Key | String | The state of the permission. | Grant, Deny, GrantWithGrant |
| InstanceName | Key | String | The name of the SQL Server instance to be configured. Default value is 'MSSQLSERVER'. |
|
| Permissions | Required | StringArray[] | The permissions to be granted or denied for the user in the database. | |
| Ensure | Write | String | If the permission should be granted ('Present') or revoked ('Absent'). |
Present, Absent |
| ServerName | Write | String | The host name of the SQL Server to be configured. Default value is the current computer name. |
The SqlDatabasePermission DSC resource is used to grant, deny or revoke
permissions for a user in a database. For more information about permissions,
please read the article Permissions (Database Engine).
Note: When revoking permission with PermissionState 'GrantWithGrant', both the grantee and all the other users the grantee has granted the same permission to, will also get their permission revoked.
Valid permission names can be found in the article DatabasePermissionSet Class properties.
- Target machine must be running Windows Server 2012 or later.
- Target machine must be running SQL Server Database Engine 2012 or later.
All issues are not listed here, see here for all open issues.
This example shows how to ensure that the user account CONTOSO\SQLAdmin has "Connect" and "Update" SQL Permissions for database "AdventureWorks".
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabasePermission 'Grant_SqlDatabasePermissions_SQLAdmin_Db01'
{
Ensure = 'Present'
Name = 'CONTOSO\SQLAdmin'
DatabaseName = 'AdventureWorks'
PermissionState = 'Grant'
Permissions = @('Connect', 'Update')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlDatabasePermission 'Grant_SqlDatabasePermissions_SQLUser_Db01'
{
Ensure = 'Present'
Name = 'CONTOSO\SQLUser'
DatabaseName = 'AdventureWorks'
PermissionState = 'Grant'
Permissions = @('Connect', 'Update')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlDatabasePermission 'Grant_SqlDatabasePermissions_SQLAdmin_Db02'
{
Ensure = 'Present'
Name = 'CONTOSO\SQLAdmin'
DatabaseName = 'AdventureWorksLT'
PermissionState = 'Grant'
Permissions = @('Connect', 'Update')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}This example shows how to ensure that the user account CONTOSO\SQLAdmin hasn't "Select" and "Create Table" SQL Permissions for database "AdventureWorks".
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabasePermission 'RevokeGrant_SqlDatabasePermissions_SQLAdmin'
{
Ensure = 'Absent'
Name = 'CONTOSO\SQLAdmin'
DatabaseName = 'AdventureWorks'
PermissionState = 'Grant'
Permissions = @('Connect', 'Update')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlDatabasePermission 'RevokeDeny_SqlDatabasePermissions_SQLAdmin'
{
Ensure = 'Absent'
Name = 'CONTOSO\SQLAdmin'
DatabaseName = 'AdventureWorks'
PermissionState = 'Deny'
Permissions = @('Select', 'CreateTable')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}This example shows how to ensure that the user account CONTOSO\SQLAdmin has "Connect" and "Update" SQL Permissions for database "AdventureWorks".
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabasePermission 'Deny_SqlDatabasePermissions_SQLAdmin_Db01'
{
Ensure = 'Present'
Name = 'CONTOSO\SQLAdmin'
DatabaseName = 'AdventureWorks'
PermissionState = 'Deny'
Permissions = @('Select', 'CreateTable')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlDatabasePermission 'Deny_SqlDatabasePermissions_SQLUser_Db01'
{
Ensure = 'Present'
Name = 'CONTOSO\SQLUser'
DatabaseName = 'AdventureWorks'
PermissionState = 'Deny'
Permissions = @('Select', 'CreateTable')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlDatabasePermission 'Deny_SqlDatabasePermissions_SQLAdmin_Db02'
{
Ensure = 'Present'
Name = 'CONTOSO\SQLAdmin'
DatabaseName = 'AdventureWorksLT'
PermissionState = 'Deny'
Permissions = @('Select', 'CreateTable')
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}- Add-SqlDscFileGroup
- Add-SqlDscNode
- Add-SqlDscRSUrlReservation
- Add-SqlDscTraceFlag
- Assert-SqlDscAgentOperator
- Assert-SqlDscLogin
- Backup-SqlDscDatabase
- Complete-SqlDscFailoverCluster
- Complete-SqlDscImage
- Connect-SqlDscDatabaseEngine
- ConvertFrom-SqlDscDatabasePermission
- ConvertFrom-SqlDscServerPermission
- ConvertTo-SqlDscDatabasePermission
- ConvertTo-SqlDscDataFile
- ConvertTo-SqlDscEditionName
- ConvertTo-SqlDscFileGroup
- ConvertTo-SqlDscServerPermission
- Deny-SqlDscServerPermission
- Disable-SqlDscAgentOperator
- Disable-SqlDscAudit
- Disable-SqlDscDatabaseSnapshotIsolation
- Disable-SqlDscLogin
- Disable-SqlDscRsSecureConnection
- Disconnect-SqlDscDatabaseEngine
- Enable-SqlDscAgentOperator
- Enable-SqlDscAudit
- Enable-SqlDscDatabaseSnapshotIsolation
- Enable-SqlDscLogin
- Enable-SqlDscRsSecureConnection
- Get-SqlDscAgentAlert
- Get-SqlDscAgentOperator
- Get-SqlDscAudit
- Get-SqlDscBackupFileList
- Get-SqlDscCompatibilityLevel
- Get-SqlDscConfigurationOption
- Get-SqlDscDatabase
- Get-SqlDscDatabasePermission
- Get-SqlDscDateTime
- Get-SqlDscInstalledInstance
- Get-SqlDscLogin
- Get-SqlDscManagedComputer
- Get-SqlDscManagedComputerInstance
- Get-SqlDscManagedComputerService
- Get-SqlDscPreferredModule
- Get-SqlDscRole
- Get-SqlDscRSConfiguration
- Get-SqlDscRSPackage
- Get-SqlDscRSSetupConfiguration
- Get-SqlDscRSUrlReservation
- Get-SqlDscRSVersion
- Get-SqlDscRSWebPortalApplicationName
- Get-SqlDscServerPermission
- Get-SqlDscServerProtocol
- Get-SqlDscServerProtocolName
- Get-SqlDscServerProtocolTcpIp
- Get-SqlDscSetupLog
- Get-SqlDscStartupParameter
- Get-SqlDscTraceFlag
- Grant-SqlDscServerPermission
- Import-SqlDscPreferredModule
- Initialize-SqlDscFailoverCluster
- Initialize-SqlDscImage
- Initialize-SqlDscRebuildDatabase
- Install-SqlDscFailoverCluster
- Install-SqlDscPowerBIReportServer
- Install-SqlDscReportingService
- Install-SqlDscServer
- Invoke-SqlDscQuery
- Invoke-SqlDscScalarQuery
- New-SqlDscAgentAlert
- New-SqlDscAgentOperator
- New-SqlDscAudit
- New-SqlDscDatabase
- New-SqlDscDatabaseSnapshot
- New-SqlDscDataFile
- New-SqlDscFileGroup
- New-SqlDscLogin
- New-SqlDscRole
- Remove-SqlDscAgentAlert
- Remove-SqlDscAgentOperator
- Remove-SqlDscAudit
- Remove-SqlDscDatabase
- Remove-SqlDscLogin
- Remove-SqlDscNode
- Remove-SqlDscRole
- Remove-SqlDscRSUrlReservation
- Remove-SqlDscTraceFlag
- Repair-SqlDscPowerBIReportServer
- Repair-SqlDscReportingService
- Repair-SqlDscServer
- Request-SqlDscRSDatabaseRightsScript
- Request-SqlDscRSDatabaseScript
- Restore-SqlDscDatabase
- Resume-SqlDscDatabase
- Revoke-SqlDscServerPermission
- Save-SqlDscSqlServerMediaFile
- Set-SqlDscAgentAlert
- Set-SqlDscAgentOperator
- Set-SqlDscAudit
- Set-SqlDscConfigurationOption
- Set-SqlDscDatabaseDefault
- Set-SqlDscDatabaseOwner
- Set-SqlDscDatabasePermission
- Set-SqlDscDatabaseProperty
- Set-SqlDscRSDatabaseConnection
- Set-SqlDscRSUrlReservation
- Set-SqlDscRSVirtualDirectory
- Set-SqlDscServerPermission
- Set-SqlDscStartupParameter
- Set-SqlDscTraceFlag
- Suspend-SqlDscDatabase
- Test-SqlDscAgentAlertProperty
- Test-SqlDscBackupFile
- Test-SqlDscConfigurationOption
- Test-SqlDscDatabaseProperty
- Test-SqlDscIsAgentAlert
- Test-SqlDscIsAgentOperator
- Test-SqlDscIsDatabase
- Test-SqlDscIsDatabasePrincipal
- Test-SqlDscIsLogin
- Test-SqlDscIsLoginEnabled
- Test-SqlDscIsRole
- Test-SqlDscIsSupportedFeature
- Test-SqlDscRSInstalled
- Test-SqlDscServerPermission
- Uninstall-SqlDscPowerBIReportServer
- Uninstall-SqlDscReportingService
- Uninstall-SqlDscServer
- Update-SqlDscServer
- Update-SqlDscServerEdition
- SqlAG
- SqlAGDatabase
- SqlAgentAlert
- SqlAgentFailsafe
- SqlAgentOperator
- SqlAGListener
- SqlAGReplica
- SqlAlias
- SqlAlwaysOnService
- SqlAudit
- SqlConfiguration
- SqlDatabase
- SqlDatabaseDefaultLocation
- SqlDatabaseMail
- SqlDatabaseObjectPermission
- SqlDatabasePermission
- SqlDatabaseRole
- SqlDatabaseUser
- SqlEndpoint
- SqlEndpointPermission
- SqlLogin
- SqlMaxDop
- SqlMemory
- SqlPermission
- SqlProtocol
- SqlProtocolTcpIp
- SqlReplication
- SqlRole
- SqlRS
- SqlRSSetup
- SqlScript
- SqlScriptQuery
- SqlSecureConnection
- SqlServiceAccount
- SqlSetup
- SqlTraceFlag
- SqlWaitForAG
- SqlWindowsFirewall