-
Notifications
You must be signed in to change notification settings - Fork 225
SqlDatabaseRole
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
InstanceName | Key | String | The name of the SQL Server instance to be configured. | |
DatabaseName | Key | String | The name of the database in which the role should be configured. | |
Name | Key | String | The name of the database role to be added or removed. | |
ServerName | Write | String | The host name of the SQL Server to be configured. Default value is the current computer name. | |
Members | Write | StringArray[] | The members the database role should have. This parameter will replace all the current database role members with the specified members. Will only be used when parameter Ensure is set to 'Present' . |
|
MembersToInclude | Write | StringArray[] | The members the database role should include. This parameter will only add members to a database role. Will only be used when parameter Ensure is set to 'Present' . Can not be used at the same time as parameter Members. |
|
MembersToExclude | Write | StringArray[] | The members the database role should exclude. This parameter will only remove members from a database role. Will only be used when parameter Ensure is set to 'Present' . Can not be used at the same time as parameter Members. |
|
Ensure | Write | String | If 'Present' then the role will be added to the database and the role membership will be set. If 'Absent' then the role will be removed from the database. Default value is 'Present' . |
Present , Absent
|
MembersInDesiredState | Read | Boolean | Returns whether the database role members are in the desired state. | |
DatabaseIsUpdateable | Read | Boolean | Returns if the database is updatable. If the database is updatable, this will return $true . Otherwise it will return $false . |
The SqlDatabaseRole
DSC resource is used to create a database role when
Ensure is set to 'Present' or remove a database role when Ensure is set to
'Absent'. The resource also manages members in both built-in and user
created database roles. If the targeted database is not updatable, the resource
returns true.
- Target machine must be running Windows Server 2012 or later.
- Target machine must be running SQL Server Database Engine 2012 or later.
All issues are not listed here, see here for all open issues.
This example shows how to ensure that the database roles named ReportEditor and ReportViewer are present in the AdventureWorks database on instance sqltest.company.local\DSC.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabaseRole 'ReportEditor_AddRole'
{
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
DatabaseName = 'AdventureWorks'
Name = 'ReportEditor'
Ensure = 'Present'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlDatabaseRole 'ReportViewer_AddRole'
{
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
DatabaseName = 'AdventureWorks'
Name = 'ReportViewer'
Ensure = 'Present'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example shows how to ensure that the database role named ReportViewer is not present in the AdventureWorks database on instance sqltest.company.local\DSC.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabaseRole 'ReportViewer_DropRole'
{
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
DatabaseName = 'AdventureWorks'
Name = 'ReportViewer'
Ensure = 'Absent'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example shows how to do the following:
- Ensure that the database role named ReportViewer is present in the AdventureWorks database on instance sqltest.company.local\DSC.
- Ensure that users CONTOSO\Barbara and CONTOSO\Fred will always be the only members of the role.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabaseRole 'ReportViewer_EnforceRoleMembers'
{
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
DatabaseName = 'AdventureWorks'
Name = 'ReportViewer'
Members = @('CONTOSO\Barbara', 'CONTOSO\Fred')
Ensure = 'Present'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example shows how to do the following:
- Ensure that the database role named ReportViewer is present in the AdventureWorks database on instance sqltest.company.local\DSC.
- Ensure that users CONTOSO\Barbara and CONTOSO\Fred will always be members of the role.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabaseRole 'ReportViewer_IncludeRoleMembers'
{
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
DatabaseName = 'AdventureWorks'
Name = 'ReportViewer'
MembersToInclude = @('CONTOSO\Barbara', 'CONTOSO\Fred')
Ensure = 'Present'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example shows how to do the following:
- Ensure that the database role named ReportViewer is present in the AdventureWorks database on instance sqltest.company.local\DSC.
- Ensure that users CONTOSO\Barbara and CONTOSO\Fred will never be members of the role.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabaseRole 'ReportViewer_ExcludeRoleMembers'
{
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
DatabaseName = 'AdventureWorks'
Name = 'ReportViewer'
MembersToExclude = @('CONTOSO\Barbara', 'CONTOSO\Fred')
Ensure = 'Present'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example shows how to do the following:
- Ensure that the database role named ReportViewer is present in the AdventureWorks database on instance sqltest.company.local\DSC.
- Ensure that users CONTOSO\Barbara and CONTOSO\Fred will always be members of the role.
- Ensure that the user CONSOSO\Intern1 will never be a member of the role.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlDatabaseRole 'ReportViewer_IncludeAndExcludeRoleMembers'
{
ServerName = 'sqltest.company.local'
InstanceName = 'DSC'
DatabaseName = 'AdventureWorks'
Name = 'ReportViewer'
MembersToInclude = @('CONTOSO\Barbara', 'CONTOSO\Fred')
MembersToExclude = @('CONTOSO\Intern1')
Ensure = 'Present'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
- Add-SqlDscNode
- Add-SqlDscTraceFlag
- Complete-SqlDscFailoverCluster
- Complete-SqlDscImage
- Connect-SqlDscDatabaseEngine
- ConvertFrom-SqlDscDatabasePermission
- ConvertFrom-SqlDscServerPermission
- ConvertTo-SqlDscDatabasePermission
- ConvertTo-SqlDscServerPermission
- Disable-SqlDscAudit
- Disconnect-SqlDscDatabaseEngine
- Enable-SqlDscAudit
- Get-SqlDscAudit
- Get-SqlDscConfigurationOption
- Get-SqlDscDatabasePermission
- Get-SqlDscManagedComputer
- Get-SqlDscManagedComputerService
- Get-SqlDscPreferredModule
- Get-SqlDscServerPermission
- Get-SqlDscStartupParameter
- Get-SqlDscTraceFlag
- Import-SqlDscPreferredModule
- Initialize-SqlDscRebuildDatabase
- Install-SqlDscServer
- Invoke-SqlDscQuery
- New-SqlDscAudit
- Remove-SqlDscAudit
- Remove-SqlDscNode
- Remove-SqlDscTraceFlag
- Repair-SqlDscServer
- Save-SqlDscSqlServerMediaFile
- Set-SqlDscAudit
- Set-SqlDscDatabasePermission
- Set-SqlDscServerPermission
- Set-SqlDscStartupParameter
- Set-SqlDscTraceFlag
- Test-SqlDscIsDatabasePrincipal
- Test-SqlDscIsLogin
- Test-SqlDscIsSupportedFeature
- Uninstall-SqlDscServer
- SqlAG
- SqlAGDatabase
- SqlAgentAlert
- SqlAgentFailsafe
- SqlAgentOperator
- SqlAGListener
- SqlAGReplica
- SqlAlias
- SqlAlwaysOnService
- SqlAudit
- SqlConfiguration
- SqlDatabase
- SqlDatabaseDefaultLocation
- SqlDatabaseMail
- SqlDatabaseObjectPermission
- SqlDatabasePermission
- SqlDatabaseRole
- SqlDatabaseUser
- SqlEndpoint
- SqlEndpointPermission
- SqlLogin
- SqlMaxDop
- SqlMemory
- SqlPermission
- SqlProtocol
- SqlProtocolTcpIp
- SqlReplication
- SqlRole
- SqlRS
- SqlRSSetup
- SqlScript
- SqlScriptQuery
- SqlSecureConnection
- SqlServiceAccount
- SqlSetup
- SqlTraceFlag
- SqlWaitForAG
- SqlWindowsFirewall