-
Notifications
You must be signed in to change notification settings - Fork 2
SqlServerEndpointPermission
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
InstanceName | Key | String | The name of the SQL instance to be configured. | |
Principal | Key | String | The login to which permission will be set. | |
Name | Required | String | The name of the endpoint. | |
ServerName | Write | String | The host name of the SQL Server to be configured. Default value is $env:COMPUTERNAME. | |
Ensure | Write | String | If the permission should be present or absent. Default value is 'Present'. | Present, Absent |
Permission | Write | String | The permission to set for the login. Valid value for permission are only CONNECT. | CONNECT |
The SqlEndpointPermission
DSC resource is used to give connect
permission to an endpoint for a user (login).
- Target machine must be running Windows Server 2012 or later.
- Target machine must be running SQL Server Database Engine 2012 or later.
All issues are not listed here, see here for all open issues.
This example will add connect permission to the credentials provided in $SqlServiceCredential to the endpoint named 'DefaultMirrorEndpoint'.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlServerEndpointPermission 'SQLConfigureEndpointPermission'
{
Ensure = 'Present'
ServerName = 'SQLTEST'
InstanceName = 'DSCINSTANCE'
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceCredential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example will add connect permission to the credentials provided in $SqlServiceCredential to the endpoint named 'DefaultMirrorEndpoint'.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlServerEndpointPermission 'SQLConfigureEndpointPermission'
{
Ensure = 'Absent'
ServerName = 'SQLTEST'
InstanceName = 'DSCINSTANCE'
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceCredential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example will add connect permission to both an Always On primary replica and an Always On secondary replica, and where each replica has a different SQL service account.
$ConfigurationData = @{
AllNodes = @(
@{
NodeName = '*'
InstanceName = 'MSSQLSERVER'
# Not recommended for production. Only set here to pass CI.
PsDscAllowPlainTextPassword = $true
},
@{
NodeName = 'SQLNODE01.company.local'
Role = 'PrimaryReplica'
},
@{
NodeName = 'SQLNODE02.company.local'
Role = 'SecondaryReplica'
}
)
}
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode1Credential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode2Credential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node $AllNodes.Where{$_.Role -eq 'PrimaryReplica' }.NodeName
{
SqlServerEndpointPermission 'SQLConfigureEndpointPermissionPrimary'
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission 'SQLConfigureEndpointPermissionSecondary'
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
Node $AllNodes.Where{ $_.Role -eq 'SecondaryReplica' }.NodeName
{
SqlServerEndpointPermission 'SQLConfigureEndpointPermissionPrimary'
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission 'SQLConfigureEndpointPermissionSecondary'
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
This example will remove connect permission to both an Always On primary replica and an Always On secondary replica, and where each replica has a different SQL service account.
$ConfigurationData = @{
AllNodes = @(
@{
NodeName = '*'
InstanceName = 'MSSQLSERVER'
# Not recommended for production. Only set here to pass CI.
PsDscAllowPlainTextPassword = $true
},
@{
NodeName = 'SQLNODE01.company.local'
Role = 'PrimaryReplica'
},
@{
NodeName = 'SQLNODE02.company.local'
Role = 'SecondaryReplica'
}
)
}
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode1Credential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode2Credential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node $AllNodes.Where{$_.Role -eq 'PrimaryReplica' }.NodeName
{
SqlServerEndpointPermission 'RemoveSQLConfigureEndpointPermissionPrimary'
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission 'RemoveSQLConfigureEndpointPermissionSecondary'
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
Node $AllNodes.Where{ $_.Role -eq 'SecondaryReplica' }.NodeName
{
SqlServerEndpointPermission 'RemoveSQLConfigureEndpointPermissionPrimary'
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission 'RemoveSQLConfigureEndpointPermissionSecondary'
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.InstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}
- SqlAG
- SqlAGDatabase
- SqlAgentAlert
- SqlAgentFailsafe
- SqlAgentOperator
- SqlAGListener
- SqlAGReplica
- SqlAlias
- SqlAlwaysOnService
- SqlConfiguration
- SqlDatabase
- SqlDatabaseDefaultLocation
- SqlDatabaseMail
- SqlDatabaseObjectPermission
- SqlDatabaseOwner
- SqlDatabasePermission
- SqlDatabaseRecoveryModel
- SqlDatabaseRole
- SqlDatabaseUser
- SqlEndpoint
- SqlEndpointPermission
- SqlLogin
- SqlMaxDop
- SqlMemory
- SqlPermission
- SqlProtocol
- SqlProtocolTcpIp
- SqlReplication
- SqlRole
- SqlRS
- SqlRSSetup
- SqlScript
- SqlScriptQuery
- SqlSecureConnection
- SqlServerConfiguration
- SqlServerDatabaseMail
- SqlServerEndpoint
- SqlServerEndpointPermission
- SqlServerEndpointState
- SqlServerLogin
- SqlServerMaxDop
- SqlServerMemory
- SqlServerNetwork
- SqlServerPermission
- SqlServerProtocol
- SqlServerProtocolTcpIp
- SqlServerReplication
- SqlServerRole
- SqlServerSecureConnection
- SqlServiceAccount
- SqlSetup
- SqlWaitForAG
- SqlWindowsFirewall