Deny‑SqlDscServerPermission - dsccommunity/SqlServerDsc GitHub Wiki

SYNOPSIS

Denies server permissions to a principal on a SQL Server Database Engine instance.

SYNTAX

Login

Deny-SqlDscServerPermission -Login <Login> -Permission <SqlServerPermission[]> [-Force]
 [-WhatIf] [-Confirm] [<CommonParameters>]

ServerRole

Deny-SqlDscServerPermission -ServerRole <ServerRole> -Permission <SqlServerPermission[]> [-Force]
 [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

This command denies server permissions to an existing principal on a SQL Server Database Engine instance. The principal can be specified as either a Login object (from Get-SqlDscLogin) or a ServerRole object (from Get-SqlDscRole).

EXAMPLES

EXAMPLE 1

$serverInstance = Connect-SqlDscDatabaseEngine
$login = $serverInstance | Get-SqlDscLogin -Name 'MyLogin'

Deny-SqlDscServerPermission -Login $login -Permission ConnectSql, ViewServerState

Denies the specified permissions to the login 'MyLogin'.

EXAMPLE 2

$serverInstance = Connect-SqlDscDatabaseEngine
$role = $serverInstance | Get-SqlDscRole -Name 'MyRole'

$role | Deny-SqlDscServerPermission -Permission AlterAnyDatabase -Force

Denies the specified permissions to the role 'MyRole' without prompting for confirmation.

PARAMETERS

-Force

Specifies that the permissions should be denied without any confirmation.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Login

Specifies the Login object for which the permissions are denied. This parameter accepts pipeline input.

Type: Login
Parameter Sets: Login
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-Permission

Specifies the permissions to be denied. Specify multiple permissions by providing an array of SqlServerPermission enum values.

Type: SqlServerPermission[]
Parameter Sets: (All)
Aliases:
Accepted values: AdministerBulkOperations, AlterAnyAvailabilityGroup, AlterAnyConnection, AlterAnyCredential, AlterAnyDatabase, AlterAnyEndpoint, AlterAnyEventNotification, AlterAnyEventSession, AlterAnyEventSessionAddEvent, AlterAnyEventSessionAddTarget, AlterAnyEventSessionDisable, AlterAnyEventSessionDropEvent, AlterAnyEventSessionDropTarget, AlterAnyEventSessionEnable, AlterAnyEventSessionOption, AlterAnyLinkedServer, AlterAnyLogin, AlterAnyServerAudit, AlterAnyServerRole, AlterResources, AlterServerState, AlterSettings, AlterTrace, AuthenticateServer, ConnectAnyDatabase, ConnectSql, ControlServer, CreateAnyDatabase, CreateAnyEventSession, CreateAvailabilityGroup, CreateDdlEventNotification, CreateEndpoint, CreateLogin, CreateServerRole, CreateTraceEventNotification, DropAnyEventSession, ExternalAccessAssembly, ImpersonateAnyLogin, SelectAllUserSecurables, Shutdown, UnsafeAssembly, ViewAnyCryptographicallySecuredDefinition, ViewAnyDatabase, ViewAnyDefinition, ViewAnyErrorLog, ViewAnyPerformanceDefinition, ViewAnySecurityDefinition, ViewServerPerformanceState, ViewServerSecurityAudit, ViewServerSecurityState, ViewServerState

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ServerRole

Specifies the ServerRole object for which the permissions are denied. This parameter accepts pipeline input.

Type: ServerRole
Parameter Sets: ServerRole
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

None.

NOTES

The Login or ServerRole object must come from the same SQL Server instance where the permissions will be denied. If specifying -ErrorAction 'SilentlyContinue' then the command will silently continue if any errors occur. If specifying -ErrorAction 'Stop' the command will throw an error on any failure.

RELATED LINKS

⚠️ **GitHub.com Fallback** ⚠️