Revoke‑SqlDscServerPermission - dsccommunity/SqlServerDsc GitHub Wiki
Removes (revokes) server permissions from a principal on a SQL Server Database Engine instance.
Revoke-SqlDscServerPermission -Login <Login> -Permission <SqlServerPermission[]> [-WithGrant] [-Force]
[-WhatIf] [-Confirm] [<CommonParameters>]
Revoke-SqlDscServerPermission -ServerRole <ServerRole> -Permission <SqlServerPermission[]> [-WithGrant]
[-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
This command removes (revokes) server permissions from an existing principal on a SQL Server Database Engine instance. The principal can be specified as either a Login object (from Get-SqlDscLogin) or a ServerRole object (from Get-SqlDscRole).
$serverInstance = Connect-SqlDscDatabaseEngine
$login = $serverInstance | Get-SqlDscLogin -Name 'MyLogin'
Revoke-SqlDscServerPermission -Login $login -Permission ConnectSql, ViewServerState
Revokes the specified permissions from the login 'MyLogin'.
$serverInstance = Connect-SqlDscDatabaseEngine
$role = $serverInstance | Get-SqlDscRole -Name 'MyRole'
$role | Revoke-SqlDscServerPermission -Permission AlterAnyDatabase -WithGrant -Force
Revokes the specified permissions and the right to grant them from the role 'MyRole' with cascading effect, without prompting for confirmation.
Specifies that the permissions should be revoked without any confirmation.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the Login object for which the permissions are revoked. This parameter accepts pipeline input.
Type: Login
Parameter Sets: Login
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseSpecifies the permissions to revoke. Specify multiple permissions by providing an array of SqlServerPermission enum values.
Type: SqlServerPermission[]
Parameter Sets: (All)
Aliases:
Accepted values: AdministerBulkOperations, AlterAnyAvailabilityGroup, AlterAnyConnection, AlterAnyCredential, AlterAnyDatabase, AlterAnyEndpoint, AlterAnyEventNotification, AlterAnyEventSession, AlterAnyEventSessionAddEvent, AlterAnyEventSessionAddTarget, AlterAnyEventSessionDisable, AlterAnyEventSessionDropEvent, AlterAnyEventSessionDropTarget, AlterAnyEventSessionEnable, AlterAnyEventSessionOption, AlterAnyLinkedServer, AlterAnyLogin, AlterAnyServerAudit, AlterAnyServerRole, AlterResources, AlterServerState, AlterSettings, AlterTrace, AuthenticateServer, ConnectAnyDatabase, ConnectSql, ControlServer, CreateAnyDatabase, CreateAnyEventSession, CreateAvailabilityGroup, CreateDdlEventNotification, CreateEndpoint, CreateLogin, CreateServerRole, CreateTraceEventNotification, DropAnyEventSession, ExternalAccessAssembly, ImpersonateAnyLogin, SelectAllUserSecurables, Shutdown, UnsafeAssembly, ViewAnyCryptographicallySecuredDefinition, ViewAnyDatabase, ViewAnyDefinition, ViewAnyErrorLog, ViewAnyPerformanceDefinition, ViewAnySecurityDefinition, ViewServerPerformanceState, ViewServerSecurityAudit, ViewServerSecurityState, ViewServerState
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the ServerRole object for which the permissions are revoked. This parameter accepts pipeline input.
Type: ServerRole
Parameter Sets: ServerRole
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseSpecifies that the right to grant the permission should also be revoked, and the revocation will cascade to other principals that the grantee has granted the same permission to.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
The Login or ServerRole object must come from the same SQL Server instance
where the permissions will be revoked.
If specifying -ErrorAction 'SilentlyContinue'
then the command will silently continue if any errors occur.
If specifying
-ErrorAction 'Stop' the command will throw an error on any failure.
When revoking permission with -WithGrant, both the grantee and all the other users the grantee has granted the same permission to, will also get their permission revoked.