forked from dsccommunity/SqlServerDsc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
1-UseParameterPermissionToExclude.ps1
36 lines (34 loc) · 1.08 KB
/
1-UseParameterPermissionToExclude.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<#
.DESCRIPTION
This example shows how to enforce that if the login CONTOSO\SQLAdmin would
be granted the permission "CreateEndpoint" outside of DSC, it is revoked.
Any other existing permissions in the states Grant, Deny, and GrantWithGrant
will not be changed (unless the contradict with the desired state).
#>
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlPermission 'Set_Permissions_SQLAdmin'
{
ServerName = 'sql01.company.local'
InstanceName = 'DSC'
Name = 'CONTOSO\SQLAdmin'
Credential = $SqlAdministratorCredential
PermissionToExclude = @(
ServerPermission
{
State = 'Grant'
Permission = @('CreateEndpoint')
}
)
}
}
}