Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SqlDatabasePermission: Possible to both grant and deny same permission for a user #1555

Closed
johlju opened this issue May 23, 2020 · 1 comment · Fixed by #1769
Closed

SqlDatabasePermission: Possible to both grant and deny same permission for a user #1555

johlju opened this issue May 23, 2020 · 1 comment · Fixed by #1769
Labels
breaking change When used on an issue, the issue has been determined to be a breaking change. enhancement The issue is an enhancement request. high priority The issue or PR should be resolved first. It is of less priority than the label 'Blocking Release'.

Comments

@johlju
Copy link
Member

johlju commented May 23, 2020
edited
Loading

Details of the scenario you tried and the problem that is occurring

With the current implementation of the resource SqlDatabasePermission it is possible to both grant and deny the same permission in the same configuration. This is due to the PermissionState property have the type qualifier Key.

Verbose logs showing the problem

None.

Suggested solution to the issue

Change the property PermissionState and Permission properties to an embedded instance array. That embedded instance class can have those properties in it. Leaving the key properties to be only name, database name, and instance name. Making sure the cannot ber any duplicated instances that can set competing permissions (prevents ping-pong behavior).

The DSC configuration that is used to reproduce the issue (as detailed as possible)

        SqlDatabasePermission 'Grant_User1'
        {
            Ensure               = 'Present'
            Name                 = 'CONTOSO\User1'
            DatabaseName         = 'AdventureWorks'
            PermissionState      = 'Grant'
            Permissions          = 'Connect', 'Update'
            ServerName           = 'sqltest.company.local'
            InstanceName         = 'DSC'
        }

        SqlDatabasePermission 'Deny_User1'
        {
            Ensure               = 'Present'
            Name                 = 'CONTOSO\User1'
            DatabaseName         = 'AdventureWorks'
            PermissionState      = 'Deny'
            Permissions          = 'Connect', 'Update'
            ServerName           = 'sqltest.company.local'
            InstanceName         = 'DSC'
        }

SQL Server edition and version the target node is running

All

SQL Server PowerShell modules present on the target node

Any

The operating system the target node is running

Any

Version and build of PowerShell the target node is running

Any

Version of the DSC module that was used

master
@johlju johlju added breaking change When used on an issue, the issue has been determined to be a breaking change. enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. labels May 23, 2020
@johlju johlju changed the title SqlDatabasePermission: Possible to both grant and deny database permission for the same user SqlDatabasePermission: Possible to both grant and deny same database permission for the same user May 23, 2020
@johlju johlju changed the title SqlDatabasePermission: Possible to both grant and deny same database permission for the same user SqlDatabasePermission: Possible to both grant and deny same permission for a user May 23, 2020
@johlju
Copy link
Member Author

johlju commented Jun 6, 2022

Suggest we refactor this into a class-based resource based on the pattern used for the classes in DnsServerDsc.

@johlju johlju added the high priority The issue or PR should be resolved first. It is of less priority than the label 'Blocking Release'. label Jun 12, 2022
@johlju johlju pinned this issue Jun 21, 2022
@johlju johlju unpinned this issue Jun 21, 2022
@johlju johlju added in progress The issue is being actively worked on by someone. and removed help wanted The issue is up for grabs for anyone in the community. labels Jul 22, 2022
@johlju johlju mentioned this issue Jul 24, 2022
Merged
9 tasks
@johlju johlju removed the in progress The issue is being actively worked on by someone. label Jul 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking change When used on an issue, the issue has been determined to be a breaking change. enhancement The issue is an enhancement request. high priority The issue or PR should be resolved first. It is of less priority than the label 'Blocking Release'.
Projects
None yet
Milestone
No milestone
1 participant
@johlju