< Back
Get-DbaUserPermission
Post
NAME Get-DbaUserPermission
SYNOPSIS
Displays detailed permissions information for the server and database roles and securables.
SYNTAX
Get-DbaUserPermission [-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>
[[-SqlCredential] <Pscredential>] [[-Database] <System.Object[]>] [[-ExcludeDatabase] <System.Object[]>]
[-ExcludeSystemDatabase <Switch>] [-IncludePublicGuest <Switch>] [-IncludeSystemObjects <Switch>]
[-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
This command will display all server logins, server level securables, database logins and database securables.
DISA STIG implementators will find this command useful as it uses Permissions.sql provided by DISA.
Note that if you Ctrl-C out of this command and end it prematurely, it will leave behind a STIG schema in tempdb.
PARAMETERS
-Database [<System.Object[]>]
The database(s) to process - this list is auto-populated from the server. If unspecified, all databases will
be processed.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeDatabase [<System.Object[]>]
The database(s) to exclude - this list is auto-populated from the server
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeSystemDatabase [<Switch>]
Allows you to suppress output on system databases
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-IncludePublicGuest [<Switch>]
Allows you to include output for public and guest grants.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-IncludeSystemObjects [<Switch>]
Allows you to include output on sys schema objects.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Discovery, Permissions, Security
Author: Brandon Abshire, netnerds.net
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-DbaUserPermission -SqlInstance sql2008, sqlserver2012
Check server and database permissions for servers sql2008 and sqlserver2012.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-DbaUserPermission -SqlInstance sql2008 -Database TestDB
Check server and database permissions on server sql2008 for only the TestDB database
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-DbaUserPermission -SqlInstance sql2008 -Database TestDB -IncludePublicGuest -IncludeSystemObjects
Check server and database permissions on server sql2008 for only the TestDB database,
including public and guest grants, and sys schema objects.
RELATED LINKS
https://dbatools.io/Get-DbaUserPermission
SYNOPSIS
Displays detailed permissions information for the server and database roles and securables.
SYNTAX
Get-DbaUserPermission [-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>
[[-SqlCredential] <Pscredential>] [[-Database] <System.Object[]>] [[-ExcludeDatabase] <System.Object[]>]
[-ExcludeSystemDatabase <Switch>] [-IncludePublicGuest <Switch>] [-IncludeSystemObjects <Switch>]
[-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
This command will display all server logins, server level securables, database logins and database securables.
DISA STIG implementators will find this command useful as it uses Permissions.sql provided by DISA.
Note that if you Ctrl-C out of this command and end it prematurely, it will leave behind a STIG schema in tempdb.
PARAMETERS
-Database [<System.Object[]>]
The database(s) to process - this list is auto-populated from the server. If unspecified, all databases will
be processed.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeDatabase [<System.Object[]>]
The database(s) to exclude - this list is auto-populated from the server
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeSystemDatabase [<Switch>]
Allows you to suppress output on system databases
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-IncludePublicGuest [<Switch>]
Allows you to include output for public and guest grants.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-IncludeSystemObjects [<Switch>]
Allows you to include output on sys schema objects.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Discovery, Permissions, Security
Author: Brandon Abshire, netnerds.net
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-DbaUserPermission -SqlInstance sql2008, sqlserver2012
Check server and database permissions for servers sql2008 and sqlserver2012.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-DbaUserPermission -SqlInstance sql2008 -Database TestDB
Check server and database permissions on server sql2008 for only the TestDB database
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-DbaUserPermission -SqlInstance sql2008 -Database TestDB -IncludePublicGuest -IncludeSystemObjects
Check server and database permissions on server sql2008 for only the TestDB database,
including public and guest grants, and sys schema objects.
RELATED LINKS
https://dbatools.io/Get-DbaUserPermission