< Back
Revoke-DbaAgPermission
Post
NAME Revoke-DbaAgPermission
SYNOPSIS
Revokes endpoint and availability group permissions to a login.
SYNTAX
Revoke-DbaAgPermission [[-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
[[-SqlCredential] <Pscredential>] [[-Login] <System.String[]>] [[-AvailabilityGroup] <System.String[]>] [-Type]
<System.String[]> [[-Permission] <System.String[]>] [[-InputObject] <Microsoft.SqlServer.Management.Smo.Login[]>]
[-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
Revokes endpoint and availability group permissions to a login.
PARAMETERS
-AvailabilityGroup [<System.String[]>]
Only modify specific availability groups.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-InputObject [<Microsoft.SqlServer.Management.Smo.Login[]>]
Enables piping from Get-DbaLogin.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Login [<System.String[]>]
The login or logins to modify.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Permission [<System.String[]>]
Revokes one or more permissions:
Alter
Connect
Control
CreateAnyDatabase
CreateSequence
Delete
Execute
Impersonate
Insert
Receive
References
Select
Send
TakeOwnership
Update
ViewChangeTracking
ViewDefinition
Connect is default.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances. Server version must be SQL Server version 2012 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Type [<System.String[]>]
Specify type: Endpoint or AvailabilityGroup. Endpoint will modify the DatabaseMirror endpoint type.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: AvailabilityGroup, HA, AG
Author: Chrissy LeMaire (@cl), netnerds.net
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Revoke-DbaAgPermission -SqlInstance sql2017a -Type AvailabilityGroup -AvailabilityGroup SharePoint -Login
ad\\spservice -Permission CreateAnyDatabase
Removes CreateAnyDatabase permissions from ad\\spservice on the SharePoint availability group on sql2017a. Does not
prompt for confirmation.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Revoke-DbaAgPermission -SqlInstance sql2017a -Type AvailabilityGroup -AvailabilityGroup ag1, ag2 -Login
ad\\spservice -Permission CreateAnyDatabase -Confirm
Removes CreateAnyDatabase permissions from ad\\spservice on the ag1 and ag2 availability groups on sql2017a.
Prompts for confirmation.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-DbaLogin -SqlInstance sql2017a | Out-GridView -Passthru | Revoke-DbaAgPermission -Type EndPoint
Revokes the selected logins Connect permissions on the DatabaseMirroring endpoint for sql2017a.
RELATED LINKS
https://dbatools.io/Revoke-DbaAgPermission
SYNOPSIS
Revokes endpoint and availability group permissions to a login.
SYNTAX
Revoke-DbaAgPermission [[-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
[[-SqlCredential] <Pscredential>] [[-Login] <System.String[]>] [[-AvailabilityGroup] <System.String[]>] [-Type]
<System.String[]> [[-Permission] <System.String[]>] [[-InputObject] <Microsoft.SqlServer.Management.Smo.Login[]>]
[-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
Revokes endpoint and availability group permissions to a login.
PARAMETERS
-AvailabilityGroup [<System.String[]>]
Only modify specific availability groups.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-InputObject [<Microsoft.SqlServer.Management.Smo.Login[]>]
Enables piping from Get-DbaLogin.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Login [<System.String[]>]
The login or logins to modify.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Permission [<System.String[]>]
Revokes one or more permissions:
Alter
Connect
Control
CreateAnyDatabase
CreateSequence
Delete
Execute
Impersonate
Insert
Receive
References
Select
Send
TakeOwnership
Update
ViewChangeTracking
ViewDefinition
Connect is default.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances. Server version must be SQL Server version 2012 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Type [<System.String[]>]
Specify type: Endpoint or AvailabilityGroup. Endpoint will modify the DatabaseMirror endpoint type.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: AvailabilityGroup, HA, AG
Author: Chrissy LeMaire (@cl), netnerds.net
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Revoke-DbaAgPermission -SqlInstance sql2017a -Type AvailabilityGroup -AvailabilityGroup SharePoint -Login
ad\\spservice -Permission CreateAnyDatabase
Removes CreateAnyDatabase permissions from ad\\spservice on the SharePoint availability group on sql2017a. Does not
prompt for confirmation.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Revoke-DbaAgPermission -SqlInstance sql2017a -Type AvailabilityGroup -AvailabilityGroup ag1, ag2 -Login
ad\\spservice -Permission CreateAnyDatabase -Confirm
Removes CreateAnyDatabase permissions from ad\\spservice on the ag1 and ag2 availability groups on sql2017a.
Prompts for confirmation.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-DbaLogin -SqlInstance sql2017a | Out-GridView -Passthru | Revoke-DbaAgPermission -Type EndPoint
Revokes the selected logins Connect permissions on the DatabaseMirroring endpoint for sql2017a.
RELATED LINKS
https://dbatools.io/Revoke-DbaAgPermission