commands

^

Add-DbaServerRoleMember

Author Shawn Melton (@wsmelton)
Availability Windows, Linux, macOS

 

Want to see the source code for this command? Check out Add-DbaServerRoleMember on GitHub.
Want to see the Bill Of Health for this command? Check out Add-DbaServerRoleMember.

Synopsis

Adds logins or server roles to server-level roles for SQL Server security administration.

Description

Grants server-level role membership to SQL logins or nests server roles within other server roles. Use this command when setting up security permissions, implementing role-based access control, or managing server-level privileges across multiple SQL Server instances. Supports both built-in roles (sysadmin, dbcreator, etc.) and custom server roles, so you don't have to manually assign permissions through SSMS or T-SQL scripts.

Syntax

Add-DbaServerRoleMember
    [[-SqlInstance] <DbaInstanceParameter[]>]
    [[-SqlCredential] <PSCredential>]
    [[-ServerRole] <String[]>]
    [[-Login] <String[]>]
    [[-Role] <String[]>]
    [[-InputObject] <Object[]>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Add-DbaServerRoleMember -SqlInstance server1 -ServerRole dbcreator -Login login1

Adds login1 to the dbcreator fixed server-level role on the instance server1.

Example: 2
PS C:\> Add-DbaServerRoleMember -SqlInstance server1, sql2016 -ServerRole customrole -Login login1

Adds login1 in customrole custom server-level role on the instance server1 and sql2016.

Example: 3
PS C:\> Add-DbaServerRoleMember -SqlInstance server1 -ServerRole customrole -Role dbcreator

Adds customrole custom server-level role to dbcreator fixed server-level role.

Example: 4
PS C:\> $servers = Get-Content C:\servers.txt
PS C:\> $servers | Add-DbaServerRoleMember -ServerRole sysadmin -Login login1

Adds login1 to the sysadmin fixed server-level role in every server in C:\servers.txt.

Example: 5
PS C:\> Add-DbaServerRoleMember -SqlInstance localhost -ServerRole bulkadmin, dbcreator -Login login1

Adds login1 on the server localhost to the bulkadmin and dbcreator fixed server-level roles.

Example: 6
PS C:\> $roles = Get-DbaServerRole -SqlInstance localhost -ServerRole bulkadmin, dbcreator
PS C:\> $roles | Add-DbaServerRoleMember -Login login1

Adds login1 on the server localhost to the bulkadmin and dbcreator fixed server-level roles.

Example: 7

PS > PS C:\ $logins = Get-Content C:\logins.txt
PS C:\ $srvLogins = Get-DbaLogin -SqlInstance server1 -Login $logins
PS C:\ New-DbaServerRole -SqlInstance server1 -ServerRole mycustomrole -Owner sa | Add-DbaServerRoleMember -Login $logins
Adds all the logins found in C:\logins.txt to the newly created server-level role mycustomrole on server1.

Optional Parameters

-SqlInstance

The target SQL Server instance or instances. This can be a collection and receive pipeline input to allow the function to be executed against multiple SQL Server instances.

Alias
Required False
Pipeline true (ByValue)
Default Value
-SqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-ServerRole

Specifies the server-level role(s) that will receive new members. Accepts both built-in roles (sysadmin, dbcreator, securityadmin, etc.) and custom server roles.
Use this when you need to grant server-level permissions by adding logins or nesting roles within these target roles.

Alias
Required False
Pipeline true (ByValue)
Default Value
-Login

Specifies the SQL Server login(s) to be granted membership in the target server roles. Accepts Windows accounts, SQL logins, and Active Directory accounts.
Use this when you need to give specific users or service accounts server-level permissions rather than nesting entire roles.

Alias
Required False
Pipeline false
Default Value
-Role

Specifies existing server-level role(s) to be nested as members within the target ServerRole(s). Creates a role hierarchy where one role inherits permissions from another.
Use this when implementing role-based security designs where you want to group permissions through role membership rather than individual login assignments.

Alias
Required False
Pipeline false
Default Value
-InputObject

Accepts server role objects piped from Get-DbaServerRole or New-DbaServerRole commands. Allows you to chain commands together for workflow automation.
Use this when you want to operate on roles retrieved by other dbatools commands rather than specifying role names as strings.

Alias
Required False
Pipeline true (ByValue)
Default Value
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False
-WhatIf

Shows what would happen if the command were to run. No actions are actually performed.

Alias wi
Required False
Pipeline false
Default Value
-Confirm

Prompts you for confirmation before executing any changing operations within the command.

Alias cf
Required False
Pipeline false
Default Value