| Author | Shawn Melton (@wsmelton) |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Add-DbaServerRoleMember on GitHub.
Want to see the Bill Of Health for this command? Check out Add-DbaServerRoleMember.
Adds logins or server roles to server-level roles for SQL Server security administration.
Grants server-level role membership to SQL logins or nests server roles within other server roles. Use this command when setting up security permissions, implementing role-based access control, or managing server-level privileges across multiple SQL Server instances. Supports both built-in roles (sysadmin, dbcreator, etc.) and custom server roles, so you don't have to manually assign permissions through SSMS or T-SQL scripts.
Add-DbaServerRoleMember
[[-SqlInstance] <DbaInstanceParameter[]>]
[[-SqlCredential] <PSCredential>]
[[-ServerRole] <String[]>]
[[-Login] <String[]>]
[[-Role] <String[]>]
[[-InputObject] <Object[]>]
[-EnableException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
PS C:\> Add-DbaServerRoleMember -SqlInstance server1 -ServerRole dbcreator -Login login1
Adds login1 to the dbcreator fixed server-level role on the instance server1.
PS C:\> Add-DbaServerRoleMember -SqlInstance server1, sql2016 -ServerRole customrole -Login login1
Adds login1 in customrole custom server-level role on the instance server1 and sql2016.
PS C:\> Add-DbaServerRoleMember -SqlInstance server1 -ServerRole customrole -Role dbcreator
Adds customrole custom server-level role to dbcreator fixed server-level role.
PS C:\> $servers = Get-Content C:\servers.txt
PS C:\> $servers | Add-DbaServerRoleMember -ServerRole sysadmin -Login login1
Adds login1 to the sysadmin fixed server-level role in every server in C:\servers.txt.
PS C:\> Add-DbaServerRoleMember -SqlInstance localhost -ServerRole bulkadmin, dbcreator -Login login1
Adds login1 on the server localhost to the bulkadmin and dbcreator fixed server-level roles.
PS C:\> $roles = Get-DbaServerRole -SqlInstance localhost -ServerRole bulkadmin, dbcreator
PS C:\> $roles | Add-DbaServerRoleMember -Login login1
Adds login1 on the server localhost to the bulkadmin and dbcreator fixed server-level roles.
PS C:\> PS C:\ $logins = Get-Content C:\logins.txt
PS C:\ $srvLogins = Get-DbaLogin -SqlInstance server1 -Login $logins
PS C:\ New-DbaServerRole -SqlInstance server1 -ServerRole mycustomrole -Owner sa | Add-DbaServerRoleMember -Login $logins
Adds all the logins found in C:\logins.txt to the newly created server-level role mycustomrole on server1.
The target SQL Server instance or instances. This can be a collection and receive pipeline input to allow the function to be executed against multiple SQL Server instances.
| Alias | |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value |
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Specifies the server-level role(s) that will receive new members. Accepts both built-in roles (sysadmin, dbcreator, securityadmin, etc.) and custom server roles.
Use this when you need to grant server-level permissions by adding logins or nesting roles within these target roles.
| Alias | |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value |
Specifies the SQL Server login(s) to be granted membership in the target server roles. Accepts Windows accounts, SQL logins, and Active Directory accounts.
Use this when you need to give specific users or service accounts server-level permissions rather than nesting entire roles.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Specifies existing server-level role(s) to be nested as members within the target ServerRole(s). Creates a role hierarchy where one role inherits permissions from another.
Use this when implementing role-based security designs where you want to group permissions through role membership rather than individual login assignments.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Accepts server role objects piped from Get-DbaServerRole or New-DbaServerRole commands. Allows you to chain commands together for workflow automation.
Use this when you want to operate on roles retrieved by other dbatools commands rather than specifying role names as strings.
| Alias | |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
Shows what would happen if the command were to run. No actions are actually performed.
| Alias | wi |
| Required | False |
| Pipeline | false |
| Default Value |
Prompts you for confirmation before executing any changing operations within the command.
| Alias | cf |
| Required | False |
| Pipeline | false |
| Default Value |