| Author | Chrissy LeMaire (@cl), netnerds.net |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Grant-DbaAgPermission on GitHub.
Want to see the Bill Of Health for this command? Check out Grant-DbaAgPermission.
Grants endpoint and availability group permissions to a login.
Grants endpoint and availability group permissions to a login. If the account is a Windows login and does not exist, it will be automatically added.
Grant-DbaAgPermission
[[-SqlInstance] <DbaInstanceParameter[]>]
[[-SqlCredential] <PSCredential>]
[[-Login] <String[]>]
[[-AvailabilityGroup] <String[]>]
[-Type] <String[]>
[[-Permission] <String[]>]
[[-InputObject] <Login[]>]
[-EnableException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
PS C:\> Grant-DbaAgPermission -SqlInstance sql2017a -Type AvailabilityGroup -AvailabilityGroup SharePoint -Permission CreateAnyDatabase
Adds CreateAnyDatabase permissions to the SharePoint availability group on sql2017a. Does not prompt for confirmation.
PS C:\> Grant-DbaAgPermission -SqlInstance sql2017a -Type AvailabilityGroup -AvailabilityGroup ag1, ag2 -Permission CreateAnyDatabase -Confirm
Adds CreateAnyDatabase permissions to the ag1 and ag2 availability groups on sql2017a. Prompts for confirmation.
PS C:\> Get-DbaLogin -SqlInstance sql2017a | Out-GridView -Passthru | Grant-DbaAgPermission -Type EndPoint
Grants the selected logins Connect permissions on the DatabaseMirroring endpoint for sql2017a
Specify the object type to grant the provided Permission. Values accepted are Endpoint and/or AvailabilityGroup. Endpoint type will update the DatabaseMirroring object type found on the instance.
| Alias | |
| Required | True |
| Pipeline | false |
| Default Value | |
| Accepted Values | Endpoint,AvailabilityGroup |
The target SQL Server instance or instances.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
The login or logins to modify.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Only modify specific availability groups.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Grants one or more permissions:
Alter
Connect
Control
CreateSequence
CreateAnyDatabase
Delete
Execute
Impersonate
Insert
Receive
References
Select
Send
TakeOwnership
Update
ViewChangeTracking
ViewDefinition
CreateAnyDatabase
Connect is default.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | Connect |
| Accepted Values | Alter,Connect,Control,CreateAnyDatabase,CreateSequence,Delete,Execute,Impersonate,Insert,Receive,References,Select,Send,TakeOwnership,Update,ViewChangeTracking,ViewDefinition |
Enables piping from Get-DbaLogin.
| Alias | |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
Shows what would happen if the command were to run. No actions are actually performed.
| Alias | wi |
| Required | False |
| Pipeline | false |
| Default Value |
Prompts you for confirmation before executing any changing operations within the command.
| Alias | cf |
| Required | False |
| Pipeline | false |
| Default Value |