Internal/functions/New-DssSchemaConfig.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
function New-DssSchemaConfig {
    <#
    .SYNOPSIS
        Creates a new schema config section for scanning

        Output passed to STDOUT as PSCustomObject
    
    .PARAMETER SqlInstance
        SQL Server instance holding the databse to be used as the base for the configuration

    .PARAMETER SqlCredential
        A PSCredential object to connect to SqlInstance

    .PARAMETER Database
        Database to use as basis for config
    #>

    [CmdletBinding()]
    param (
        [string]$SqlInstance,
        [PSCredential]$SqlCredential,
        [String]$Database
    )
    
    begin {}
    
    process {}
    
    end {
        $sqlSchema = "
                        select
                            ss.name as 'schemaName',
                            sdp.name as 'owner'
                        from
                            sys.schemas ss inner join sys.database_principals sdp
                                on ss.principal_id=sdp.principal_id
                    "

        $dbSchema = Invoke-DbaQuery -SqlInstance $SqlInstance -sqlcredential $sqlcredential -database $database  -Query $sqlSchema 

        $sqlObject = "
                        select
                            ss.name as 'schemaname',
                            sdp.name as 'owner',
                            sa.name as 'object'
                        from
                            sys.schemas ss
                                inner join sys.all_objects sa on ss.schema_id = sa.schema_id
                                inner join sys.database_principals sdp on ss.principal_id=sdp.principal_id
                        WHERE
                            sa.is_ms_shipped=0
                    "

        $dbObject = Invoke-DbaQuery -SqlInstance $SqlInstance -sqlcredential $sqlcredential -database $database -Query $sqlObject 


        $sqlPermissions = "
                                select
                                    sdperm.permission_name as 'permission',
                                    ss.name as 'schemaname',
                                    sdp.name as 'grantee'
                                from
                                    sys.database_permissions sdperm
                                        inner join sys.schemas ss on sdperm.major_id=ss.schema_id
                                        inner join sys.database_principals sdp on sdperm.grantee_principal_id = sdp.principal_id
                                where class_desc='SCHEMA'
                            "

        $dbPermissions = Invoke-DbaQuery -SqlInstance $SqlInstance -sqlcredential $sqlcredential -database $database -Query $sqlPermissions 

        $output = @()
        ForEach ($schema in $dbSchema){

            $objects = $dbObject | Where-Object {$_.schemaName -eq $schema.schemaName} | Select-Object -Property owner, object
            $permissions  = $dbPermissions | Where-Object {$_.schemaName -eq $schema.schemaName} | Select-Object permission, grantee
            $output +=[PsCustomObject]@{
                schemaName = $schema.schemaName
                owner = $schema.owner
                objects = $objects 
                permissions = $permissions
            }
        }
    $output
    }
}