functions/Get-DbaDatabaseUser.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
Function Get-DbaDatabaseUser {
    <#
.SYNOPSIS
Gets database users
 
.DESCRIPTION
Gets database users
 
.PARAMETER SqlInstance
The target SQL Server instance(s)
 
.PARAMETER SqlCredential
Allows you to login to SQL Server using alternative credentials
 
.PARAMETER Database
To get users from specific database(s)
 
.PARAMETER ExcludeDatabase
The database(s) to exclude - this list is auto populated from the server
 
.PARAMETER ExcludeSystemUser
This switch removes all system objects from the user collection
 
.PARAMETER Silent
Use this switch to disable any kind of verbose messages
 
.NOTES
Tags: security, Databases
Author: Klaas Vandenberghe ( @PowerDbaKlaas )
 
Website: https://dbatools.io
Copyright: (C) Chrissy LeMaire, clemaire@gmail.com
License: GNU GPL v3 https://opensource.org/licenses/GPL-3.0
 
.EXAMPLE
Get-DbaDatabaseUser -SqlInstance sql2016
 
Gets all database users
 
.EXAMPLE
Get-DbaDatabaseUser -SqlInstance Server1 -Database db1
 
Gets the users for the db1 database
 
.EXAMPLE
Get-DbaDatabaseUser -SqlInstance Server1 -ExcludeDatabase db1
 
Gets the users for all databases except db1
 
.EXAMPLE
Get-DbaDatabaseUser -SqlInstance Server1 -ExcludeSystemUser
 
Gets the users for all databases that are not system objects, like 'dbo', 'guest' or 'INFORMATION_SCHEMA'
 
.EXAMPLE
'Sql1','Sql2/sqlexpress' | Get-DbaDatabaseUser
 
Gets the users for the databases on Sql1 and Sql2/sqlexpress
 
#>

    [CmdletBinding()]
    param (
        [parameter(Mandatory, ValueFromPipeline)]
        [Alias("ServerInstance", "SqlServer")]
        [DbaInstanceParameter[]]$SqlInstance,
        [PSCredential]$SqlCredential,
        [object[]]$Database,
        [object[]]$ExcludeDatabase,
        [switch]$ExcludeSystemUser,
        [switch]$Silent
    )

    process {
        foreach ($instance in $SqlInstance) {
            try {
                Write-Message -Level Verbose -Message "Connecting to $instance"
                $server = Connect-SqlInstance -SqlInstance $instance -SqlCredential $sqlcredential
            }
            catch {
                Stop-Function -Message "Failure" -Category ConnectionError -ErrorRecord $_ -Target $instance -Continue
            }
            
            $databases = $server.Databases
            
            if ($Database) {
                $databases = $databases | Where-Object Name -In $Database
            }
            if ($ExcludeDatabase) {
                $databases = $databases | Where-Object Name -NotIn $ExcludeDatabase
            }

            foreach ($db in $databases) {
                if (!$db.IsAccessible) {
                    Write-Message -Level Warning -Message "Database $db is not accessible. Skipping."
                    continue
                }

                $users = $db.users

                if (!$users) {
                    Write-Message -Message "No users exist in the $db database on $instance" -Target $db -Level Verbose
                    continue
                }
                if (Test-Bound -ParameterName ExcludeSystemUser) {
                    $users = $users | Where-Object { $_.IsSystemObject -eq $false }
                }

                $users | foreach {

                Add-Member -Force -InputObject $_ -MemberType NoteProperty -Name ComputerName -value $server.NetName
                Add-Member -Force -InputObject $_ -MemberType NoteProperty -Name InstanceName -value $server.ServiceName
                Add-Member -Force -InputObject $_ -MemberType NoteProperty -Name SqlInstance -value $server.DomainInstanceName
                Add-Member -Force -InputObject $_ -MemberType NoteProperty -Name Database -value $db.Name

                Select-DefaultView -InputObject $_ -Property ComputerName, InstanceName, SqlInstance, Database, CreateDate, DateLastModified, Name, Login, LoginType, AuthenticationType, State, HasDbAccess, DefaultSchema
                }
            }
        }
    }
}