Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SqlDatabaseObjectPermission: New resource proposal #1119

Closed
XabiBeltza opened this issue Apr 25, 2018 · 9 comments · Fixed by #1563
Closed

SqlDatabaseObjectPermission: New resource proposal #1119

XabiBeltza opened this issue Apr 25, 2018 · 9 comments · Fixed by #1563
Labels
enhancement The issue is an enhancement request. resource proposal The issue is proposing a new resource in the resource module.

Comments

@XabiBeltza
Copy link

XabiBeltza commented Apr 25, 2018
edited by johlju
Loading

I would like to request a resource to manage object level permissions.
For example,

SqlObjectPermission Grant_SqlDatabasePermissions_SQLAdmin_Db01
        {
            Ensure               = 'Present'
            Name                 = 'CONTOSO\SQLAdmin'
            Database             = 'AdventureWorks'
            Object               = 'Table_or_view'
            PermissionState      = 'Grant'
            Permissions          = 'Select'
            ServerName           = 'sqltest.company.local'
            InstanceName         = 'DSC'
            PsDscRunAsCredential = $SqlAdministratorCredential
        }
@johlju johlju added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. resource proposal The issue is proposing a new resource in the resource module. labels Apr 29, 2018
@johlju
Copy link
Member

johlju commented Apr 29, 2018
edited
Loading

Looking at this it seems it pretty close to how SqlDatabasePermission works. Would the below schema work?

[ClassVersion("1.0.0.0"), FriendlyName("SqlDatabaseObjectPermission")]
class MSFT_SqlDatabaseObjectPermission : OMI_BaseResource
{
    [Key, Description("The name of the SQL instance to be configured.")] String InstanceName;
    [Key, Description("The name of the database where the object resides.")] String DatabaseName;
    [Key, Description("The name of the database object schema that the object name belongs to.")] String SchemaName;
    [Key, Description("The name of the database object to set permission for.")] String ObjectName;
    [Key, Description("The name of the database user och database role that will have the permission.")] String UserName;
    [Key, Description("The state of the permission. Valid values are 'Grant', 'Deny' and 'GrantWithGrant'."), ValueMap{"Grant","Deny","GrantWithGrant"}, Values{"Grant","Deny","GrantWithGrant"}] String PermissionState;
    [Required, Description("The set of permissions for the database object for the principal assigned to 'Name'.")] String Permissions[];
    [Write, Description("Specifies the desired state of the permission. When set to 'Present', the permissions will be added. When set to 'Absent', the permissions will be removed. Default value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
    [Write, Description("The hostname of the SQL Server to be configured. Defaults to $env:COMPUTERNAME.")] String ServerName;
};

I think the properties PermissionState and Permission need to be an array of embedded instances so that it is not possible to grant and deny in the same configuration.

@johlju
Copy link
Member

johlju commented Apr 29, 2018

I have labeld this as 'help wanted' so that someone in the community can run with it.

@mreinli
Copy link

mreinli commented Apr 30, 2018

I am looking for the exact same resource and already started working on it.

@johlju
Copy link
Member

johlju commented May 1, 2018

@mreinli Awesome! Do you want to send it in as a PR once you are done? Happy to have that resource. 😃

@johlju johlju changed the title REsource Request: SqlDatabaseObjectPermission SqlDatabaseObjectPermission: New resource proposal May 1, 2018
@mreinli
Copy link

mreinli commented May 2, 2018

Sure, will send a PR once it's done. Looking good so far. We most probably need an additional parameter "ObjectType".

@johlju
Copy link
Member

johlju commented May 4, 2018

@mreinli Awesome! Sounds good with ObjectType. Will ObjectType be key as well? So two types of object can have the same name?

Labeling this as in progress.

@johlju johlju added in progress The issue is being actively worked on by someone. and removed help wanted The issue is up for grabs for anyone in the community. labels May 4, 2018
@mreinli
Copy link

mreinli commented May 4, 2018

Two objects can have the same name and be in different schemas. Plus, there are database collations which are case-sensitive. I have a working version but am still testing and fine-tuning. Should I already create a PR and update it with changes or wait until it's ready?

@johlju
Copy link
Member

johlju commented May 4, 2018

Send in the PR when you feel it is ready. 🙂

@XabiBeltza
Copy link
Author

Awesome to see so much traction on this!

@johlju johlju added help wanted The issue is up for grabs for anyone in the community. and removed in progress The issue is being actively worked on by someone. labels May 23, 2020
@johlju johlju mentioned this issue Jun 7, 2020
Merged
9 tasks
johlju added a commit that referenced this issue Jun 12, 2020
@johlju
SqlDatabaseObjectPermission: New resource (#1563)
6a468c2 
- SqlServerDsc
  - Added new resource SqlDatabaseObjectPermission (issue #1119).
- SqlServerDsc.Common
  - The helper function `Compare-ResourcePropertyState` was improved to
    handle embedded instances by adding a parameter `CimInstanceKeyProperties`
    that can be used to identify the unique parameter for each embedded
    instance in a collection.
  - The helper function `Test-DscPropertyState` was improved to evaluate
    the properties in a single CIM instance or a collection of CIM instances
    by recursively call itself.
  - When the helper function `Test-DscPropertyState` evaluated an array
    the verbose messages was not very descriptive. Instead of outputting
    the side indicator from the compare it now outputs a descriptive
    message.
@johlju johlju removed the help wanted The issue is up for grabs for anyone in the community. label Jun 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is an enhancement request. resource proposal The issue is proposing a new resource in the resource module.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SqlDatabaseObjectPermission: New resource johlju/SqlServerDsc
3 participants
@mreinli @johlju @XabiBeltza