Add-DbaDbRoleMember View Source Ben Miller (@DBAduck) Windows, Linux, macOS Synopsis Adds database users or roles as members to database roles across SQL Server instances
Description Manages database security by adding users or roles as members to database roles, automating what would otherwise require manual T-SQL commands or SQL Server Management Studio clicks. This function handles membership validation to ensure the user or role exists in the database before attempting to add them, and checks existing membership to prevent duplicate assignments.
Export-DbaUser View Source Claudio Silva (@ClaudioESSilva) Windows, Linux, macOS Synopsis Generates T-SQL scripts to recreate database users with their complete security context including roles and permissions
Description Creates comprehensive T-SQL scripts that fully recreate database users along with their security assignments and permissions. The generated scripts include user creation statements, role memberships, database-level permissions (like CONNECT, SELECT, INSERT), and granular object-level permissions for tables, views, stored procedures, functions, and other database objects.
Get-DbaDbOrphanUser View Source Claudio Silva (@ClaudioESSilva) , Garry Bargsley (@gbargsley) , Simone Bizzotto (@niphlod) Windows, Linux, macOS Synopsis Get orphaned users.
Description An orphan user is defined by a user that does not have their matching login. (Login property = “”).
Syntax Get-DbaDbOrphanUser [-SqlInstance] <DbaInstanceParameter[]> [[-SqlCredential] <PSCredential>] [[-Database] <Object[]>] [[-ExcludeDatabase] <Object[]>] [-EnableException] [<CommonParameters>] Examples Example: 1 PS C:\> Get-DbaDbOrphanUser -SqlInstance localhost\sql2016 Finds all orphan users without matching Logins in all databases present on server ’localhost\sql2016’.
Get-DbaDbRole View Source Ben Miller (@DBAduck) Windows, Linux, macOS Synopsis Retrieves database roles from SQL Server instances for security auditing and permission analysis.
Description Retrieves all database roles (both fixed and custom) from one or more SQL Server databases, returning detailed role information for security audits and compliance reporting. This function examines the roles collection in each accessible database, allowing you to identify custom roles, exclude built-in fixed roles, or focus on specific roles by name.
Get-DbaDbRoleMember View Source Klaas Vandenberghe (@PowerDBAKlaas) Windows, Linux, macOS Synopsis Retrieves all users and nested roles that are members of database roles across SQL Server instances
Description This function enumerates the membership of database roles, showing which users and nested roles belong to each role. Essential for security audits, permission troubleshooting, and compliance reporting, it reveals the complete role hierarchy within your databases. By default, system users are excluded to focus on business-relevant accounts, but you can include them for comprehensive security reviews.
Get-DbaDbUser View Source Klaas Vandenberghe (@PowerDbaKlaas) Windows, Linux, macOS Synopsis Retrieves database user accounts and their associated login mappings from SQL Server databases
Description Retrieves all database user accounts from one or more databases, showing their associated server logins, authentication types, and access states. This function is essential for security audits, user access reviews, and compliance reporting where you need to see who has database-level access and how their accounts are configured.
Get-DbaUserPermission View Source Brandon Abshire, netnerds.net , Josh Smith Windows, Linux, macOS Synopsis Audits comprehensive security permissions across SQL Server instances using DISA STIG methodology
Description Performs a comprehensive security audit by analyzing all server logins, server-level permissions, database users, database roles, and object-level permissions across SQL Server instances. Creates temporary STIG (Security Technical Implementation Guide) objects in tempdb to gather detailed permission information for both direct and inherited access rights.
New-DbaDbRole View Source Claudio Silva (@ClaudioESSilva), claudioessilva.eu Windows, Linux, macOS Synopsis Creates new database roles in one or more SQL Server databases.
Description Creates custom database roles for implementing role-based security in SQL Server databases. This function handles the creation of user-defined database roles that can later be granted specific permissions and have users or other roles assigned to them. You can create the same role across multiple databases for consistency, and optionally specify a custom owner instead of the default dbo.
Frank Henninger (@osiris687) | Andreas Jordan (@JordanOrdix), ordix.de
New-DbaDbUser View Source Frank Henninger (@osiris687) , Andreas Jordan (@JordanOrdix), ordix.de Windows, Linux, macOS Synopsis Creates database users with support for SQL logins, contained users, and Azure AD authentication.
Description Creates database users across one or more databases, supporting multiple authentication types including traditional SQL login mapping, contained users with passwords, and Azure Active Directory external provider authentication. This command handles the common DBA task of provisioning database access without requiring manual T-SQL scripts for each database.
Remove-DbaDbOrphanUser View Source Claudio Silva (@ClaudioESSilva) , Simone Bizzotto (@niphlod) Windows, Linux, macOS Synopsis Removes orphaned database users that no longer have corresponding SQL Server logins
Description Removes orphaned database users from one or more databases, handling schema ownership transfers automatically to prevent dependency issues.
Orphaned users occur when a database user exists but its corresponding login in the master database has been deleted or doesn’t exist on the current server.
dbatools