-
Notifications
You must be signed in to change notification settings - Fork 3
/
demo.ps1
43 lines (31 loc) · 1.38 KB
/
demo.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
$sqlUser='sql1admin'
$sqlPasswd= ConvertTo-SecureString 'y^ezoBWAtK9wb*8Lyrrpted#' -AsPlainText -Force
$sqlCred=New-Object System.Management.Automation.PSCredential ($sqlUser, $sqlPasswd)
$sqlInstance='sb-sql1.sb.local\sql1'
$appsplat=@{
SqlInstance =$sqlInstance
SqlCredential = $sqlCred
}
import-module ./dbasecurityscan.psd1
$srv = Connect-DbaInstance @appsplat
$c = Get-Content './Tests/scenarios/roles1/roles1.sql' -Raw
$srv.Databases['master'].ExecuteNonQuery($c)
# create a new config
$config = New-DssConfig @appsplat -Database roles1
#remove config file
Remove-Item ./dss.json -Force
#write out the config to a file
$config | ConvertTo-Json -Depth 5 | Out-File ./dss.json
#take a look at the config file in vs code
code ./dss.json
#Add an extra permission to the role
Invoke-DbaQuery @appsplat -Database roles1 -Query "grant execute on sp_test to removerole"
?
#run a compare against the config.
$results = Invoke-DssTest @appsplat -Database roles1 -Config $config
#errors were returned so try a dryrun to see how they could be fixed
$dryRun = Reset-DssSecurity @appsplat -Database roles1 -TestResults $results -OutputOnly
#If happy with the dry run, tell the command to fix the issues
$realRun = Reset-DssSecurity @appsplat -Database roles1 -TestResults $results
#Run a final test to check that everything is in line again
$final = Invoke-DssTest @appsplat -Database roles1 -Config $config