Search code examples
azure-sql-databaseazure-powershell

sqlpackage import database excluded users

I built an automation backup and import Azure database to the new Azure SQL server it still has all the old users and that's a breach of security. I saw SQLpackage import no option excluded user. SQLpackage publish have ExcludeObjectTypes but it's not included data. Does anyone have a script or idea to remove all users who aren't in default users?


$DBServer = 'ddd.database.windows.net'
$DbUser = 'admin'
$DBPassword = 'dsfdfdsf'
$Backupfilename = 'Catalog-2022-08-30.bacpac'
$DBNameimport = 'Catalog1'


###Restore file to SQL Server
#Invoke-Sqlcmd -ServerInstance tcp:$DBServer -Username $DbUser -Password "$DBPassword " -Query "Drop database [$DBNameimport]"
#Invoke-Sqlcmd -ServerInstance tcp:$DBServer -Username $DbUser -Password "$DBPassword " -Query "Create database [$DBNameimport]"
#sqlpackage.exe /Action:Publish /tsn:tcp:$DBServer,1433 /tdn:$DBNameimport /tu:$DbUser /tp:"$DBPassword" /sf:$PSScriptRoot\$Backupfilename /p:Storage=File
Solution

  • I have finished the script auto download file backup from storage to import for a new environment and delete older users from file backup to meet security:

    $DBServer = 'dev01.database.windows.net'
$DbUser = 'admin'
$DBPassword = '12131231'
$StorageAccountName = 'adminstorage'
$StorageAccountKey = 'sdfsdfsdf'
$ContainerName = 'Catalog-backup'
$Backupfilename = 'Catalog-2022-08-23.bacpac'
$DBName = 'Catalog'

#Copy file from blob storage

$ctx = New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $StorageAccountKey

write-output "backup file name: $Backupfilename"
Get-AzStorageBlobContent -Blob $Backupfilename -Container $ContainerName -Destination $PSScriptRoot -Context $ctx

#Check name database
Invoke-Sqlcmd -ServerInstance tcp:$DBServer -Username $DbUser -Password "$DBPassword" -Query "Drop database [$DBNameimport]"
Invoke-Sqlcmd -ServerInstance tcp:$DBServer -Username $DbUser -Password "$DBPassword" -Query "Create database [$DBNameimport]"

#Restore file to SQL Server
sqlpackage.exe /Action:Import /tsn:tcp:$DBServer,1433 /tdn:$DBNameimport /tu:$DbUser /tp:"$DBPassword" /sf:$PSScriptRoot\$Backupfilename /p:Storage=File

#Delete older user when finish import
$query = "
DECLARE @Command nvarchar(max) = ''

SELECT @Command += 'DROP USER ['+name+'];'
FROM sys.sysusers
WHERE name not in ('guest', 'INFORMATION_SCHEMA', 'sys','public')
  and name not like 'db%'

EXEC (@Command);
"
Invoke-Sqlcmd -ServerInstance tcp:$DBServer -Username $DbUser -Password "$DBPassword" -Database $DBNameimport -Query $query