@@ -163,6 +163,19 @@ Describe 'Get-SqlDscDatabasePermission' -Tag @('Integration_SQL2017', 'Integrati
163163 }
164164
165165 Context ' When working with built-in database roles'
166+ BeforeEach {
167+ $script :customRoleName = $null
168+ }
169+
170+ AfterEach {
171+ # Clean up the custom role if it was created
172+ if ($script :customRoleName )
173+ {
174+ $dropRoleSql = " USE [$ ( $script :testDatabaseName ) ]; DROP ROLE [$script :customRoleName ];"
175+ Invoke-SqlDscQuery - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Query $dropRoleSql - Force - ErrorAction ' SilentlyContinue'
176+ }
177+ }
178+
166179 It ' Should return permissions for db_datareader role'
167180 # Note: The command excludes fixed roles by default, so this should return null or empty
168181 $result = Get-SqlDscDatabasePermission - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Name ' db_datareader' - ErrorAction ' SilentlyContinue'
@@ -173,33 +186,24 @@ Describe 'Get-SqlDscDatabasePermission' -Tag @('Integration_SQL2017', 'Integrati
173186
174187 It ' Should work with non-fixed database roles when they exist'
175188 # Create a custom database role for testing
176- $customRoleName = ' TestRole_' + (Get-Random )
177- $createRoleSql = " USE [$ ( $script :testDatabaseName ) ]; CREATE ROLE [$customRoleName ];"
189+ $script : customRoleName = ' TestRole_' + (Get-Random )
190+ $createRoleSql = " USE [$ ( $script :testDatabaseName ) ]; CREATE ROLE [$script : customRoleName ];"
178191 Invoke-SqlDscQuery - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Query $createRoleSql - Force - ErrorAction ' Stop'
179192
180- try
181- {
182- # Grant a permission to the custom role
183- $grantRolePermissionSql = " USE [$ ( $script :testDatabaseName ) ]; GRANT CONNECT TO [$customRoleName ];"
184- Invoke-SqlDscQuery - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Query $grantRolePermissionSql - Force - ErrorAction ' Stop'
193+ # Grant a permission to the custom role
194+ $grantRolePermissionSql = " USE [$ ( $script :testDatabaseName ) ]; GRANT CONNECT TO [$script :customRoleName ];"
195+ Invoke-SqlDscQuery - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Query $grantRolePermissionSql - Force - ErrorAction ' Stop'
185196
186- # Test getting permissions for the custom role
187- $result = Get-SqlDscDatabasePermission - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Name $customRoleName - Refresh
197+ # Test getting permissions for the custom role
198+ $result = Get-SqlDscDatabasePermission - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Name $script : customRoleName - Refresh
188199
189- $result | Should -Not - BeNullOrEmpty
190- $result | Should - BeOfType [Microsoft.SqlServer.Management.Smo.DatabasePermissionInfo ]
200+ $result | Should -Not - BeNullOrEmpty
201+ $result | Should - BeOfType [Microsoft.SqlServer.Management.Smo.DatabasePermissionInfo ]
191202
192- # Verify the Connect permission we granted is present
193- $connectPermission = $result | Where-Object { $_.PermissionType.Connect -eq $true }
194- $connectPermission | Should -Not - BeNullOrEmpty
195- $connectPermission.PermissionState | Should - Be ' Grant'
196- }
197- finally
198- {
199- # Clean up the custom role
200- $dropRoleSql = " USE [$ ( $script :testDatabaseName ) ]; DROP ROLE [$customRoleName ];"
201- Invoke-SqlDscQuery - ServerObject $script :serverObject - DatabaseName $script :testDatabaseName - Query $dropRoleSql - Force - ErrorAction ' SilentlyContinue'
202- }
203+ # Verify the Connect permission we granted is present
204+ $connectPermission = $result | Where-Object { $_.PermissionType.Connect -eq $true }
205+ $connectPermission | Should -Not - BeNullOrEmpty
206+ $connectPermission.PermissionState | Should - Be ' Grant'
203207 }
204208 }
205209 }
0 commit comments