lowlydba.sqlserver.sa module – Configure the sa login for security best practices
Note
This module is part of the lowlydba.sqlserver collection (version 2.7.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install lowlydba.sqlserver.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: lowlydba.sqlserver.sa.
New in lowlydba.sqlserver 0.3.0
Synopsis
Rename, disable, and reset the password for the
salogin on a SQL Server instance per best practices.
Requirements
The below requirements are needed on the host that executes this module.
dbatools PowerShell module
Parameters
Parameter |
Comments |
|---|---|
Whether the login is enabled or disabled. Choices:
|
|
The new name to rename the |
|
Password for the login. |
|
Enforces password expiration policy. Requires password_policy_enforced=true. Choices:
|
|
Enforces user must change password at next login. When specified, will enforce password_expiration_enabled and password_policy_enforced as they are required. Choices:
|
|
Enforces password complexity policy. Choices:
|
|
The SQL Server instance to modify. |
|
Password for SQL Authentication. |
|
Username for SQL Authentication. |
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in check_mode and return changed status prediction without modifying target. |
|
Platforms: all |
Target OS/families that can be operated against. |
Examples
- name: Disable sa login
lowlydba.sqlserver.sa:
sql_instance: sql-01.myco.io
enabled: false
- name: Rename sa login
lowlydba.sqlserver.sa:
sql_instance: sql-01.myco.io
new_name: 'notthesayourelookingfor'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Output from the Returned: success, but not in check_mode. |