From 99a55765159d7b6026425541624e84c601060e69 Mon Sep 17 00:00:00 2001
From: Avi Deitcher <avi@deitcher.net>
Date: Thu, 22 Feb 2018 20:57:42 +0200
Subject: [PATCH] Granting db rights idempotent, so always run

---
 .../Functions/Admin/Set-RsDatabase.ps1        | 65 ++++++++-----------
 1 file changed, 28 insertions(+), 37 deletions(-)

diff --git a/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1 b/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1
index 993cbc0a..691a651c 100644
--- a/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1
+++ b/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1
@@ -47,9 +47,6 @@ function Set-RsDatabase
         .PARAMETER IsExistingDatabase
             Specify this switch if the database to use already exists, and prevent creation of the database.
 
-        .PARAMETER HasDatabaseUserRights
-            Specify this switch if the runtime database user already has access rights to the database, and prevent granting the user rights.
-
         .PARAMETER DatabaseCredentialType
             Indicate what type of runtime credentials to use when connecting to the database: Windows, SQL, or Service Account.
 
@@ -97,9 +94,6 @@ function Set-RsDatabase
         [switch]
         $IsExistingDatabase,
 
-        [switch]
-        $HasDatabaseUserRights,
-
         [Parameter(Mandatory = $true)]
         [Alias('Authentication')]
         [Microsoft.ReportingServicesTools.SqlServerAuthenticationType]
@@ -168,7 +162,7 @@ function Set-RsDatabase
         }
 
         # must have credentials passed
-        if ($AdminDatabaseCredentialType -like 'sql')
+        if ($isSQLAdminAccount)
         {
             if ($AdminDatabaseCredential -eq $null)
             {
@@ -222,43 +216,40 @@ function Set-RsDatabase
         #endregion Create Database if necessary
 
         #region Configuring Database rights
-        if (-not $HasDatabaseUserRights)
+        # Step 3 - Generate database rights script
+        Write-Verbose "Generating database rights script..."
+        $isWindowsAccount = ($DatabaseCredentialType -like "Windows") -or ($DatabaseCredentialType -like "ServiceAccount")
+        $result = $rsWmiObject.GenerateDatabaseRightsScript($username, $Name, $IsRemoteDatabaseServer, $isWindowsAccount)
+        if ($result.HRESULT -ne 0)
         {
-            # Step 3 - Generate database rights script
-            Write-Verbose "Generating database rights script..."
-            $isWindowsAccount = ($DatabaseCredentialType -like "Windows") -or ($DatabaseCredentialType -like "ServiceAccount")
-            $result = $rsWmiObject.GenerateDatabaseRightsScript($username, $Name, $IsRemoteDatabaseServer, $isWindowsAccount)
-            if ($result.HRESULT -ne 0)
-            {
-                Write-Verbose "Generating database rights script... Failed!"
-                throw "Failed to generate the database rights script from the report server using WMI. Errorcode: $($result.HRESULT)"
-            }
-            else
-            {
-                $SQLscript = $result.Script
-                Write-Verbose "Generating database rights script... Complete!"
-            }
+            Write-Verbose "Generating database rights script... Failed!"
+            throw "Failed to generate the database rights script from the report server using WMI. Errorcode: $($result.HRESULT)"
+        }
+        else
+        {
+            $SQLscript = $result.Script
+            Write-Verbose "Generating database rights script... Complete!"
+        }
 
-            # Step 4 - Run Database rights script
-            Write-Verbose "Executing database rights script..."
-            try
+        # Step 4 - Run Database rights script
+        Write-Verbose "Executing database rights script..."
+        try
+        {
+            if ($isSQLAdminAccount)
             {
-                if ($isSQLAdminAccount)
-                {
-                    Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop -Username $adminUsername -Password $adminPassword
-                }
-                else
-                {
-                    Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop
-                }
+                Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop -Username $adminUsername -Password $adminPassword
             }
-            catch
+            else
             {
-                Write-Verbose "Executing database rights script... Failed!"
-                throw
+                Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop
             }
-            Write-Verbose "Executing database rights script... Complete!"
         }
+        catch
+        {
+            Write-Verbose "Executing database rights script... Failed!"
+            throw
+        }
+        Write-Verbose "Executing database rights script... Complete!"
         #endregion Configuring Database rights
 
         #region Update Reporting Services database configuration