certificate_with_auto_renew_enablediam_access_group_with_public_accessiam_account_owner_no_api_keyiam_restrict_api_key_service_id_creationiam_support_center_access_group_configurediam_user_api_key_age_90iam_user_member_of_only_access_groupiam_user_mfa_enabled_alliam_user_with_valid_emailiam_user_with_valid_phoneinternet_service_ddos_protection_activeinternet_service_tls_higher_version_enabledinternet_service_waf_enabledmanual_controlobject_storage_bucket_with_cmkobject_storage_bucket_with_key_protect_enabledvpc_network_acl_restrict_ingress_rdp_allvpc_network_acl_restrict_ingress_ssh_allvpc_security_group_restrict_ingress_rdp_allvpc_security_group_restrict_ingress_ssh_all
Query: iam_user_member_of_only_access_group
Usage
powerpipe query ibm_compliance.query.iam_user_member_of_only_access_groupSteampipe Tables
SQL
with associated_policy_users as( select user_id, u.iam_id, u.account_id as account_id, roles from ibm_iam_user as u left join ibm_iam_user_policy as p on u.iam_id = p.iam_id)select distinct iam_id as resource, case when roles is null then 'ok' else 'alarm' end as status, case when roles is null then user_id || ' has no additional access policies assigned.' else user_id || ' has additional access policies assigned.' end as reason, account_idfrom associated_policy_users;