Mods

turbot/snowflake_compliance

GitHub
Overview
1Dashboards
18Controls
11Queries
3Variables
GitHub
Loading controls...
On This Page
Description
Usage
SQL
Get Involved
Edit on GitHub
Discuss on Slack

Control: ACCOUNTADMIN role must not be set as the default role for users

Description

Grant the ACCOUNTADMIN role to the user(s), but do not set this role as their default. Instead, designate a lower-level administrative role (e.g. SYSADMIN) or custom role as their default. This helps prevent account administrators from inadvertently using the ACCOUNTADMIN role to create objects.

Usage

Run the control in your terminal:

steampipe check snowflake_compliance.control.security_overview_iam_user_accountadmin_must_not_be_default_role

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share snowflake_compliance.control.security_overview_iam_user_accountadmin_must_not_be_default_role

SQL

This control uses a named query:

iam_user_default_role_must_not_be_accountadmin