Steampipe mods are now Powerpipe →

Plugins Docs Home

turbot/snowflake_compliance

iam_schema_managed_access_enabled iam_user_at_least_two_users_with_accountadmin_role iam_user_default_role_is_set iam_user_default_role_must_not_be_accountadmin iam_user_with_accountadmin_role_have_email iam_user_with_built_in_duo_mfa_enabled iam_user_without_accountadmin_role_password_not_set manual_control monitoring_user_password_rotated_regularly network_policy_allowed_list_set network_policy_blocked_list_set

Query: iam_user_default_role_must_not_be_accountadmin

Usage

powerpipe query snowflake_compliance.query.iam_user_default_role_must_not_be_accountadmin

Steampipe Tables

Snowflake plugin

SQL

select
  name as resource,
  case
    when default_role = 'ACCOUNTADMIN' then 'alarm'
    else 'ok'
  end as status,
  name || ' default_role is ' || default_role || '.' as reason,
  account
from
  snowflake_user;

Controls

The query is being used by the following controls:

ACCOUNTADMIN role must not be set as the default role for users