Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/snowflake_compliance
Overview
1Dashboards
18Controls
11Queries
3Variables
GitHub

Query: iam_user_without_accountadmin_role_password_not_set

Usage

powerpipe query snowflake_compliance.query.iam_user_without_accountadmin_role_password_not_set

Steampipe Tables

snowflake_role_grant
snowflake_user
Snowflake plugin

SQL

with users_with_account_admin_role as (
  select
    grantee_name
  from
    snowflake_role_grant
  where
    role = 'ACCOUNTADMIN'
    and granted_to = 'USER'
)
select
  name as resource,
  case
    when name in (
      select
        *
      from
        users_with_account_admin_role
    ) then 'skip'
    when has_password then 'alarm'
    else 'ok'
  end as status,
  case
    when name in (
      select
        *
      from
        users_with_account_admin_role
    ) then name || ' has ACCOUNTADMIN role.'
    when has_password then name || ' has password set.'
    else name || ' does not have password set.'
  end as reason,
  account
from
  snowflake_user;

Controls

The query is being used by the following controls: