steampipe plugin install auth0

Table: auth0_role - Query Auth0 Roles using SQL

Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. It provides a universal authentication & authorization platform for web, mobile and legacy applications, and allows you to authenticate and authorize apps and APIs with any identity provider running on any stack, any device or cloud. With Auth0, you can manage roles and permissions, assign users to roles, and control who can access your APIs.

Table Usage Guide

The auth0_role table provides insights into roles within Auth0. As a Security engineer, explore role-specific details through this table, including permissions, associated users, and other metadata. Utilize it to uncover information about roles, such as those with specific permissions, the users associated with each role, and the overall management of access control.

Examples

Non-admin roles with 'all:*' permissions

Determine the roles, excluding the 'admin', that have been granted all permissions. This allows for a review of potential security vulnerabilities by identifying roles with overly broad access rights.

select
r.name as role_name,
p.permission_name,
p.description,
p.resource_server_name
from
auth0_role r
join auth0_role_permission p on p.role_id = r.id
where
r.name <> 'admin'
and p.permission_name like 'all:%';
select
r.name as role_name,
p.permission_name,
p.description,
p.resource_server_name
from
auth0_role r
join auth0_role_permission p on p.role_id = r.id
where
r.name <> 'admin'
and p.permission_name like 'all:%';

List all permissions assigned to an admin role

Explore which permissions are associated with an administrative role to better understand the access rights and potential security implications. This can be useful when auditing system access or planning role changes.

select
p.permission_name,
p.description,
p.resource_server_name
from
auth0_role r
join auth0_role_permission p on p.role_id = r.id
where
r.name = 'admin';
select
p.permission_name,
p.description,
p.resource_server_name
from
auth0_role r
join auth0_role_permission p on p.role_id = r.id
where
r.name = 'admin';

Schema for auth0_role

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
descriptiontextA description of the role.
domain_nametext=, !=, ~~, ~~*, !~~, !~~*The name of the domain.
idtext=A unique ID for the role.
nametextThe name of the role.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0

You can pass the configuration to the command with the --config argument:

steampipe_export_auth0 --config '<your_config>' auth0_role