Table: auth0_role - Query Auth0 Roles using SQL
Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. It provides a universal authentication & authorization platform for web, mobile and legacy applications, and allows you to authenticate and authorize apps and APIs with any identity provider running on any stack, any device or cloud. With Auth0, you can manage roles and permissions, assign users to roles, and control who can access your APIs.
Table Usage Guide
The auth0_role
table provides insights into roles within Auth0. As a Security engineer, explore role-specific details through this table, including permissions, associated users, and other metadata. Utilize it to uncover information about roles, such as those with specific permissions, the users associated with each role, and the overall management of access control.
Examples
Non-admin roles with 'all:*' permissions
Determine the roles, excluding the 'admin', that have been granted all permissions. This allows for a review of potential security vulnerabilities by identifying roles with overly broad access rights.
select r.name as role_name, p.permission_name, p.description, p.resource_server_namefrom auth0_role r join auth0_role_permission p on p.role_id = r.idwhere r.name <> 'admin' and p.permission_name like 'all:%';
select r.name as role_name, p.permission_name, p.description, p.resource_server_namefrom auth0_role r join auth0_role_permission p on p.role_id = r.idwhere r.name <> 'admin' and p.permission_name like 'all:%';
List all permissions assigned to an admin role
Explore which permissions are associated with an administrative role to better understand the access rights and potential security implications. This can be useful when auditing system access or planning role changes.
select p.permission_name, p.description, p.resource_server_namefrom auth0_role r join auth0_role_permission p on p.role_id = r.idwhere r.name = 'admin';
select p.permission_name, p.description, p.resource_server_namefrom auth0_role r join auth0_role_permission p on p.role_id = r.idwhere r.name = 'admin';
Schema for auth0_role
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
description | text | A description of the role. | |
domain_name | text | =, !=, ~~, ~~*, !~~, !~~* | The name of the domain. |
id | text | = | A unique ID for the role. |
name | text | The name of the role. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0
You can pass the configuration to the command with the --config
argument:
steampipe_export_auth0 --config '<your_config>' auth0_role