Table: auth0_user_permission - Query Auth0 User Permissions using SQL
Auth0 User Permissions is a feature within the Auth0 Identity Platform that allows you to manage and assign permissions to users in your applications. It provides a centralized way to set up and manage user permissions, enhancing the security and access control of your applications. Auth0 User Permissions helps you stay informed about the access rights of your users and take appropriate actions when necessary.
Table Usage Guide
The auth0_user_permission table provides insights into user permissions within Auth0 Identity Platform. As a security engineer, explore user-specific permissions through this table, including the applications they have access to, and the level of access they have. Utilize it to uncover information about users, such as those with high-level permissions, the access rights of individual users, and the verification of access controls.
Examples
All permissions granted by a user
Explore the range of permissions granted by a specific user to understand their level of access and control within the system. This can be useful for auditing user privileges and ensuring appropriate access levels.
select p.permission_name, p.description, p.resource_server_namefrom auth0_user u join auth0_user_permission p on p.user_id = u.idwhere email = 'select-joey@mail.com'order by p.resource_server_name, p.permission_name;select p.permission_name, p.description, p.resource_server_namefrom auth0_user u join auth0_user_permission p on p.user_id = u.idwhere email = 'select-joey@mail.com'order by p.resource_server_name, p.permission_name;User granted permissions in a resource server
Explore which permissions have been granted to a specific user within a particular resource server. This is useful for managing user access rights and ensuring appropriate permissions are assigned.
select u.email, p.permission_name, p.descriptionfrom auth0_user u join auth0_user_permission p on p.user_id = u.idwhere u.email = 'select-joey@mail.com' and p.resource_server_name = 'novel-mutt';select u.email, p.permission_name, p.descriptionfrom auth0_user u join auth0_user_permission p on p.user_id = u.idwhere u.email = 'select-joey@mail.com' and p.resource_server_name = 'novel-mutt';Schema for auth0_user_permission
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| description | text | The description of the permission. | |
| domain_name | text | =, !=, ~~, ~~*, !~~, !~~* | The name of the domain. |
| permission_name | text | The name of the permission. | |
| resource_server_identifier | text | The resource server that the permission is attached to. | |
| resource_server_name | text | The name of the resource server. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| user_id | text | = | A unique ID for the user. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0You can pass the configuration to the command with the --config argument:
steampipe_export_auth0 --config '<your_config>' auth0_user_permission