Table: googledirectory_role - Query Google Directory Roles using SQL
Google Directory is a service within Google Cloud that allows you to manage your organization's users, groups, and devices. It provides a centralized way to set up and manage roles for various Google Workspace resources. Google Directory helps you stay informed about the roles and their associated privileges within your Google Workspace.
Table Usage Guide
The googledirectory_role
table provides insights into roles within Google Workspace. As a Google Workspace administrator, explore role-specific details through this table, including role ID, role name, role description, and associated privileges. Utilize it to uncover information about roles, such as their privileges and the details associated with each role.
Examples
Basic info
Analyze the settings to understand the roles within your Google Directory, specifically identifying which roles have super admin or system privileges. This can be useful for auditing access rights and maintaining security within your organization.
select role_name, role_id, is_super_admin_role, is_system_rolefrom googledirectory_role;
select role_name, role_id, is_super_admin_role, is_system_rolefrom googledirectory_role;
Get role by ID
Explore which Google Directory roles possess certain identifiers, enabling you to pinpoint specific roles for administrative or system purposes. This is useful in managing user access and permissions in your Google Directory.
select role_name, role_id, is_super_admin_role, is_system_rolefrom googledirectory_rolewhere role_id = '02ce457p6conzyd';
select role_name, role_id, is_super_admin_role, is_system_rolefrom googledirectory_rolewhere role_id = '02ce457p6conzyd';
List super admin roles
Explore which roles hold super admin privileges in your Google Directory, to manage permissions and secure your system effectively. This query helps you identify those roles, providing valuable information for system administration and security.
select role_id, role_name, is_super_admin_role, is_system_rolefrom googledirectory_rolewhere is_super_admin_role;
select role_id, role_name, is_super_admin_role, is_system_rolefrom googledirectory_rolewhere is_super_admin_role = 1;
List system roles
Discover the segments that identify all system roles in the Google Directory, providing a way to assess which roles have super admin privileges. This can be beneficial for auditing purposes or to manage user permissions effectively.
select role_id, role_name, is_super_admin_role, is_system_rolefrom googledirectory_rolewhere is_system_role;
select role_id, role_name, is_super_admin_role, is_system_rolefrom googledirectory_rolewhere is_system_role = 1;
List privileges by role
Explore which privileges are associated with each role in Google Directory. This can be useful in managing access control and ensuring that each role has the correct privileges for its intended function.
select role_name, p ->> 'serviceId' as service_id, p ->> 'privilegeName' as privilegefrom googledirectory_role as r, jsonb_array_elements(r.role_privileges) as porder by role_name, service_id, privilege;
select role_name, json_extract(p.value, '$.serviceId') as service_id, json_extract(p.value, '$.privilegeName') as privilegefrom googledirectory_role as r, json_each(r.role_privileges) as porder by role_name, service_id, privilege;
Schema for googledirectory_role
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
customer_id | text | = | The customer ID to retrieve all account roles. |
etag | text | A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update. | |
is_super_admin_role | boolean | Indicates whether the role is a super admin role, or not. | |
is_system_role | boolean | Indicates whether the role is a pre-defined system role, or not. | |
kind | text | The type of the API resource. | |
role_description | text | A short description of the role. | |
role_id | text | = | The unique ID for the role. |
role_name | text | The name of the role. | |
role_privileges | jsonb | The set of privileges that are granted to this role. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- googledirectory
You can pass the configuration to the command with the --config
argument:
steampipe_export_googledirectory --config '<your_config>' googledirectory_role