turbot/googledirectory
steampipe plugin install googledirectory

Table: googledirectory_role_assignment - Query Google Directory Role Assignments using SQL

Google Directory is a service within Google Workspace that helps manage organizational structure and browse people in your organization. It allows you to manage users, devices, and apps, and it's an essential tool for IT and system administrators. Role Assignments in Google Directory are used to assign roles to users or groups, which define what actions they can perform.

Table Usage Guide

The googledirectory_role_assignment table provides insights into Role Assignments within Google Directory. As an IT or system administrator, explore role assignment-specific details through this table, including the assigned user or group, the role ID, and the assignment ID. Utilize it to uncover information about role assignments, such as the permissions associated with each role, the users or groups assigned to each role, and the scope of each assignment.

Examples

Basic info

Explore the allocation of roles within your Google Directory setup. This query will help you understand who holds what role and where, enhancing your security management by identifying potential misassignments or gaps.

select
role_assignment_id,
role_id,
assigned_to,
scope_type
from
googledirectory_role_assignment;
select
role_assignment_id,
role_id,
assigned_to,
scope_type
from
googledirectory_role_assignment;

Get role assignments by role ID

Explore which roles have been assigned to different users within a specific Google Directory role. This can be useful in managing access and permissions in your organization.

select
role_assignment_id,
role_id,
assigned_to,
scope_type
from
googledirectory_role_assignment
where
role_id = '522363132560015';
select
role_assignment_id,
role_id,
assigned_to,
scope_type
from
googledirectory_role_assignment
where
role_id = '522363132560015';

Get role assignments by user

Explore which roles have been assigned to each user in the Google Directory. This can be useful to understand the permissions and access each user has within the organization.

select
assigned_role.role_assignment_id as role_assignment_id,
r.role_name as role_name,
u.full_name as user_name
from
googledirectory_role_assignment as assigned_role,
googledirectory_user as u,
googledirectory_role as r
where
assigned_role.user_key = u.id
and assigned_role.role_id = r.role_id;
select
assigned_role.role_assignment_id as role_assignment_id,
r.role_name as role_name,
u.full_name as user_name
from
googledirectory_role_assignment as assigned_role
join googledirectory_user as u on assigned_role.user_key = u.id
join googledirectory_role as r on assigned_role.role_id = r.role_id;

Schema for googledirectory_role_assignment

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
assigned_totextThe unique ID of the user this role is assigned to.
customer_idtext=The customer ID to retrieve all account roles.
etagtextA hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.
kindtextThe type of the API resource.
org_unit_idtextIf the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
role_assignment_idtext=The unique ID for the role assignment.
role_idtext=The unique ID for the role.
scope_typetextThe scope in which this role is assigned.
user_keytext=The user's primary email address, alias email address, or unique user ID.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- googledirectory

You can pass the configuration to the command with the --config argument:

steampipe_export_googledirectory --config '<your_config>' googledirectory_role_assignment