Table: googledirectory_role_assignment - Query Google Directory Role Assignments using SQL
Google Directory is a service within Google Workspace that helps manage organizational structure and browse people in your organization. It allows you to manage users, devices, and apps, and it's an essential tool for IT and system administrators. Role Assignments in Google Directory are used to assign roles to users or groups, which define what actions they can perform.
Table Usage Guide
The googledirectory_role_assignment
table provides insights into Role Assignments within Google Directory. As an IT or system administrator, explore role assignment-specific details through this table, including the assigned user or group, the role ID, and the assignment ID. Utilize it to uncover information about role assignments, such as the permissions associated with each role, the users or groups assigned to each role, and the scope of each assignment.
Examples
Basic info
Explore the allocation of roles within your Google Directory setup. This query will help you understand who holds what role and where, enhancing your security management by identifying potential misassignments or gaps.
select role_assignment_id, role_id, assigned_to, scope_typefrom googledirectory_role_assignment;
select role_assignment_id, role_id, assigned_to, scope_typefrom googledirectory_role_assignment;
Get role assignments by role ID
Explore which roles have been assigned to different users within a specific Google Directory role. This can be useful in managing access and permissions in your organization.
select role_assignment_id, role_id, assigned_to, scope_typefrom googledirectory_role_assignmentwhere role_id = '522363132560015';
select role_assignment_id, role_id, assigned_to, scope_typefrom googledirectory_role_assignmentwhere role_id = '522363132560015';
Get role assignments by user
Explore which roles have been assigned to each user in the Google Directory. This can be useful to understand the permissions and access each user has within the organization.
select assigned_role.role_assignment_id as role_assignment_id, r.role_name as role_name, u.full_name as user_namefrom googledirectory_role_assignment as assigned_role, googledirectory_user as u, googledirectory_role as rwhere assigned_role.user_key = u.id and assigned_role.role_id = r.role_id;
select assigned_role.role_assignment_id as role_assignment_id, r.role_name as role_name, u.full_name as user_namefrom googledirectory_role_assignment as assigned_role join googledirectory_user as u on assigned_role.user_key = u.id join googledirectory_role as r on assigned_role.role_id = r.role_id;
Schema for googledirectory_role_assignment
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
assigned_to | text | The unique ID of the user this role is assigned to. | |
customer_id | text | = | The customer ID to retrieve all account roles. |
etag | text | A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update. | |
kind | text | The type of the API resource. | |
org_unit_id | text | If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to. | |
role_assignment_id | text | = | The unique ID for the role assignment. |
role_id | text | = | The unique ID for the role. |
scope_type | text | The scope in which this role is assigned. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
user_key | text | = | The user's primary email address, alias email address, or unique user ID. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- googledirectory
You can pass the configuration to the command with the --config
argument:
steampipe_export_googledirectory --config '<your_config>' googledirectory_role_assignment