Table: googledirectory_user - Query Google Directory Users using SQL
Google Directory is a service within Google Workspace that provides a centralized way to manage and access user account information. It allows administrators to manage users, groups, and devices, as well as to configure security settings for the domain. Google Directory helps to maintain the integrity of the domain's data by providing a structured way to manage user account information.
Table Usage Guide
The googledirectory_user
table provides insights into user accounts within Google Workspace. As an IT administrator, explore user-specific details through this table, including email addresses, names, and administrative status. Utilize it to uncover information about users, such as their last login time, whether their account is suspended, and the organizational units to which they belong.
Examples
Basic info
Explore which users have administrative privileges in your Google Directory and when they were created. This can be useful for auditing purposes and ensuring that only authorized individuals have admin access.
select full_name, id, primary_email, creation_time, is_delegated_admin, customer_idfrom googledirectory_user;
select full_name, id, primary_email, creation_time, is_delegated_admin, customer_idfrom googledirectory_user;
Get user by ID
Discover the details of a specific user in the Google Directory, such as their full name, primary email, and creation time. This can be useful for administrators who need to verify user information or investigate account activity.
select full_name, id, primary_email, creation_time, is_delegated_admin, customer_idfrom googledirectory_userwhere id = '119982672925259996273';
select full_name, id, primary_email, creation_time, is_delegated_admin, customer_idfrom googledirectory_userwhere id = '119982672925259996273';
Get user by primary email
Discover the details of a specific user by using their primary email. This can be particularly useful for gaining insights into user's profile details, creation time, and customer ID in a business context.
select full_name, id, primary_email, creation_time, is_delegated_admin, customer_idfrom googledirectory_userwhere primary_email = 'mscott@dundermifflin.com';
select full_name, id, primary_email, creation_time, is_delegated_admin, customer_idfrom googledirectory_userwhere primary_email = 'mscott@dundermifflin.com';
List administrators
Discover the users who hold administrative or delegated administrative roles in your Google Directory. This can be useful for auditing access control and ensuring only authorized individuals have elevated permissions.
select id, full_name, primary_email, is_admin, is_delegated_adminfrom googledirectory_userwhere is_admin or is_delegated_admin;
select id, full_name, primary_email, is_admin, is_delegated_adminfrom googledirectory_userwhere is_admin or is_delegated_admin;
List users without two-step verification
Discover the segments that have users who haven't enabled two-step verification. This can be beneficial for enhancing the security measures within your organization.
select id, full_name, primary_email, is_enrolled_in_2sv, is_enforced_in_2svfrom googledirectory_userwhere not is_enrolled_in_2sv or not is_enforced_in_2sv;
select id, full_name, primary_email, is_enrolled_in_2sv, is_enforced_in_2svfrom googledirectory_userwhere not is_enrolled_in_2sv or not is_enforced_in_2sv;
List users who have not logged in for more than 30 days
The query is used to identify users who have been inactive for over a month. This can be useful for IT administrators to manage user accounts and security, by potentially flagging these accounts for follow-up or deactivation.
select id, full_name, primary_email, last_login_timefrom googledirectory_userwhere last_login_time < current_timestamp - interval '30 days';
select id, full_name, primary_email, last_login_timefrom googledirectory_userwhere last_login_time < datetime('now', '-30 days');
List users using the query filter
Discover the segments that include users with a specific attribute in their name. This is useful in scenarios where you need to identify and group users based on shared characteristics for targeted communication or management.
select id, full_name, primary_email, last_login_timefrom googledirectory_userwhere query = 'givenName:steampipe*';
select id, full_name, primary_email, last_login_timefrom googledirectory_userwhere query = 'givenName:steampipe*';
Schema for googledirectory_user
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
addresses | jsonb | A list of the user's addresses. | |
agreed_to_terms | boolean | Indicates whether the user has completed an initial login and accepted the Terms of Service agreement, or not. | |
aliases | jsonb | A list of the user's alias email addresses. | |
archived | boolean | Indicates whether an user is archived, or not. | |
change_password_at_next_login | boolean | Indicates if the user is forced to change their password at next login. | |
creation_time | timestamp with time zone | Specifies user's G-Suite account creation time. | |
custom_schemas | jsonb | Custom fields of the user. | |
customer_id | text | = | The customer ID to retrieve all account users. |
deletion_time | timestamp with time zone | Specifies user's deletion time. | |
emails | jsonb | A list of the user's email addresses. | |
etag | text | A hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update. | |
external_ids | jsonb | A list of external IDs for the user, such as an employee or network ID. | |
family_name | text | = | The user's last name. |
full_name | text | = | The user's full name formed by concatenating the first and last name values. |
gender | text | The user's gender. | |
given_name | text | = | The user's first name. |
hash_function | text | Specifies the hash format of the password property. | |
id | text | = | The unique ID for the user. |
ims | jsonb | The user's Instant Messenger (IM) accounts. | |
include_in_global_address_list | boolean | Indicates whether the user's profile is visible in the Google Workspace global address list when the contact sharing feature is enabled for the domain. | |
ip_whitelisted | boolean | Indicates whether the user's IP address is whitelisted, or not. | |
is_admin | boolean | !=, = | Indicates whether an user have super administrator privileges, or not. |
is_delegated_admin | boolean | !=, = | Indicates whether the user is a delegated administrator, or not. |
is_enforced_in_2sv | boolean | Indicates whether the 2-step verification enforced, or not. | |
is_enrolled_in_2sv | boolean | Indicates whether an user is enrolled in 2-step verification, or not. | |
is_mailbox_setup | boolean | Indicates whether the user's Google mailbox is created, or not. | |
keywords | jsonb | The user's keywords. | |
kind | text | The type of the API resource. | |
languages | jsonb | The user's languages. | |
last_login_time | timestamp with time zone | Specifies user's last login time. | |
locations | jsonb | The user's locations. | |
non_editable_aliases | jsonb | A list of the user's non-editable alias email addresses. | |
notes | jsonb | Notes for the user. | |
org_unit_path | text | The full path of the parent organization associated with the user. | |
organizations | jsonb | A list of organizations the user belongs to. | |
phones | jsonb | A list of the user's phone numbers. | |
posix_accounts | jsonb | A list of POSIX account information for the user. | |
primary_email | text | = | Specifies the user's primary email address. |
query | text | = | Filter string to [filter](https://developers.google.com/admin-sdk/directory/v1/guides/search-users) users. |
recovery_email | text | Specifies the recovery email of the user. | |
recovery_phone | text | Specifies the recovery phone of the user. | |
relations | jsonb | A list of the user's relationships to other users. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
ssh_public_keys | jsonb | A list of SSH public keys. | |
suspended | boolean | !=, = | Indicates whether an user is suspended, or not. |
suspension_reason | text | Specifies the reason a user account is suspended either by the administrator or by Google at the time of suspension. | |
thumbnail_photo_etag | text | ETag of the user's photo. | |
thumbnail_photo_url | text | Photo Url of the user. | |
websites | jsonb | The user's websites. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- googledirectory
You can pass the configuration to the command with the --config
argument:
steampipe_export_googledirectory --config '<your_config>' googledirectory_user