Table: ibm_iam_access_group_policy - Query IBM IAM Access Group Policies using SQL
IBM IAM Access Group Policy is a feature within IBM Cloud Identity and Access Management service that allows the implementation of access control for IBM Cloud resources. It provides a way to set up and manage access policies for various IBM Cloud resources, including virtual machines, databases, applications, and more. IBM IAM Access Group Policy helps manage the permissions for access groups, defining which resources can be accessed, and the actions that can be performed on those resources.
Table Usage Guide
The ibm_iam_access_group_policy table provides insights into access group policies within IBM Cloud Identity and Access Management (IAM). As a security administrator, you can explore policy-specific details through this table, including resources, roles, and associated metadata. Use it to uncover information about policies, such as those with specific access permissions, the resources they are associated with, and the roles that are linked to them.
Examples
Basic info
Explore the creation and configuration of access group policies within IBM's Identity and Access Management (IAM) system. This query is useful for identifying the types of policies, who created them, and their assigned roles, which aids in understanding and managing access control in the environment.
select id, type, created_by_id, href, rolesfrom ibm_iam_access_group_policy;select id, type, created_by_id, href, rolesfrom ibm_iam_access_group_policy;List all system created policies
Explore which policies have been automatically generated by the system. This is useful for understanding and managing the default security settings in your IBM IAM Access Group.
select id, type, created_by_id, href, rolesfrom ibm_iam_access_group_policywhere created_by_id = 'system';select id, type, created_by_id, href, rolesfrom ibm_iam_access_group_policywhere created_by_id = 'system';Schema for ibm_iam_access_group_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| account_id | text | ID of the account that this policy belongs to. | |
| created_at | timestamp with time zone | The time when the policy was created. | |
| created_by_id | text | The iam ID of the entity that created the policy. | |
| description | text | The description of the IAM access group. | |
| group_id | text | The ID of the IAM access group. | |
| href | text | The href link back to the policy. | |
| id | text | The ID of the IAM user policy. | |
| last_modified_at | timestamp with time zone | The timestamp when the policy was last modified. | |
| last_modified_by_id | text | The iam ID of the entity that last modified the policy. | |
| resources | jsonb | The resources associated with a policy. | |
| roles | jsonb | A set of role cloud resource names (CRNs) granted by the policy. | |
| subjects | jsonb | The subjects associated with a policy. | |
| type | text | The policy type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibmYou can pass the configuration to the command with the --config argument:
steampipe_export_ibm --config '<your_config>' ibm_iam_access_group_policy