steampipe plugin install ibm

Table: ibm_iam_access_group_policy - Query IBM IAM Access Group Policies using SQL

IBM IAM Access Group Policy is a feature within IBM Cloud Identity and Access Management service that allows the implementation of access control for IBM Cloud resources. It provides a way to set up and manage access policies for various IBM Cloud resources, including virtual machines, databases, applications, and more. IBM IAM Access Group Policy helps manage the permissions for access groups, defining which resources can be accessed, and the actions that can be performed on those resources.

Table Usage Guide

The ibm_iam_access_group_policy table provides insights into access group policies within IBM Cloud Identity and Access Management (IAM). As a security administrator, you can explore policy-specific details through this table, including resources, roles, and associated metadata. Use it to uncover information about policies, such as those with specific access permissions, the resources they are associated with, and the roles that are linked to them.

Examples

Basic info

Explore the creation and configuration of access group policies within IBM's Identity and Access Management (IAM) system. This query is useful for identifying the types of policies, who created them, and their assigned roles, which aids in understanding and managing access control in the environment.

select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_access_group_policy;
select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_access_group_policy;

List all system created policies

Explore which policies have been automatically generated by the system. This is useful for understanding and managing the default security settings in your IBM IAM Access Group.

select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_access_group_policy
where
created_by_id = 'system';
select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_access_group_policy
where
created_by_id = 'system';

Schema for ibm_iam_access_group_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The ID fof the account.
created_attimestamp with time zoneThe time when the policy was created.
created_by_idtextThe iam ID of the entity that created the policy.
descriptiontextThe description of the IAM access group.
group_idtextThe ID of the IAM access group.
hreftextThe href link back to the policy.
idtextThe ID of the IAM user policy.
last_modified_attimestamp with time zoneThe timestamp when the policy was last modified.
last_modified_by_idtextThe iam ID of the entity that last modified the policy.
resourcesjsonbThe resources associated with a policy.
rolesjsonbA set of role cloud resource names (CRNs) granted by the policy.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subjectsjsonbThe subjects associated with a policy.
typetextThe policy type.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm

You can pass the configuration to the command with the --config argument:

steampipe_export_ibm --config '<your_config>' ibm_iam_access_group_policy