steampipe plugin install ibm

Table: ibm_iam_user - Query IBM Cloud IAM Users using SQL

IBM Cloud Identity and Access Management (IAM) is a service that helps secure access to IBM Cloud resources. It enables the management of identities and access, allowing users to control who has access to their IBM Cloud resources and what actions they can perform. With IAM, you can manage access to your resources by creating policies and assigning them to IAM identities (users, groups, and service IDs).

Table Usage Guide

The ibm_iam_user table provides insights into users within IBM Cloud Identity and Access Management (IAM). As a security officer or administrator, you can explore user-specific details through this table, including user ID, email, account ID, and created at timestamp. Utilize it to uncover information about users, such as their access levels, assigned roles, and other related metadata.

Examples

Basic info

Explore the basic user information from an IBM IAM user list to gain insights into user details and their associated account IDs. This can be useful for user management and account audits.

select
first_name,
last_name,
user_id,
email,
account_id
from
ibm_iam_user;
select
first_name,
last_name,
user_id,
email,
account_id
from
ibm_iam_user;

List inactive users

This query helps identify users who are not currently active within the IBM IAM system. It is useful in auditing user activity and assessing the need for potential clean-up of inactive accounts.

select
first_name,
last_name,
user_id,
email,
state
from
ibm_iam_user
where
state <> 'ACTIVE';
select
first_name,
last_name,
user_id,
email,
state
from
ibm_iam_user
where
state <> 'ACTIVE';

List users with no primary contact phone number

Discover the users who lack a primary contact phone number, allowing you to identify gaps in your contact information and reach out for updates. This can be particularly useful in maintaining effective communication channels with all users.

select
first_name,
last_name,
user_id,
phonenumber
from
ibm_iam_user
where
phonenumber is null;
select
first_name,
last_name,
user_id,
phonenumber
from
ibm_iam_user
where
phonenumber is null;

Schema for ibm_iam_user

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The ID fof the account.
alt_phonenumbertextThe alternative phone number of the user.
emailtextThe email of the user.
first_nametextThe first name of the user.
iam_idtextAn alphanumeric value identifying the user's IAM ID.
idtext=An alphanumeric value identifying the user profile.
last_nametextThe last name of the user.
phonenumbertextThe phone number of the user.
phototextA link to a photo of the user.
realmtextThe realm of the user. The value is either IBMid or SL.
settingsjsonbUser settings.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statetextThe state of the user. Possible values are PROCESSING, PENDING, ACTIVE, DISABLED_CLASSIC_INFRASTRUCTURE, and VPN_ONLY.
user_idtextThe user ID used for login.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm

You can pass the configuration to the command with the --config argument:

steampipe_export_ibm --config '<your_config>' ibm_iam_user