Table: ibm_iam_user_policy - Query IBM IAM User Policies using SQL
IBM Identity and Access Management (IAM) is a service within IBM Cloud that allows you to manage access to resources and applications. It provides a centralized way to manage users, roles, and permissions across your IBM Cloud resources. IAM helps you ensure that only authorized users have access to specific resources and can perform specific actions.
Table Usage Guide
The ibm_iam_user_policy table provides insights into user policies within IBM Identity and Access Management (IAM). As a security engineer, explore policy-specific details through this table, including policy roles, resources, and associated metadata. Utilize it to uncover information about policies, such as those with specific permissions, the relationships between users and policies, and the verification of policy roles.
Examples
Basic info
Explore which user policies are in effect within your IBM IAM setup. This allows you to identify instances where permissions may be overly broad or insufficient, enhancing overall security and compliance.
select id, type, created_by_id, href, rolesfrom ibm_iam_user_policy;select id, type, created_by_id, href, rolesfrom ibm_iam_user_policy;List all system created policies
Explore which policies have been created automatically by the system. This is useful for understanding system-level permissions and roles.
select id, type, created_by_id, href, rolesfrom ibm_iam_user_policywhere created_by_id = 'system';select id, type, created_by_id, href, rolesfrom ibm_iam_user_policywhere created_by_id = 'system';Schema for ibm_iam_user_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| account_id | text | ID of the account that this policy belongs to. | |
| created_at | timestamp with time zone | The time when the policy was created. | |
| created_by_id | text | The iam ID of the entity that created the policy. | |
| description | text | The description of the IAM access group. | |
| href | text | The href link back to the policy. | |
| iam_id | text | An alphanumeric value identifying the user's IAM ID. | |
| id | text | The ID of the IAM user policy. | |
| last_modified_at | timestamp with time zone | The timestamp when the policy was last modified. | |
| last_modified_by_id | text | The iam ID of the entity that last modified the policy. | |
| resources | jsonb | The resources associated with a policy. | |
| roles | jsonb | A set of role cloud resource names (CRNs) granted by the policy. | |
| subjects | jsonb | The subjects associated with a policy. | |
| type | text | The policy type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibmYou can pass the configuration to the command with the --config argument:
steampipe_export_ibm --config '<your_config>' ibm_iam_user_policy