steampipe plugin install ibm

Table: ibm_iam_user_policy - Query IBM IAM User Policies using SQL

IBM Identity and Access Management (IAM) is a service within IBM Cloud that allows you to manage access to resources and applications. It provides a centralized way to manage users, roles, and permissions across your IBM Cloud resources. IAM helps you ensure that only authorized users have access to specific resources and can perform specific actions.

Table Usage Guide

The ibm_iam_user_policy table provides insights into user policies within IBM Identity and Access Management (IAM). As a security engineer, explore policy-specific details through this table, including policy roles, resources, and associated metadata. Utilize it to uncover information about policies, such as those with specific permissions, the relationships between users and policies, and the verification of policy roles.

Examples

Basic info

Explore which user policies are in effect within your IBM IAM setup. This allows you to identify instances where permissions may be overly broad or insufficient, enhancing overall security and compliance.

select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_user_policy;
select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_user_policy;

List all system created policies

Explore which policies have been created automatically by the system. This is useful for understanding system-level permissions and roles.

select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_user_policy
where
created_by_id = 'system';
select
id,
type,
created_by_id,
href,
roles
from
ibm_iam_user_policy
where
created_by_id = 'system';

Schema for ibm_iam_user_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The ID fof the account.
created_attimestamp with time zoneThe time when the policy was created.
created_by_idtextThe iam ID of the entity that created the policy.
descriptiontextThe description of the IAM access group.
hreftextThe href link back to the policy.
iam_idtextAn alphanumeric value identifying the user's IAM ID.
idtextThe ID of the IAM user policy.
last_modified_attimestamp with time zoneThe timestamp when the policy was last modified.
last_modified_by_idtextThe iam ID of the entity that last modified the policy.
resourcesjsonbThe resources associated with a policy.
rolesjsonbA set of role cloud resource names (CRNs) granted by the policy.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subjectsjsonbThe subjects associated with a policy.
typetextThe policy type.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm

You can pass the configuration to the command with the --config argument:

steampipe_export_ibm --config '<your_config>' ibm_iam_user_policy