Table: prismacloud_iam_permission - Query Prisma Cloud IAM permissions using SQL
The Prisma Cloud IAM permission table in Steampipe provides comprehensive information about IAM permissions within Prisma Cloud. This table allows security engineers and cloud administrators to query detailed IAM permission data, including accessed resources, granted permissions, and the associated cloud accounts and regions. The schema outlines various attributes such as resource information, effective actions, exceptions, and the entities involved in granting permissions.
Table Usage Guide
The prismacloud_iam_permission table in Steampipe provides detailed information about IAM permissions within Prisma Cloud. This table allows you to query specifics such as accessed resources, actions taken, and the entities that granted the permissions. This helps in managing and monitoring IAM permissions across your cloud environment effectively.
Examples
Basic info
Retrieve basic information about IAM permissions, including resource names, cloud types, and effective actions.
select dest_resource_name, cloud_type, effective_action_namefrom prismacloud_iam_permission;select dest_resource_name, cloud_type, effective_action_namefrom prismacloud_iam_permission;List permissions by cloud account and region
Retrieve IAM permissions grouped by cloud account and region. This helps in understanding the distribution of permissions across different accounts and regions.
select account_name, cloud_region, count(*) as permission_countfrom prismacloud_iam_permissiongroup by account_name, cloud_region;select account_name, cloud_region, count(*) as permission_countfrom prismacloud_iam_permissiongroup by account_name, cloud_region;Permissions with exceptions
Identify IAM permissions that have exceptions. This helps in understanding any potential issues or constraints related to permissions.
select dest_resource_name, cloud_type, effective_action_name, exceptionsfrom prismacloud_iam_permissionwhere exceptions is not null;select dest_resource_name, cloud_type, effective_action_name, exceptionsfrom prismacloud_iam_permissionwhere exceptions is not null;Recently accessed resources
Retrieve IAM permissions for resources that were accessed within the last 30 days. This helps in tracking recent activity and understanding the current usage of permissions.
select dest_resource_name, cloud_type, last_access_date, last_access_statusfrom prismacloud_iam_permissionwhere last_access_date > now() - interval '30 days';select dest_resource_name, cloud_type, last_access_date, last_access_statusfrom prismacloud_iam_permissionwhere last_access_date > datetime('now', '-30 days');Permissions by effective action name
Get a list of IAM permissions grouped by effective action name. This helps in understanding the types of actions that are being performed with the granted permissions.
select effective_action_name, count(*) as permission_countfrom prismacloud_iam_permissiongroup by effective_action_name;select effective_action_name, count(*) as permission_countfrom prismacloud_iam_permissiongroup by effective_action_name;List permissions by resource type
Retrieve IAM permissions grouped by resource type. This helps in understanding the distribution of permissions across different resource types.
select dest_resource_type, count(*) as permission_countfrom prismacloud_iam_permissiongroup by dest_resource_type;select dest_resource_type, count(*) as permission_countfrom prismacloud_iam_permissiongroup by dest_resource_type;Permissions granted by specific entity
Get a list of IAM permissions granted by a specific entity. This helps in understanding which entities are granting permissions and to whom.
select granted_by_cloud_entity_name, dest_resource_name, effective_action_namefrom prismacloud_iam_permissionwhere granted_by_cloud_entity_name = 'specific_entity_name';select granted_by_cloud_entity_name, dest_resource_name, effective_action_namefrom prismacloud_iam_permissionwhere granted_by_cloud_entity_name = 'specific_entity_name';List permissions by source cloud type
Retrieve IAM permissions grouped by the source cloud type. This helps in understanding the distribution of permissions across different cloud environments.
select source_cloud_type, count(*) as permission_countfrom prismacloud_iam_permissiongroup by source_cloud_type;select source_cloud_type, count(*) as permission_countfrom prismacloud_iam_permissiongroup by source_cloud_type;Permissions by policy name
Get a list of IAM permissions associated with a specific policy name. This helps in understanding the impact of specific policies on resource access.
select granted_by_cloud_policy_name, dest_resource_name, effective_action_namefrom prismacloud_iam_permissionwhere granted_by_cloud_policy_name = 'specific_policy_name';select granted_by_cloud_policy_name, dest_resource_name, effective_action_namefrom prismacloud_iam_permissionwhere granted_by_cloud_policy_name = 'specific_policy_name';Schema for prismacloud_iam_permission
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| accessed_resources_count | bigint | The count of accessed resources. | |
| cloud_type | text | The type of cloud. | |
| description | text | The description of the search. | |
| dest_cloud_account | text | The cloud account for the destination. | |
| dest_cloud_region | text | The cloud region for the destination. | |
| dest_cloud_resource_uai | text | The cloud resource UAI for the destination. | |
| dest_cloud_service_name | text | The cloud service name for the destination. | |
| dest_cloud_type | text | The type of cloud for the destination. | |
| dest_resource_id | text | The resource ID for the destination. | |
| dest_resource_name | text | The resource name for the destination. | |
| dest_resource_type | text | The resource type for the destination. | |
| effective_action_name | text | The name of the effective action. | |
| text | =, !=, ~~, ~~*, !~~, !~~* | Email address of the current session user. | |
| exceptions | jsonb | The list of exceptions. | |
| granted_by_cloud_entity_account | text | The cloud entity account granting the access. | |
| granted_by_cloud_entity_id | text | The cloud entity ID granting the access. | |
| granted_by_cloud_entity_name | text | The cloud entity name granting the access. | |
| granted_by_cloud_entity_type | text | The cloud entity type granting the access. | |
| granted_by_cloud_entity_uai | text | The cloud entity UAI granting the access. | |
| granted_by_cloud_policy_account | text | The cloud policy account granting the access. | |
| granted_by_cloud_policy_id | text | The cloud policy ID granting the access. | |
| granted_by_cloud_policy_name | text | The cloud policy name granting the access. | |
| granted_by_cloud_policy_type | text | The cloud policy type granting the access. | |
| granted_by_cloud_policy_uai | text | The cloud policy UAI granting the access. | |
| granted_by_cloud_type | text | The cloud type granting the access. | |
| granted_by_level_id | text | The level ID granting the access. | |
| granted_by_level_name | text | The level name granting the access. | |
| granted_by_level_type | text | The level type granting the access. | |
| granted_by_level_uai | text | The level UAI granting the access. | |
| id | text | The unique identifier for the permission. | |
| last_access_date | text | The date of last access. | |
| last_access_status | text | The status of the last access. | |
| name | text | The name of the search. | |
| permission_query | text | = | The query used. |
| response_id | text | The unique identifier for the response. | |
| saved | boolean | Indicates if the response is saved. | |
| search_type | text | The type of the search. | |
| source_cloud_account | text | The cloud account for the source. | |
| source_cloud_region | text | The cloud region for the source. | |
| source_cloud_resource_uai | text | The cloud resource UAI for the source. | |
| source_cloud_service_name | text | The cloud service name for the source. | |
| source_cloud_type | text | The type of cloud for the source. | |
| source_idp_domain | text | The IDP domain for the source. | |
| source_idp_email | text | The IDP email for the source. | |
| source_idp_group | text | The IDP group for the source. | |
| source_idp_service | text | The IDP service for the source. | |
| source_idp_uai | text | The IDP UAI for the source. | |
| source_idp_user_id | text | The IDP user ID for the source. | |
| source_idp_username | text | The IDP username for the source. | |
| source_public | boolean | Indicates if the source is public. | |
| source_resource_id | text | The resource ID for the source. | |
| source_resource_name | text | The resource name for the source. | |
| source_resource_type | text | The resource type for the source. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| time_range | text | The time range for the search. | |
| title | text | The title of the search. | |
| wild_card_dest_cloud_resource_name | boolean | Indicates if the destination cloud resource name is a wildcard. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloudYou can pass the configuration to the command with the --config argument:
steampipe_export_prismacloud --config '<your_config>' prismacloud_iam_permission