Table: vanta_group - Query Vanta Groups using SQL

Vanta is a security monitoring platform that simplifies the complex process of security compliance. It provides comprehensive visibility into an organization's security posture, helping to identify and mitigate potential vulnerabilities. Vanta's Groups feature allows for the management of user permissions, providing a structured way to assign and control access rights.

Table Usage Guide

The vanta_group table provides insights into Groups within Vanta's security monitoring platform. As a Security or Compliance Officer, explore group-specific details through this table, including group names, user assignments, and associated permissions. Utilize it to uncover information about groups, such as those with high-level permissions, the distribution of user assignments among groups, and the verification of access rights.

Important Notes

To query the table you must set session_id argument in the config file (~/.steampipe/config/vanta.spc).

Examples

Basic info

Explore which Vanta groups are available by identifying their names and IDs, and assess the elements within each group's checklist. This can be useful to understand the composition and configuration of these groups for better management and organization.

select
  name,
  id,
  checklist
from
  vanta_group;

select
  name,
  id,
  checklist
from
  vanta_group;

User details associated with each group

Discover the segments that detail the relationship between user information and their respective groups. This can be beneficial in managing user permissions and understanding the distribution of roles within your organization.

select
  g.name,
  u.display_name,
  u.email,
  u.permission_level
from
  vanta_group as g
  join vanta_user as u on g.id = u.role ->> 'id';

select
  g.name,
  u.display_name,
  u.email,
  u.permission_level
from
  vanta_group as g
  join vanta_user as u on g.id = json_extract(u.role, '$.id');

List all users in each group having administrator access

Determine the areas in which users have been granted administrative access within different groups. This can help in understanding the distribution of administrative privileges across your organization, aiding in access control and security management.

select
  g.name,
  u.display_name,
  u.email
from
  vanta_group as g
  join vanta_user as u on g.id = u.role ->> 'id'
  and u.permission_level = 'Admin';

select
  g.name,
  u.display_name,
  u.email
from
  vanta_group as g
  join vanta_user as u on g.id = json_extract(u.role, '$.id')
  and u.permission_level = 'Admin';

Get the count of users in each group

Explore which user groups have the most members to better manage resources and permissions. This can help in identifying areas for optimization and ensuring balanced distribution of users across different groups.

select
  g.name,
  count(u.display_name)
from
  vanta_group as g
  join vanta_user as u on g.id = u.role ->> 'id'
group by
  g.name;

select
  g.name,
  count(u.display_name)
from
  vanta_group as g
  join vanta_user as u on g.id = json_extract(u.role, '$.id')
group by
  g.name;

Schema for vanta_group

Name	Type	Description
_ctx	jsonb	Steampipe context in JSON form, e.g. connection_name.
checklist	jsonb	Describes the security requirements for the group.
embedded_idp_group	jsonb	A list of embedded IDP group.
id	text	A unique identifier of the group.
name	text	The name of the group.
organization_name	text	The name of the organization.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- vanta

You can pass the configuration to the command with the --config argument:

steampipe_export_vanta --config '<your_config>' vanta_group