v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub

Control: 1.14 Minimize the number of users with admin privileges in the account

Description

Comply with the principle of granting least privilege by using Access Groups to manage admin privileges and by avoiding the use of broadly scoped access policies.

Remediation

From Console

  1. Log in to IBM Cloud
  2. From the Menu bar, click Manage > Access(IAM).
  3. Click Users and select an User by clicking on the User name.
  4. Click on the Access Policies tab.
  5. View the access policies assigned to the User to verify if that User has Administrator Role assigned.
  6. If there are many such users with Administrative privileges, select to remove the Administrative privilege or Remove that User from the list of users.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_1_14

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_1_14 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 1.14
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/IAM