turbot/snowflake_compliance

Control: At least two users must be assigned ACCOUNTADMIN role

Description

By default, each account has one user who has been designated as an account administrator (i.e. user granted the system-defined ACCOUNTADMIN role). Snowflake recommend designating at least one other user as an account administrator. This helps ensure that your account always has at least one user who can perform account-level tasks, particularly if one of your account administrators is unable to log in.

Usage

Run the control in your terminal:

powerpipe control run snowflake_compliance.control.security_overview_iam_two_users_accountadmin_role

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run snowflake_compliance.control.security_overview_iam_two_users_accountadmin_role --share

SQL

This control uses a named query:

iam_user_at_least_two_users_with_accountadmin_role