turbot/snowflake_compliance

Query: iam_user_at_least_two_users_with_accountadmin_role

Usage

powerpipe query snowflake_compliance.query.iam_user_at_least_two_users_with_accountadmin_role

Steampipe Tables

SQL

with users_with_account_admin_role as (
select
role,
granted_to,
grantee_name,
granted_by,
created_on,
account
from
snowflake_role_grant
where
role = 'ACCOUNTADMIN'
and granted_to = 'USER'
)
select
account as resource,
case when count(grantee_name) > 1 then
'ok'
else
'alarm'
end as status,
'ACCOUNTADMIN role is granted to ' || count(grantee_name) || ' user(s).' as reason,
account
from
users_with_account_admin_role
group by
account;

Controls

The query is being used by the following controls: