iam_schema_managed_access_enablediam_user_at_least_two_users_with_accountadmin_roleiam_user_default_role_is_setiam_user_default_role_must_not_be_accountadminiam_user_with_accountadmin_role_have_emailiam_user_with_built_in_duo_mfa_enablediam_user_without_accountadmin_role_password_not_setmanual_controlmonitoring_user_password_rotated_regularlynetwork_policy_allowed_list_setnetwork_policy_blocked_list_set
Query: iam_user_with_accountadmin_role_have_email
Usage
powerpipe query snowflake_compliance.query.iam_user_with_accountadmin_role_have_emailSteampipe Tables
SQL
with users_with_account_admin_role as ( select grantee_name from snowflake_role_grant where role = 'ACCOUNTADMIN' and granted_to = 'USER')select name as resource, case when name not in (select * from users_with_account_admin_role) then 'skip' when email != '' then 'ok' else 'alarm' end as status, case when name not in (select * from users_with_account_admin_role) then name || ' does not have ACCOUNTADMIN role.' when email != '' then name || ' email address set.' else name || ' email address not set.' end as reason, accountfrom snowflake_user;
Controls
The query is being used by the following controls: