directory_user_2fa_enrolleddirectory_user_admin_2fa_enrolleddirectory_user_admin_countdirectory_user_admin_max_countdirectory_user_is_delegated_admindrive_domain_restrictiondrive_members_only_accessdrive_viewer_restrictionsgmail_auto_forwarding_disabledgmail_delegation_disabledgmail_pop_imap_disabledgroups_admin_created_only
Query: directory_user_is_delegated_admin
Usage
powerpipe query googleworkspace_compliance.query.directory_user_is_delegated_adminSteampipe Tables
SQL
with dual_role_admins as ( select primary_email, full_name, id from googledirectory_user where is_admin = true and is_delegated_admin = true),summary as ( select count(*) as dual_role_count from dual_role_admins)select 'organization' as resource, case when dual_role_count = 0 then 'ok' else 'alarm' end as status, case when dual_role_count = 0 then 'All super admin accounts are dedicated (no dual admin roles).' else 'Found ' || dual_role_count || ' super admin account(s) that also have delegated admin roles.' end as reasonfrom summary;
Controls
The query is being used by the following controls: