Control: Set the default_role property for users

Description

A user's default role determines the role used in the Snowflake sessions initiated by the user; however, this is only a default. Users can change roles within a session at any time. Snowflake recommends that designate a lower-level administrative or custom role as their default.

Usage

Run the control in your terminal:

powerpipe control run snowflake_compliance.control.security_overview_iam_user_default_role_is_set

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run snowflake_compliance.control.security_overview_iam_user_default_role_is_set --share

SQL

This control uses a named query:

select
  name as resource,
  case when default_role = '' then
    'alarm'
  else
    'ok'
  end as status,
  case when default_role = '' then
    name || ' default_role is not set.'
  else
    name || ' default_role is set.'
  end as reason,
  account
from
  snowflake_user;