https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/527033#M884 <P>&nbsp;</P> <P>Hi,</P> <P>Our administrator added group reader to the prisma account</P> <P>.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CLimachi1_0-1673651450294.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47005i863C8715DA467FD2/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="CLimachi1_0-1673651450294.png" alt="CLimachi1_0-1673651450294.png" /></span></P> <P>But reading through the docs can´t find the RQL for getting the workspace specific information</P> <P><A href="https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/iam-query/iam-query-examples" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/iam-query/iam-query-examples</A></P> <P>&nbsp;</P> <P>For example changing the following with a group in workspace returns no results</P> <P><SPAN>config <SPAN class="">from<SPAN> iam where dest.cloud.type = <SPAN class="">'GCP' <SPAN class="">and<SPAN> source.cloud.resource.type = <SPAN class="">'user' <SPAN class="">and<SPAN> grantedby.cloud.entity.name = <SPAN class="">'your group name'</SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CLimachi1_1-1673652371725.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47006iE3E30791CAE3B177/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="CLimachi1_1-1673652371725.png" alt="CLimachi1_1-1673652371725.png" /></span></P> Fri, 13 Jan 2023 23:28:39 GMT CLimachi1 2023-01-13T23:28:39Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/526968#M879 <P>Hello,</P> <P>&nbsp;</P> <P>Enabled the IAM module and added the&nbsp;<SPAN>Google Workspace (GSuite) group reader role to the prisma service account but have been not able to find the query to get group members or other workspace information.&nbsp;</SPAN><SPAN>Only information I currently get is the cloudresourcemanager api results.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Also is it possible to get from workspace reports which accounts have 2SV enabled?</SPAN></P> Fri, 13 Jan 2023 13:48:34 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/526968#M879 CLimachi1 2023-01-13T13:48:34Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/526994#M881 <P>You must have administrator access to Google Workspace (GSuite) to grant Prisma Cloud Service Accounts the permissions to ingest data from groups on Google Workspace (GSuite). The permissions required for ingesting data on groups is either the predefined role Group Reader, or a custom role with groups:read permission.</P> <P>&nbsp;</P> <P>Could you please provide me the RQL you are using.</P> Fri, 13 Jan 2023 18:14:45 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/526994#M881 BCastillo 2023-01-13T18:14:45Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/527033#M884 <P>&nbsp;</P> <P>Hi,</P> <P>Our administrator added group reader to the prisma account</P> <P>.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CLimachi1_0-1673651450294.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47005i863C8715DA467FD2/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="CLimachi1_0-1673651450294.png" alt="CLimachi1_0-1673651450294.png" /></span></P> <P>But reading through the docs can´t find the RQL for getting the workspace specific information</P> <P><A href="https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/iam-query/iam-query-examples" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/iam-query/iam-query-examples</A></P> <P>&nbsp;</P> <P>For example changing the following with a group in workspace returns no results</P> <P><SPAN>config <SPAN class="">from<SPAN> iam where dest.cloud.type = <SPAN class="">'GCP' <SPAN class="">and<SPAN> source.cloud.resource.type = <SPAN class="">'user' <SPAN class="">and<SPAN> grantedby.cloud.entity.name = <SPAN class="">'your group name'</SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CLimachi1_1-1673652371725.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47006iE3E30791CAE3B177/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="CLimachi1_1-1673652371725.png" alt="CLimachi1_1-1673652371725.png" /></span></P> Fri, 13 Jan 2023 23:28:39 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/527033#M884 CLimachi1 2023-01-13T23:28:39Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/527439#M886 <P>Hello ,</P> <P>&nbsp;</P> <P>There was fix that was going on for this. Could you please give it a try again and see if you are able to get any results.</P> <P>&nbsp;</P> <P>Regards,</P> Tue, 17 Jan 2023 18:26:56 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/gcp-workspace-gsuite-information/m-p/527439#M886 BCastillo 2023-01-17T18:26:56Z