Account Groups
The PrivilegedAccountGroup Class
PrivilegedAccountGroup is a Python class that represent a Cyberark Account Group to avoid dictionary manipulation in code. Most of the following function works with objects of this class.
- It has the following mandatory attributes:
name: Cyberark name of the account group (“sample_group_name”)
group_platform: The group platform (eg “sample_group_platform”)
safeName: The safe in which the account is stored (eg DBA-Safe).
- It has the following extra attributes:
id: Cyberark unique ID of the account group (eg 43_391)
Functions
- async list_by_safe(self, safe_name: str)
List all groups for a given safe
- Parameters:
safe_name – name of the safe
- Returns:
a list of PrivilegedAccountGroups
- async get_account_group_id(self, group_name: str, safe: str)
Get account_group_id with the group_name and the safe
- Parameters:
group_name – the name of the group
safe – The name of the safe
- Returns:
The group ID
- async members(self, group)
Returns the list of members (PrivilegedAccount) for a given PrivilegedAccountGroup
- Parameters:
group – PrivilegedAccountGroup or group_id
- Returns:
List of members of a group
- async add(self, group_name: str, group_platform: str, safe_name: str)
Add a privileged address group using group name, group platform and safe name
- Parameters:
group_name – group name
group_platform – group platform
safe_name – safe name
- Returns:
group id
- async add_privileged_account_group(self, account_group: PrivilegedAccountGroup)
Add a privileged account group using a Privileged Account Group object
- Parameters:
account_group – a PrivilegedAccountGroup object
- Returns:
group id
- async add_member(self, account: (<class 'aiobastion.accounts.PrivilegedAccount'>, <class 'str'>), group: (<class 'aiobastion.accountgroup.PrivilegedAccountGroup'>, <class 'str'>))
Add accounts to a group (specified by PrivilegedAccountGroup object or group_id)
- Parameters:
account – PrivilegedAccount or account_id
group – PrivilegedAccountGroup or group_id (get it with
- Returns:
dict with {‘AccountID’ : ‘acc_id’}
- Raises:
CyberarkAPIException with err.http_status == 400 if account was already in a group
- async delete_member(self, account: (<class 'aiobastion.accounts.PrivilegedAccount'>, <class 'str'>), group: (<class 'aiobastion.accountgroup.PrivilegedAccountGroup'>, <class 'str'>))
Delete the member of an account group
- Parameters:
account – PrivilegedAccount or account_id
group – PrivilegedAccountGroup or privileged_account_id
- Returns:
Boolean
- async move_account_group(self, account_group_name: str, src_safe: str, dst_safe: str)
Move an account_group and its members from a safe to another safe
- Parameters:
account_group_name –
src_safe –
dst_safe – Where to store the account group
- Returns:
the new account group ID, or False if no group was found
- async move_all_account_groups(self, src_safe, dst_safe, account_filter: dict = None)
Move all accounts groups from a safe to another safe * Members of the account groups are also moved ! *
- Parameters:
src_safe – Source safe
dst_safe – Destination safe
account_filter – filter : filter on accounts base file category, for example : {“platformId”: “Unix-SSH”}