User Management

Users

async get_logged_on_user_details(self)

Returns information about the logged on user

Returns:

dict with user information

async list(self, pattern: str = None, user_type: str = None, details=False, extended_details=False)

Returns a list of users matching criteria

Parameters:

  • pattern – free search pattern

  • user_type – user_type, for example “EPVUser”

  • details – Instead of returning list of user names, return a list of dict with more infos

  • extended_details – Adding groupsMembership, enableUser and suspended infos

Returns:

A list of user, or a list of dict with extended details

async get_id(self, username: str)

get ID of a user

Parameters:

username – the username of the user

Returns:

the ID (int)

async exists(self, username: str)

Whether a user exists whose username is “username” :param username: username of the user :return: Boolean

async details(self, username: str = '', user_id=None)

Get user details

Parameters:

  • username – the username, if user_id is not provided

  • user_id – the user_id if the username is not provided

Returns:

Information about a user in the Vault

async groups(self, username)

Returns the groups of a specific user

Parameters:

username – the username

Returns:

user’s groups list

async add_ssh_key(self, username: str, key: str)

Add SSH key to user for authenticate with PSMP :param username: user that will use the key :param key: openssh public key (often starts with ssh-rsa and NOT –begin ssh2 etc.. which is putty format) :return: ID of the key and newly inserted key

async get_ssh_keys(self, username: str)

List all keys of a specific user

Parameters:

username – username of the user

Returns:

list of dict with user’s keys (KeyID, PublicSSHKey)

async del_ssh_key(self, username: str, key_id: str)

Deletes the key identified by key_id of the username :param username: username of the user - Required :param key_id: KeyID of the key to delete - Required :return: Boolean

async del_all_ssh_keys(self, username: str)

Delete all SSH Keys of a given user :param username: Username of the user - Required :return: A list of booleans

async add(self, username: str, user_type: str = 'EPVUser', non_authorized_interfaces: List = None, location: str = '\\', expiry_date: int = None, enable_user: bool = True, authentication_method: List = None, password: str = None, change_password_on_the_next_logon: bool = True, password_never_expires: bool = False, distinguished_name: str = None, vault_authorization: List = None, business_address: dict = None, internet: dict = None, phones: dict = None, description: str = None, personal_details: dict = None)

Add a new user :param username: The name of the user - Required :param user_type: The user type that was returned according to the license. - Default: EPVUser :param non_authorized_interfaces: The CyberArk interfaces that this user is not authorized to use. - Default: None :param location: Location of the user - Default: :param expiry_date: The date when the user expires. (Date-type int) - Default: None :param enable_user: Whether the user will be enabled upon creation. - Default: True :param authentication_method: Restrict authentication method that the user will use to log on. - Default: None :param password: The password that the user will use to log on for the first time - Default: None - Not required for PKI or LDAP :param change_password_on_the_next_logon: Whether the user must change their password at first logon. - Default: False :param password_never_expires: Whether the user’s password will not expire unless they decide to change it. - Default: False :param distinguished_name: The user’s distinguished name for PKI auth. - Default: None :param vault_authorization: The list of user permissions (refer to documentation) - Default : None :param business_address: The user’s postal address dict (refer to documentation) - Default: None :param internet: The user’s email dict (refer to documentation) - Default: None :param phones: The user’s phones dict (refer to documentation) - Default: None :param description: Description free text - Default: None :param personal_details: The user’s personal details dict (refer to documentation) - Default: None :return: A dict representation of the newly created user

async delete(self, username: str)

Groups

async list(self, pattern: str = None, group_type: str = None, details: bool = False, include_members: bool = False)
Parameters:

  • pattern

  • group_type

  • details

  • include_members

Returns:

async get_id(self, group_name: str)

Get Unique ID of a group with his name :param group_name: Name of the group :return: Unique ID of the group :raise: Aiobastion exception if group was not found

async details(self, group_id, include_members: bool = False)

Get details about a specific group (PVWA v12.2 required) :param group_id: Unique ID of the group - Required :param include_members: Include members of the group - Default: False :return: Dict representation of the group

async add(self, name: str, description='', location='\\')

Add the group in the Vault

Parameters:

  • name – Name of the new group

  • description – Description of the group

  • location – Location of the group (defaults to )

Returns:

Boolean

async delete(self, group_name: str)

Delete the group identified by group_name

Parameters:

group_name – Name of the group

Returns:

Boolean

async members(self, group_name: str)

List the members of the group identified by group_name

Parameters:

group_name – Name of the group

Returns:

List of members

async add_member(self, groupId: str, username: str, type='Vault', domain=None)

Add the user or group identified by username on the group identified by groupId

Parameters:

  • groupId – The unique ID of the group that is retrieved by get_id

  • username – the user or group name to add on the safe

  • type – the user type (domain or vault), Vault by default

  • domain – the DNS address of the domain, mandatory if type is domain

Returns:

Boolean

async del_member(self, groupId: str, username: str)

Add the user or group identified by username on the group identified by groupId

Parameters:

  • groupId – The unique ID of the group that is retrieved by get_id

  • username – the user or group name to delete from the safe

Returns:

Boolean