User Management
Users
- async get_logged_on_user_details(self)
Returns information about the logged on user
- Returns:
dict with user information
- async list(self, pattern: str = None, user_type: str = None, details=False, extended_details=False)
Returns a list of users matching criteria
- Parameters:
pattern – free search pattern
user_type – user_type, for example “EPVUser”
details – Instead of returning list of user names, return a list of dict with more infos
extended_details – Adding groupsMembership, enableUser and suspended infos
- Returns:
A list of user, or a list of dict with extended details
- async get_id(self, username: str)
get ID of a user
- Parameters:
username – the username of the user
- Returns:
the ID (int)
- async exists(self, username: str)
Whether a user exists whose username is “username” :param username: username of the user :return: Boolean
- async details(self, username: str = '', user_id=None)
Get user details
- Parameters:
username – the username, if user_id is not provided
user_id – the user_id if the username is not provided
- Returns:
Information about a user in the Vault
- async groups(self, username)
Returns the groups of a specific user
- Parameters:
username – the username
- Returns:
user’s groups list
- async add_ssh_key(self, username: str, key: str)
Add SSH key to user for authenticate with PSMP :param username: user that will use the key :param key: openssh public key (often starts with ssh-rsa and NOT –begin ssh2 etc.. which is putty format) :return: ID of the key and newly inserted key
- async get_ssh_keys(self, username: str)
List all keys of a specific user
- Parameters:
username – username of the user
- Returns:
list of dict with user’s keys (KeyID, PublicSSHKey)
- async del_ssh_key(self, username: str, key_id: str)
Deletes the key identified by key_id of the username :param username: username of the user - Required :param key_id: KeyID of the key to delete - Required :return: Boolean
- async del_all_ssh_keys(self, username: str)
Delete all SSH Keys of a given user :param username: Username of the user - Required :return: A list of booleans
- async add(self, username: str, user_type: str = 'EPVUser', non_authorized_interfaces: List = None, location: str = '\\', expiry_date: int = None, enable_user: bool = True, authentication_method: List = None, password: str = None, change_password_on_the_next_logon: bool = True, password_never_expires: bool = False, distinguished_name: str = None, vault_authorization: List = None, business_address: dict = None, internet: dict = None, phones: dict = None, description: str = None, personal_details: dict = None)
Add a new user :param username: The name of the user - Required :param user_type: The user type that was returned according to the license. - Default: EPVUser :param non_authorized_interfaces: The CyberArk interfaces that this user is not authorized to use. - Default: None :param location: Location of the user - Default: :param expiry_date: The date when the user expires. (Date-type int) - Default: None :param enable_user: Whether the user will be enabled upon creation. - Default: True :param authentication_method: Restrict authentication method that the user will use to log on. - Default: None :param password: The password that the user will use to log on for the first time - Default: None - Not required for PKI or LDAP :param change_password_on_the_next_logon: Whether the user must change their password at first logon. - Default: False :param password_never_expires: Whether the user’s password will not expire unless they decide to change it. - Default: False :param distinguished_name: The user’s distinguished name for PKI auth. - Default: None :param vault_authorization: The list of user permissions (refer to documentation) - Default : None :param business_address: The user’s postal address dict (refer to documentation) - Default: None :param internet: The user’s email dict (refer to documentation) - Default: None :param phones: The user’s phones dict (refer to documentation) - Default: None :param description: Description free text - Default: None :param personal_details: The user’s personal details dict (refer to documentation) - Default: None :return: A dict representation of the newly created user
- async delete(self, username: str)
Groups
- async list(self, pattern: str = None, group_type: str = None, details: bool = False, include_members: bool = False)
- Parameters:
pattern –
group_type –
details –
include_members –
- Returns:
- async get_id(self, group_name: str)
Get Unique ID of a group with his name :param group_name: Name of the group :return: Unique ID of the group :raise: Aiobastion exception if group was not found
- async details(self, group_id, include_members: bool = False)
Get details about a specific group (PVWA v12.2 required) :param group_id: Unique ID of the group - Required :param include_members: Include members of the group - Default: False :return: Dict representation of the group
- async add(self, name: str, description='', location='\\')
Add the group in the Vault
- Parameters:
name – Name of the new group
description – Description of the group
location – Location of the group (defaults to )
- Returns:
Boolean
- async delete(self, group_name: str)
Delete the group identified by group_name
- Parameters:
group_name – Name of the group
- Returns:
Boolean
- async members(self, group_name: str)
List the members of the group identified by group_name
- Parameters:
group_name – Name of the group
- Returns:
List of members
- async add_member(self, groupId: str, username: str, type='Vault', domain=None)
Add the user or group identified by username on the group identified by groupId
- Parameters:
groupId – The unique ID of the group that is retrieved by get_id
username – the user or group name to add on the safe
type – the user type (domain or vault), Vault by default
domain – the DNS address of the domain, mandatory if type is domain
- Returns:
Boolean
- async del_member(self, groupId: str, username: str)
Add the user or group identified by username on the group identified by groupId
- Parameters:
groupId – The unique ID of the group that is retrieved by get_id
username – the user or group name to delete from the safe
- Returns:
Boolean