diff --git a/CHANGELOG.md b/CHANGELOG.md index b2d12d87..c9a717ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ ## Planned Updates / Unreleased - Continued development to encompass any new documented features of the CyberArk API. -- psPAS v7.0... +- psPAS v8.0... ## [unreleased] @@ -23,6 +23,154 @@ ### Fixed - N/A +## 7.0 + +**Special shout out to [JP-Consulting](https://github.com/johannesconsulting) for the help on this release** + +_Update includes almost all updates for the 14.2, 14.4 & 14.6 CyberArk Self-Hosted Releases_ + +### Added +- `Enable-PASTheme` + - New 14.6 command to activate a custom UI theme + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Remove-PASTheme` + - New 14.6 command to delete a custom UI theme + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Import-PASThemeImage` + - New 14.6 command to import an image to use in a custom UI theme +- `Export-PASThemeImage` + - New 14.6 command to export an image used in a custom UI theme +- `Reset-PASTheme` + - New 14.6 command to reset the UI theme to default +- `Publish-PASTheme` + - New 14.6 command to change the draft status of a custom UI theme +- `Get-PASTheme` + - New 14.6 command to return details of custom UI themes +- `New-PASTheme` + - New 14.6 command to create a new custom UI theme +- `Set-PASTheme` + - New 14.6 command to update a custom UI theme +- `Get-PASStoredPlatform` + - New 14.6 command to get details of platforms stored in memory for import +- `Remove-PASStoredPlatform` + - New 14.6 command to delete a stored platform from memory +- `Get-PASUserLicenseReport` + - Returns information about usage of Privilege Cloud user licenses +- `Get-PASReport` + - New 14.6 command to list reports available to your user +- `Get-PASReportSchedule` + - New 14.6 command to list report schedules +- `New-PASReportSchedule` + - New 14.6 command to create a scheduled report +- `Export-PASReport` + - New 14.6 command to export an available report +- `Remove-PASUserAllowedAuthenticationMethod` + - New 14.4 command to remove allowed authentication methods from multiple users in a single request +- `Add-PASUserAllowedAuthenticationMethod` + - New 14.4 command to add allowed authentication methods to multiple users in a single request +- `Remove-PASFIDO2Device` + - New 14.6 command to remove a configured FIDO2 device from a user + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASMasterPolicy` + - New 14.6 command to list Master Policy settings +- `Set-PASMasterPolicy` + - New 14.6 command to update Master Policy settings +- `Remove-PASDependentAccount` + - New 14.6 command to delete dependent accounts +- `Resume-PASDependentAccount` + - New 14.6 command to resume password management of dependent accounts + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASDependentAccount` + - New 14.6 command to list details of dependent accounts +- `Sync-PASDependentAccount` + - New 14.6 command to synchronise the password of a dependent account with its master account + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Set-PASDependentAccount` + - New 14.6 command to update a dependent account +- `Add-PASDependentAccount` + - New 14.6 command to add a new dependent account +- `Remove-PASPTASecurityConfigurationProperty` + - New 14.6 command to delete PTA security configuration properties + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Reset-PASPTASecurityConfigurationProperty` + - New 14.6 command to reset PTA security configuration properties + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Reset-PASPTASecurityConfigurationCategory` + - New 14.6 command to reset PTA security configuration categories + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASPTASecurityConfigurationCategory` + - New 14.6 command to return PTA security configuration categories + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Add-PASPTASyslog` + - New 14.6 command to add a new syslog configuration to PTA + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Remove-PASPTASyslog` + - New 14.6 command to remove a syslog configuration from PTA + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Set-PASPTASMTP` + - New 14.4 command to add a new SMTP configuration to PTA + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASAccountSearchProperty` + - New 14.6 command to list configured search properties + +### Updated +- `Add-PASSafeMember` + - Updated to include permission pre-sets to match functionality available via PVWA + - Thanks [Slasky86](https://github.com/Slasky86)!! +- `Set-PASSafeMember` + - Updated to include permission pre-sets to match functionality available via PVWA + - Thanks [Slasky86](https://github.com/Slasky86)!! +- `Get-PASAccount` + - Updated to handle new quoting model for filter operations in version 14.6 + - Adds dynamic search properties to the filter parameters list + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Add-PASAccount` + - Added `AllowAccountDuplications` parameter, which works in conjunction with the 14.6 `AccountDuplicationEnforcementLevel` setting +- `Import-PASPlatform` + - New parameter sets added to support updating existing platforms and side-by-side imports +- `New-PASDirectoryMapping`, `Set-PASDirectoryMapping` + - Added the `allowedAuthenticationMethods` parameter + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `New-PASUser`, `Set-PASUser` + - Added the `allowedAuthenticationMethods` parameter + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASComponentSummary` + - Now includes vault replication data in command output + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Approve-PASRequest` + - Adds support for bulk approvals using a single request +- `Deny-PASRequest` + - Adds support for bulk rejections using a single request +- `New-PASAccountPassword` + - Updated to include additional error checking +- `New-PASAccountObject` + - Updated to create formatted objects for Dependent Account operations +- `Get-PASSafe` + - Fixed issue with incorrectly defined `sort` parameter + - Adds sortDirection parameter to enable ascending or descending sort of safes by SafeName or Managing CPM +- Script Methods + - `ToCredential()` + - Available on password objects + - Allows password values returned from the API to be converted to Credential objects + - `GetPermissions()` + - Available on Safe Member objects + - Enables conversion of safe ACL to hashtable which can be used to splat against Add-PASSafeMember & Set-PASSafeMember + - `ToHashtable()` + - Available on Account objects. + - Converts an Account object to a hashtable so that it can be splatted against Add-PASAccount +- Various corrections to help file contents + +### Fixed +- `Get-PASSAMLResponse` + - Fixes a responsibly disclosed security vulnerability where TLS 1.2 was not enforced when a value for the SAMLResponse parameter was not provided to the New-PASSession command when using the Gen2SAML ParameterSet. + - Much Respect to [Cristian Gaber](https://cgaber.com) for highlighting this to us. +- `Get-PASAccountPassword` + - Fixes a parsing issue that could affect password values returned from the command. + - Thanks [ChristopherRanney](https://github.com/ChristopherRanney)!! +- `Add-PASPublicSSHKey`, `Get-PASPublicSSHKey`, `Remove-PASPublicSSHKey` + - Corrects the URLs used by the commands + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! + ## [6.4.85] ### Added diff --git a/README.md b/README.md index c5d67d8b..32072fa9 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,7 @@ # **psPAS: PowerShell Module for the CyberArk API** -Through the PVWA REST API, administer CyberArk PAS with PowerShell. - -Contains all of the documented API capabilities up to CyberArk v14.0. +Administer CyberArk PAS with PowerShell! Docs: [https://pspas.pspete.dev](https://pspas.pspete.dev) @@ -995,7 +993,77 @@ Click the below dropdown to view the current list of psPAS functions and their m [`Get-PASDiscoveredLocalAccount`][Get-PASDiscoveredLocalAccount] |**P Cloud Only** |Get P Cloud Discovered Local Account [`Clear-PASDiscoveredLocalAccount`][Clear-PASDiscoveredLocalAccount] |**P Cloud Only** |Clear all P Cloud Discovered Local Accounts [`Add-PASDiscoveredLocalAccount`][Add-PASDiscoveredLocalAccount] |**P Cloud Only** |Add P Cloud Discovered Local Account - +[`Enable-PASTheme`][Enable-PASTheme] |**14.6** |Activate a custom UI theme +[`Remove-PASTheme`][Remove-PASTheme] |**14.6** |Delete a custom UI theme +[`Import-PASThemeImage`][Import-PASThemeImage] |**14.6** |Import image for use in a custom UI theme +[`Export-PASThemeImage`][Export-PASThemeImage] |**14.6** |Export image used in a custom UI theme +[`Reset-PASTheme`][Reset-PASTheme] |**14.6** |Reset the UI theme to default +[`Publish-PASTheme`][Publish-PASTheme] |**14.6** |Change draft status of a custom UI theme +[`Get-PASTheme`][Get-PASTheme] |**14.6** |Return details of custom UI themes +[`New-PASTheme`][New-PASTheme] |**14.6** |Create a new custom UI theme +[`Set-PASTheme`][Set-PASTheme] |**14.6** |Update a custom UI theme +[`Get-PASStoredPlatform`][Get-PASStoredPlatform] |**14.6** |Get details of platforms stored in memory +[`Remove-PASStoredPlatform`][Remove-PASStoredPlatform] |**14.6** |Delete stored platform from memory +[`Get-PASUserLicenseReport`][Get-PASUserLicenseReport] |**14.6** |Return Privilege Cloud user license usage +[`Get-PASReport`][Get-PASReport] |**14.6** |List reports available to your user +[`Get-PASReportSchedule`][Get-PASReportSchedule] |**14.6** |List report schedules +[`New-PASReportSchedule`][New-PASReportSchedule] |**14.6** |Create a scheduled report +[`Export-PASReport`][Export-PASReport] |**14.6** |Export an available report +[`Add-PASUserAllowedAuthenticationMethod`][Add-PASUserAllowedAuthenticationMethod] |**14.4** |Add allowed authentication methods to users +[`Remove-PASUserAllowedAuthenticationMethod`][Remove-PASUserAllowedAuthenticationMethod] |**14.4** |Remove allowed authentication methods from users +[`Remove-PASFIDO2Device`][Remove-PASFIDO2Device] |**14.6** |Remove configured FIDO2 device from a user +[`Get-PASMasterPolicy`][Get-PASMasterPolicy] |**14.6** |List Master Policy settings +[`Set-PASMasterPolicy`][Set-PASMasterPolicy] |**14.6** |Update Master Policy settings +[`Add-PASDependentAccount`][Add-PASDependentAccount] |**14.6** |Add a new dependent account +[`Remove-PASDependentAccount`][Remove-PASDependentAccount] |**14.6** |Delete dependent account +[`Resume-PASDependentAccount`][Resume-PASDependentAccount] |**14.6** |Resume password management of dependent account +[`Get-PASDependentAccount`][Get-PASDependentAccount] |**14.6** |List details of dependent accounts +[`Sync-PASDependentAccount`][Sync-PASDependentAccount] |**14.6** |Synchronize dependent account password +[`Set-PASDependentAccount`][Set-PASDependentAccount] |**14.6** |Update a dependent account +[`Remove-PASPTASecurityConfigurationProperty`][Remove-PASPTASecurityConfigurationProperty]|**14.6** |Delete PTA security configuration property +[`Reset-PASPTASecurityConfigurationProperty`][Reset-PASPTASecurityConfigurationProperty] |**14.6** |Reset PTA security configuration property +[`Reset-PASPTASecurityConfigurationCategory`][Reset-PASPTASecurityConfigurationCategory] |**14.6** |Reset PTA security configuration category +[`Get-PASPTASecurityConfigurationCategory`][Get-PASPTASecurityConfigurationCategory] |**14.6** |Return PTA security configuration categories +[`Add-PASPTASyslog`][Add-PASPTASyslog] |**14.6** |Add syslog configuration to PTA +[`Remove-PASPTASyslog`][Remove-PASPTASyslog] |**14.6** |Remove syslog configuration from PTA +[`Set-PASPTASMTP`][Set-PASPTASMTP] |**14.4** |Add SMTP configuration to PTA +[`Get-PASAccountSearchProperty`][Get-PASAccountSearchProperty] |**14.6** |List configured account search properties + +[Enable-PASTheme]:/psPAS/Functions/Theme/Enable-PASTheme +[Remove-PASTheme]:/psPAS/Functions/Theme/Remove-PASTheme +[Import-PASThemeImage]:/psPAS/Functions/Theme/Import-PASThemeImage +[Export-PASThemeImage]:/psPAS/Functions/Theme/Export-PASThemeImage +[Reset-PASTheme]:/psPAS/Functions/Theme/Reset-PASTheme +[Publish-PASTheme]:/psPAS/Functions/Theme/Publish-PASTheme +[Get-PASTheme]:/psPAS/Functions/Theme/Get-PASTheme +[New-PASTheme]:/psPAS/Functions/Theme/New-PASTheme +[Set-PASTheme]:/psPAS/Functions/Theme/Set-PASTheme +[Get-PASStoredPlatform]:/psPAS/Functions/Platforms/Get-PASStoredPlatform +[Remove-PASStoredPlatform]:/psPAS/Functions/Platforms/Remove-PASStoredPlatform +[Get-PASUserLicenseReport]:/psPAS/Functions/Reports/Get-PASUserLicenseReport +[Get-PASReport]:/psPAS/Functions/Reports/Get-PASReport +[Get-PASReportSchedule]:/psPAS/Functions/Reports/Get-PASReportSchedule +[New-PASReportSchedule]:/psPAS/Functions/Reports/New-PASReportSchedule +[Export-PASReport]:/psPAS/Functions/Reports/Export-PASReport +[Add-PASUserAllowedAuthenticationMethod]:/psPAS/Functions/Users/Add-PASUserAllowedAuthenticationMethod +[Remove-PASUserAllowedAuthenticationMethod]:/psPAS/Functions/Users/Remove-PASUserAllowedAuthenticationMethod +[Remove-PASFIDO2Device]:/psPAS/Functions/Users/Remove-PASFIDO2Device +[Get-PASMasterPolicy]:/psPAS/Functions/Policy/Get-PASMasterPolicy +[Set-PASMasterPolicy]:/psPAS/Functions/Policy/Set-PASMasterPolicy +[Add-PASDependentAccount]:/psPAS/Functions/Accounts/Add-PASDependentAccount +[Remove-PASDependentAccount]:/psPAS/Functions/Accounts/Remove-PASDependentAccount +[Resume-PASDependentAccount]:/psPAS/Functions/Accounts/Resume-PASDependentAccount +[Get-PASDependentAccount]:/psPAS/Functions/Accounts/Get-PASDependentAccount +[Sync-PASDependentAccount]:/psPAS/Functions/Accounts/Sync-PASDependentAccount +[Set-PASDependentAccount]:/psPAS/Functions/Accounts/Set-PASDependentAccount +[Remove-PASPTASecurityConfigurationProperty]:/psPAS/Functions/PTA/Remove-PASPTASecurityConfigurationProperty +[Reset-PASPTASecurityConfigurationProperty]:/psPAS/Functions/PTA/Reset-PASPTASecurityConfigurationProperty +[Reset-PASPTASecurityConfigurationCategory]:/psPAS/Functions/PTA/Reset-PASPTASecurityConfigurationCategory +[Get-PASPTASecurityConfigurationCategory]:/psPAS/Functions/PTA/Get-PASPTASecurityConfigurationCategory +[Add-PASPTASyslog]:/psPAS/Functions/PTA/Add-PASPTASyslog +[Remove-PASPTASyslog]:/psPAS/Functions/PTA/Remove-PASPTASyslog +[Set-PASPTASMTP]:/psPAS/Functions/PTA/Set-PASPTASMTP +[Get-PASAccountSearchProperty]:/psPAS/Functions/Accounts/Get-PASAccountSearchProperty [Get-PASIPAllowList]:/psPAS/Functions/IPALlowList/Get-PASIPAllowList [Set-PASIPAllowList]:/psPAS/Functions/IPALlowList/Set-PASIPAllowList [Get-PASBYOKConfig]:/psPAS/Functions/BYOK/Get-PASBYOKConfig @@ -1313,6 +1381,9 @@ Priority support could be considered for as mandatory' -TestCases $Parameters { - $InputObj = [pscustomobject]@{ + param($Parameter) - 'RequestID' = '24_68' - 'Reason' = 'Some Reason' + (Get-Command Deny-PASRequest).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true } - $response = $InputObj | Deny-PASRequest - } - Context 'Mandatory Parameters' { - $Parameters = @{Parameter = 'RequestID' } + Context 'Single Request'{ + It 'sends request' { + $InputObj = [pscustomobject]@{ + 'RequestID' = '24_68' + 'Reason' = 'Some Reason' - It 'specifies parameter as mandatory' -TestCases $Parameters { + } - param($Parameter) + Mock Invoke-PASRestMethod -MockWith { - (Get-Command Deny-PASRequest).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + } + $psPASSession.ExternalVersion = '9.10' + Deny-PASRequest -RequestID 24_68 -Reason 'Some Reason' + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It } - } + Context 'Input' { + BeforeAll{ + $InputObj = [pscustomobject]@{ + 'RequestID' = '24_68' + 'Reason' = 'Some Reason' - Context 'Input' { + } - It 'sends request' { + Mock Invoke-PASRestMethod -MockWith { + + } + $psPASSession.ExternalVersion = '9.10' + } + + It 'sends request' { + Deny-PASRequest -RequestID 24_68 -Reason 'Some Reason' Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It } It 'sends request to expected endpoint' { + Deny-PASRequest -RequestID 24_68 -Reason 'Some Reason' + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $URI -eq "$($Script:psPASSession.BaseURI)/API/IncomingRequests/24_68/Reject" @@ -97,12 +113,16 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { It 'uses expected method' { + Deny-PASRequest -RequestID 24_68 -Reason 'Some Reason' + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'POST' } -Times 1 -Exactly -Scope It } It 'sends request with expected body' { + Deny-PASRequest -RequestID 24_68 -Reason 'Some Reason' + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Script:RequestBody = $Body | ConvertFrom-Json @@ -121,17 +141,70 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { It 'throws error if version requirement not met' { $psPASSession.ExternalVersion = '1.0' - { $InputObj | Deny-PASRequest } | Should -Throw + { Deny-PASRequest -RequestID 24_68 -Reason 'Some Reason' } | Should -Throw $psPASSession.ExternalVersion = '0.0' } + It 'throws error if version requirement not met for bulk requests' { + + $psPASSession.ExternalVersion = '14.5' + { Deny-PASRequest -RequestID '24_68', '24_69', '24_70' -Reason 'Some Reason' } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + + It 'sends requests for bulk requests to expected endpoint' { + + $psPASSession.ExternalVersion = '14.6' + Deny-PASRequest -RequestID '24_68', '24_69', '24_70' -Reason 'Some Reason' + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/IncomingRequests/Reject/Bulk" + + } -Times 1 -Exactly -Scope It + } + + It 'sends request with expected body for bulk rejections' { + + Deny-PASRequest -RequestID '24_68', '24_69', '24_70', '22_45' -Reason 'Some Reason' + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $Script:RequestBody = $Body | ConvertFrom-Json + + ($Script:RequestBody.BulkItems) -ne $null + + } -Times 1 -Exactly -Scope It + + } + + It 'has a request body with expected number of confirmations' { + + ($Script:RequestBody.BulkItems).count | Should -Be 4 + + } + } Context 'Output' { - It 'provides no output' { + BeforeAll{ + $InputObj = [pscustomobject]@{ + 'RequestID' = '24_68' + 'Reason' = 'Some Reason' + + } + + Mock Invoke-PASRestMethod -MockWith { + + } + $psPASSession.ExternalVersion = '0.0' + + } + + It 'provides no output' { - $response | Should -BeNullOrEmpty + Deny-PASRequest -RequestID 24_68 -Reason 'Some Reason' | Should -BeNullOrEmpty } diff --git a/Tests/Enable-PASTheme.Tests.ps1 b/Tests/Enable-PASTheme.Tests.ps1 new file mode 100644 index 00000000..56bcb024 --- /dev/null +++ b/Tests/Enable-PASTheme.Tests.ps1 @@ -0,0 +1,158 @@ +Describe $($PSCommandPath -Replace '.Tests.ps1') { + + BeforeAll { + #Get Current Directory + $Here = Split-Path -Parent $PSCommandPath + + #Assume ModuleName from Repository Root folder + $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf + + #Resolve Path to Module Directory + $ModulePath = Resolve-Path "$Here\..\$ModuleName" + + #Define Path to Module Manifest + $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" + + if ( -not (Get-Module -Name $ModuleName -All)) { + + Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop + + } + + $Script:RequestBody = $null + $psPASSession = [ordered]@{ + BaseURI = 'https://SomeURL/SomeApp' + User = $null + ExternalVersion = [System.Version]'0.0' + WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession + StartTime = $null + ElapsedTime = $null + LastCommand = $null + LastCommandTime = $null + LastCommandResults = $null + } + + New-Variable -Name psPASSession -Value $psPASSession -Scope Script -Force + + } + + AfterAll { + + $Script:RequestBody = $null + + } + + InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { + + Context 'Mandatory Parameters' { + + $Parameters = @{Parameter = 'ThemesNames' } + + It 'specifies parameter as mandatory' -TestCases $Parameters { + + param($Parameter) + + (Get-Command Enable-PASTheme).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + + } + + } + + Context 'Input' { + + BeforeEach { + + Mock Invoke-PASRestMethod -MockWith { + } + + $InputObj = [pscustomobject]@{ + 'ThemesNames' = 'SomeTheme' + } + + $psPASSession.ExternalVersion = '0.0' + $response = $InputObj | Enable-PASTheme + + } + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/ActiveThemes/" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'POST' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with expected body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $Script:RequestBody = $Body | ConvertFrom-Json + + ($Script:RequestBody) -ne $null + + } -Times 1 -Exactly -Scope It + + } + + It 'has a request body with expected number of properties' { + + ($Script:RequestBody | Get-Member -MemberType NoteProperty).length | Should -Be 1 + + } + + It 'has a request body with expected ThemesNames property' { + + $Script:RequestBody.ThemesNames | Should -Be 'SomeTheme' + + } + + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '1.0' + { $InputObj | Enable-PASTheme } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + } + + + Context 'Output' { + + BeforeEach { + + Mock Invoke-PASRestMethod -MockWith { + + } + + $InputObj = [pscustomobject]@{ + 'ThemesNames' = 'OutputTestTheme' + } + + $psPASSession.ExternalVersion = '0.0' + $response = $InputObj | Enable-PASTheme + + } + + It 'provides no output' { + + $response | Should -BeNullOrEmpty + + } + + } + + } + +} \ No newline at end of file diff --git a/Tests/Export-PASReport.Tests.ps1 b/Tests/Export-PASReport.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Export-PASReport.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Export-PASThemeImage.Tests.ps1 b/Tests/Export-PASThemeImage.Tests.ps1 new file mode 100644 index 00000000..6a5e2940 --- /dev/null +++ b/Tests/Export-PASThemeImage.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Write tests for Add-PASThemeImage function \ No newline at end of file diff --git a/Tests/Get-PASAccountSearchProperty.Tests.ps1 b/Tests/Get-PASAccountSearchProperty.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASAccountSearchProperty.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Get-PASComponentSummary.Tests.ps1 b/Tests/Get-PASComponentSummary.Tests.ps1 index 06ac9c83..56288b66 100644 --- a/Tests/Get-PASComponentSummary.Tests.ps1 +++ b/Tests/Get-PASComponentSummary.Tests.ps1 @@ -95,7 +95,77 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { Context 'Output' { + It 'outputs components data' { + $response | Where-Object { $_.ComponentID -eq 'SomValue' } | Should -Not -BeNullOrEmpty + + } + + Context 'Vault Output' { + + BeforeEach { + # Set version to 14.6+ to enable replication status fields + $psPASSession.ExternalVersion = [System.Version]'14.6.0' + + Mock Invoke-PASRestMethod -MockWith { + [PSCustomObject]@{ + 'Components' = [PSCustomObject]@{'ComponentID' = 'SomValue'; 'ComponentName' = 'OtherValue'; 'Role' = 'SomValue'; 'IP' = 'OtherValue'; 'IsLoggedOn' = 'OtherValue' } + 'Vaults' = @( + [PSCustomObject]@{ + 'Role' = 'Primary'; + 'IP' = '192.168.1.1'; + 'IsLoggedOn' = $true; + 'ReplicationStatus' = $null + }, + [PSCustomObject]@{ + 'Role' = 'DR'; + 'IP' = '192.168.1.2'; + 'IsLoggedOn' = $true; + 'ReplicationStatus' = [PSCustomObject]@{ + 'DBReplicationDiffSecs' = 30; + 'IsDBReplicationHealthy' = $true; + 'FileReplicationDiffSecs' = 45; + 'IsFileReplicationHealthy' = $true + } + } + ) + } + } + + $response = Get-PASComponentSummary + } + + AfterEach { + # Reset version back to 0.0 + $psPASSession.ExternalVersion = [System.Version]'0.0' + } + + It 'outputs primary vaults without replication fields' { + + $primaryVault = $response | Where-Object { $_.Role -eq 'Primary' } + $primaryVault | Should -Not -BeNullOrEmpty + $primaryVault.ComponentID | Should -Be 'EPV' + $primaryVault.ComponentName | Should -Be 'EPV' + $primaryVault.IP | Should -Be '192.168.1.1' + $primaryVault | Get-Member -Name 'DBReplicationDiffSecs' | Should -BeNullOrEmpty + + } + + It 'outputs DR vaults with replication fields' { + + $drVault = $response | Where-Object { $_.Role -eq 'DR' } + $drVault | Should -Not -BeNullOrEmpty + $drVault.ComponentID | Should -Be 'EPV' + $drVault.ComponentName | Should -Be 'EPV' + $drVault.IP | Should -Be '192.168.1.2' + $drVault.DBReplicationDiffSecs | Should -Be 30 + $drVault.IsDBReplicationHealthy | Should -Be $true + $drVault.FileReplicationDiffSecs | Should -Be 45 + $drVault.IsFileReplicationHealthy | Should -Be $true + + } + + } } diff --git a/Tests/Get-PASDependentAccount.Tests.ps1 b/Tests/Get-PASDependentAccount.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASDependentAccount.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Get-PASMasterPolicy.Tests.ps1 b/Tests/Get-PASMasterPolicy.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASMasterPolicy.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Get-PASPTASecurityConfigurationCategory.Tests.ps1 b/Tests/Get-PASPTASecurityConfigurationCategory.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASPTASecurityConfigurationCategory.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Get-PASPublicSSHKey.Tests.ps1 b/Tests/Get-PASPublicSSHKey.Tests.ps1 index bbf05c23..40a85d50 100644 --- a/Tests/Get-PASPublicSSHKey.Tests.ps1 +++ b/Tests/Get-PASPublicSSHKey.Tests.ps1 @@ -85,7 +85,7 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { - $URI -eq "$($Script:psPASSession.BaseURI)/WebServices/PIMServices.svc/Users/SomeUser%40domain.com/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/" + $URI -eq "$($Script:psPASSession.BaseURI)/WebServices/PIMServices.svc/Users/SomeUser%40domain.com/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys" } -Times 1 -Exactly -Scope It diff --git a/Tests/Get-PASReport.Tests.ps1 b/Tests/Get-PASReport.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASReport.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Get-PASReportSchedule.Tests.ps1 b/Tests/Get-PASReportSchedule.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASReportSchedule.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Get-PASStoredPlatform.Tests.ps1 b/Tests/Get-PASStoredPlatform.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASStoredPlatform.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Get-PASTheme.Tests.ps1 b/Tests/Get-PASTheme.Tests.ps1 new file mode 100644 index 00000000..a7cf789f --- /dev/null +++ b/Tests/Get-PASTheme.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Write tests for Get-PASTheme function \ No newline at end of file diff --git a/Tests/Get-PASUserLicenseReport.Tests.ps1 b/Tests/Get-PASUserLicenseReport.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Get-PASUserLicenseReport.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Import-PASThemeImage.Tests.ps1 b/Tests/Import-PASThemeImage.Tests.ps1 new file mode 100644 index 00000000..6a5e2940 --- /dev/null +++ b/Tests/Import-PASThemeImage.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Write tests for Add-PASThemeImage function \ No newline at end of file diff --git a/Tests/New-PASDirectoryMapping.Tests.ps1 b/Tests/New-PASDirectoryMapping.Tests.ps1 index 1aa191c2..57a17cee 100644 --- a/Tests/New-PASDirectoryMapping.Tests.ps1 +++ b/Tests/New-PASDirectoryMapping.Tests.ps1 @@ -134,6 +134,12 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { $psPASSession.ExternalVersion = '0.0' } + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '14.3' + { $InputObj | New-PASDirectoryMapping -MappingAuthorizations RestoreAllSafes, BackupAllSafes -VaultGroups 'Group1', 'Group2' -UserActivityLogPeriod 10 -UsedQuota 10 -allowedAuthenticationMethods 'FIDO' } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + } } diff --git a/Tests/New-PASReportSchedule.Tests.ps1 b/Tests/New-PASReportSchedule.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/New-PASReportSchedule.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/New-PASTheme.Tests.ps1 b/Tests/New-PASTheme.Tests.ps1 new file mode 100644 index 00000000..50179a29 --- /dev/null +++ b/Tests/New-PASTheme.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Write tests for New-PASTheme function \ No newline at end of file diff --git a/Tests/New-PASUser.Tests.ps1 b/Tests/New-PASUser.Tests.ps1 index 34ce8ec3..8e7b04b9 100644 --- a/Tests/New-PASUser.Tests.ps1 +++ b/Tests/New-PASUser.Tests.ps1 @@ -205,6 +205,14 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { } + It 'throws error if allowedAuthenticationMethods version requirement not met' { + $psPASSession.ExternalVersion = '14.3' + + { New-PASUser -UserName TestUser -allowedAuthenticationMethods SAML,PKI } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + + } + } diff --git a/Tests/Publish-PASTheme.Tests.ps1 b/Tests/Publish-PASTheme.Tests.ps1 new file mode 100644 index 00000000..6a0d9ff8 --- /dev/null +++ b/Tests/Publish-PASTheme.Tests.ps1 @@ -0,0 +1,158 @@ +Describe $($PSCommandPath -Replace '.Tests.ps1') { + + BeforeAll { + #Get Current Directory + $Here = Split-Path -Parent $PSCommandPath + + #Assume ModuleName from Repository Root folder + $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf + + #Resolve Path to Module Directory + $ModulePath = Resolve-Path "$Here\..\$ModuleName" + + #Define Path to Module Manifest + $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" + + if ( -not (Get-Module -Name $ModuleName -All)) { + + Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop + + } + + $Script:RequestBody = $null + $psPASSession = [ordered]@{ + BaseURI = 'https://SomeURL/SomeApp' + User = $null + ExternalVersion = [System.Version]'0.0' + WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession + StartTime = $null + ElapsedTime = $null + LastCommand = $null + LastCommandTime = $null + LastCommandResults = $null + } + + New-Variable -Name psPASSession -Value $psPASSession -Scope Script -Force + + } + + AfterAll { + + $Script:RequestBody = $null + + } + + InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { + + Context 'Mandatory Parameters' { + + $Parameters = @{Parameter = 'ThemeName' } + + It 'specifies parameter as mandatory' -TestCases $Parameters { + + param($Parameter) + + (Get-Command Publish-PASTheme).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + + } + + } + + Context 'Input' { + + BeforeEach { + + Mock Invoke-PASRestMethod -MockWith { + } + + $InputObj = [pscustomobject]@{ + 'ThemeName' = 'SomeTheme' + } + + $psPASSession.ExternalVersion = '0.0' + $response = $InputObj | Publish-PASTheme + + } + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/Themes/SomeTheme/draft/" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'POST' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with expected body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $Script:RequestBody = $Body | ConvertFrom-Json + + ($Script:RequestBody) -ne $null + + } -Times 1 -Exactly -Scope It + + } + + It 'has a request body with expected number of properties' { + + ($Script:RequestBody | Get-Member -MemberType NoteProperty).length | Should -Be 1 + + } + + It 'has a request body with expected ThemeName property' { + + $Script:RequestBody.ThemeName | Should -Be 'SomeTheme' + + } + + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '1.0' + { $InputObj | Publish-PASTheme } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + } + + + Context 'Output' { + + BeforeEach { + + Mock Invoke-PASRestMethod -MockWith { + + } + + $InputObj = [pscustomobject]@{ + 'ThemeName' = 'OutputTestTheme' + } + + $psPASSession.ExternalVersion = '0.0' + $response = $InputObj | Publish-PASTheme + + } + + It 'provides no output' { + + $response | Should -BeNullOrEmpty + + } + + } + + } + +} \ No newline at end of file diff --git a/Tests/Remove-PASDependentAccount.Tests.ps1 b/Tests/Remove-PASDependentAccount.Tests.ps1 new file mode 100644 index 00000000..f6efded7 --- /dev/null +++ b/Tests/Remove-PASDependentAccount.Tests.ps1 @@ -0,0 +1,139 @@ +Describe $($PSCommandPath -Replace '.Tests.ps1') { + + BeforeAll { + #Get Current Directory + $Here = Split-Path -Parent $PSCommandPath + + #Assume ModuleName from Repository Root folder + $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf + + #Resolve Path to Module Directory + $ModulePath = Resolve-Path "$Here\..\$ModuleName" + + #Define Path to Module Manifest + $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" + + if ( -not (Get-Module -Name $ModuleName -All)) { + + Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop + + } + + $Script:RequestBody = $null + $psPASSession = [ordered]@{ + BaseURI = 'https://SomeURL/SomeApp' + User = $null + ExternalVersion = [System.Version]'0.0' + WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession + StartTime = $null + ElapsedTime = $null + LastCommand = $null + LastCommandTime = $null + LastCommandResults = $null + } + + New-Variable -Name psPASSession -Value $psPASSession -Scope Script -Force + + } + + + AfterAll { + + $Script:RequestBody = $null + + } + + InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { + + Context 'Mandatory Parameters' { + + $Parameters = @{Parameter = 'AccountID' }, + @{Parameter = 'dependentAccountId' } + + It 'specifies parameter as mandatory' -TestCases $Parameters { + + param($Parameter) + + (Get-Command Remove-PASDependentAccount).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + + } + + } + + Context 'Input' { + + BeforeEach { + $psPASSession.ExternalVersion = '0.0' + Mock Invoke-PASRestMethod -MockWith { } + + $InputObj = [pscustomobject]@{ + 'AccountID' = '11_1' + 'dependentAccountId' = '22_2' + } + + $response = $InputObj | Remove-PASDependentAccount + + } + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/Accounts/11_1/dependentAccounts/22_2" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'DELETE' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with no body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Body -eq $null } -Times 1 -Exactly -Scope It + + } + + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '14.5' + { $InputObj | Remove-PASDependentAccount } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + + } + + Context 'Output' { + + BeforeEach { + $psPASSession.ExternalVersion = '0.0' + Mock Invoke-PASRestMethod -MockWith { } + + $InputObj = [pscustomobject]@{ + 'AccountID' = '11_1' + 'dependentAccountId' = '22_2' + } + + $response = $InputObj | Remove-PASDependentAccount + + } + + It 'provides no output' { + + $response | Should -BeNullOrEmpty + + } + + } + + } + +} diff --git a/Tests/Remove-PASFIDO2Device.Tests.ps1 b/Tests/Remove-PASFIDO2Device.Tests.ps1 new file mode 100644 index 00000000..4c86beb8 --- /dev/null +++ b/Tests/Remove-PASFIDO2Device.Tests.ps1 @@ -0,0 +1,225 @@ +Describe $($PSCommandPath -Replace '.Tests.ps1') { + + BeforeAll { + #Get Current Directory + $Here = Split-Path -Parent $PSCommandPath + + #Assume ModuleName from Repository Root folder + $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf + + #Resolve Path to Module Directory + $ModulePath = Resolve-Path "$Here\..\$ModuleName" + + #Define Path to Module Manifest + $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" + + if ( -not (Get-Module -Name $ModuleName -All)) { + + Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop + + } + + $Script:RequestBody = $null + $psPASSession = [ordered]@{ + BaseURI = 'https://SomeURL/SomeApp' + User = $null + ExternalVersion = [System.Version]'0.0' + WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession + StartTime = $null + ElapsedTime = $null + LastCommand = $null + LastCommandTime = $null + LastCommandResults = $null + } + + New-Variable -Name psPASSession -Value $psPASSession -Scope Script -Force + + } + + + AfterAll { + + $Script:RequestBody = $null + + } + + InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { + + Context 'Mandatory Parameters' { + + $Parameters = @{Parameter = 'id' } + + It 'specifies parameter as mandatory' -TestCases $Parameters { + + param($Parameter) + + (Get-Command Remove-PASFIDO2Device).Parameters["$Parameter"].Attributes.Mandatory | Select-Object -Unique |Should -Be $true + + } + + } + + Context 'Parameter Sets' { + + It 'has expected parameter sets' { + + $ParameterSets = (Get-Command Remove-PASFIDO2Device).ParameterSets + + $ParameterSets.Name | Should -Contain 'OwnDevice' + + } + + } + + Context 'Input - Remove FIDO2 Device' { + + BeforeEach { + $psPASSession.ExternalVersion = '0.0' + Mock Invoke-PASRestMethod -MockWith { } + Mock Get-EscapedString -MockWith { return 'some-device-id' } + + $InputObj = [pscustomobject]@{ + 'id' = 'some-device-id' + } + + $response = $InputObj | Remove-PASFIDO2Device + + } + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint for user device' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/api/fido2/keys/some-device-id" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'DELETE' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with no body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Body -eq $null } -Times 1 -Exactly -Scope It + + } + + It 'calls Get-EscapedString for id parameter' { + + Assert-MockCalled Get-EscapedString -Times 1 -Exactly -Scope It + + } + + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '14.5' + { $InputObj | Remove-PASFIDO2Device } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + + } + + Context 'Input - Remove Own FIDO2 Device' { + + BeforeEach { + $psPASSession.ExternalVersion = '0.0' + Mock Invoke-PASRestMethod -MockWith { } + Mock Get-EscapedString -MockWith { return 'own-device-id' } + + $InputObj = [pscustomobject]@{ + 'id' = 'own-device-id' + } + + $response = $InputObj | Remove-PASFIDO2Device -OwnDevice + + } + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint for own device' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/api/fido2/selfKeys/own-device-id" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'DELETE' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with no body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Body -eq $null } -Times 1 -Exactly -Scope It + + } + + It 'calls Get-EscapedString for id parameter' { + + Assert-MockCalled Get-EscapedString -Times 1 -Exactly -Scope It + + } + + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '14.5' + { $InputObj | Remove-PASFIDO2Device -OwnDevice } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + + } + + Context 'Output' { + + BeforeEach { + $psPASSession.ExternalVersion = '0.0' + Mock Invoke-PASRestMethod -MockWith { } + Mock Get-EscapedString -MockWith { return 'some-device-id' } + + } + + It 'provides no output for user device removal' { + + $InputObj = [pscustomobject]@{ + 'id' = 'some-device-id' + } + + $response = $InputObj | Remove-PASFIDO2Device + + $response | Should -BeNullOrEmpty + + } + + It 'provides no output for own device removal' { + + $InputObj = [pscustomobject]@{ + 'id' = 'own-device-id' + } + + $response = $InputObj | Remove-PASFIDO2Device -OwnDevice + + $response | Should -BeNullOrEmpty + + } + + } + + } + +} diff --git a/Tests/Remove-PASPTASecurityConfigurationProperty.Tests.ps1 b/Tests/Remove-PASPTASecurityConfigurationProperty.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Remove-PASPTASecurityConfigurationProperty.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Remove-PASPTASyslog.Tests.ps1 b/Tests/Remove-PASPTASyslog.Tests.ps1 new file mode 100644 index 00000000..79c3eb05 --- /dev/null +++ b/Tests/Remove-PASPTASyslog.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Implement tests for Remove-PASPTASyslog \ No newline at end of file diff --git a/Tests/Remove-PASPublicSSHKey.Tests.ps1 b/Tests/Remove-PASPublicSSHKey.Tests.ps1 index 5409e4ec..22b1c20a 100644 --- a/Tests/Remove-PASPublicSSHKey.Tests.ps1 +++ b/Tests/Remove-PASPublicSSHKey.Tests.ps1 @@ -86,7 +86,7 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { - $URI -eq "$($Script:psPASSession.BaseURI)/WebServices/PIMServices.svc/Users/SomeUser%40domain.com/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/SomeKeyID/" + $URI -eq "$($Script:psPASSession.BaseURI)/WebServices/PIMServices.svc/Users/SomeUser%40domain.com/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/SomeKeyID" } -Times 1 -Exactly -Scope It diff --git a/Tests/Remove-PASStoredPlatform.Tests.ps1 b/Tests/Remove-PASStoredPlatform.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Remove-PASStoredPlatform.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Remove-PASTheme.Tests.ps1 b/Tests/Remove-PASTheme.Tests.ps1 new file mode 100644 index 00000000..eaad882e --- /dev/null +++ b/Tests/Remove-PASTheme.Tests.ps1 @@ -0,0 +1,120 @@ +Describe $($PSCommandPath -Replace '.Tests.ps1') { + + BeforeAll { + #Get Current Directory + $Here = Split-Path -Parent $PSCommandPath + + #Assume ModuleName from Repository Root folder + $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf + + #Resolve Path to Module Directory + $ModulePath = Resolve-Path "$Here\..\$ModuleName" + + #Define Path to Module Manifest + $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" + + if ( -not (Get-Module -Name $ModuleName -All)) { + + Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop + + } + + $Script:RequestBody = $null + $psPASSession = [ordered]@{ + BaseURI = 'https://SomeURL/SomeApp' + User = $null + ExternalVersion = [System.Version]'0.0' + WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession + StartTime = $null + ElapsedTime = $null + LastCommand = $null + LastCommandTime = $null + LastCommandResults = $null + } + + New-Variable -Name psPASSession -Value $psPASSession -Scope Script -Force + + } + + AfterAll { + + $Script:RequestBody = $null + + } + InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { + + BeforeEach { + + Mock Invoke-PASRestMethod -MockWith { + } + + $InputObj = [pscustomobject]@{ + 'ThemeName' = 'TestCustomTheme' + } + $response = $InputObj | Remove-PASTheme + } + + Context 'Mandatory Parameters' { + + $Parameters = @{Parameter = 'ThemeName' } + + It 'specifies parameter as mandatory' -TestCases $Parameters { + + param($Parameter) + + (Get-Command Remove-PASTheme).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + + } + + } + + Context 'Input' { + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/Themes/TestCustomTheme" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'DELETE' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with no body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Body -eq $null } -Times 1 -Exactly -Scope It + + } + + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '1.0' + { $InputObj | Remove-PASTheme } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + + } + Context 'Output' { + + It 'provides no output' { + + $response | Should -BeNullOrEmpty + + } + + } + + } + +} diff --git a/Tests/Remove-PASUserAllowedAuthenticationMethod.Tests.ps1 b/Tests/Remove-PASUserAllowedAuthenticationMethod.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Remove-PASUserAllowedAuthenticationMethod.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Reset-PASPTASecurityConfigurationCategory.Tests.ps1 b/Tests/Reset-PASPTASecurityConfigurationCategory.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Reset-PASPTASecurityConfigurationCategory.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Reset-PASPTASecurityConfigurationProperty.Tests.ps1 b/Tests/Reset-PASPTASecurityConfigurationProperty.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Reset-PASPTASecurityConfigurationProperty.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Reset-PASTheme.Tests.ps1 b/Tests/Reset-PASTheme.Tests.ps1 new file mode 100644 index 00000000..b3ac965d --- /dev/null +++ b/Tests/Reset-PASTheme.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Write tests for Reset-PASThemeImage function \ No newline at end of file diff --git a/Tests/Resume-PASDependentAccount.Tests.ps1 b/Tests/Resume-PASDependentAccount.Tests.ps1 new file mode 100644 index 00000000..9f0db3fc --- /dev/null +++ b/Tests/Resume-PASDependentAccount.Tests.ps1 @@ -0,0 +1,139 @@ +Describe $($PSCommandPath -Replace '.Tests.ps1') { + + BeforeAll { + #Get Current Directory + $Here = Split-Path -Parent $PSCommandPath + + #Assume ModuleName from Repository Root folder + $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf + + #Resolve Path to Module Directory + $ModulePath = Resolve-Path "$Here\..\$ModuleName" + + #Define Path to Module Manifest + $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" + + if ( -not (Get-Module -Name $ModuleName -All)) { + + Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop + + } + + $Script:RequestBody = $null + $psPASSession = [ordered]@{ + BaseURI = 'https://SomeURL/SomeApp' + User = $null + ExternalVersion = [System.Version]'0.0' + WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession + StartTime = $null + ElapsedTime = $null + LastCommand = $null + LastCommandTime = $null + LastCommandResults = $null + } + + New-Variable -Name psPASSession -Value $psPASSession -Scope Script -Force + + } + + + AfterAll { + + $Script:RequestBody = $null + + } + + InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { + + Context 'Mandatory Parameters' { + + $Parameters = @{Parameter = 'AccountID' }, + @{Parameter = 'dependentAccountId' } + + It 'specifies parameter as mandatory' -TestCases $Parameters { + + param($Parameter) + + (Get-Command Resume-PASDependentAccount).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + + } + + } + + Context 'Input' { + + BeforeEach { + $psPASSession.ExternalVersion = '0.0' + Mock Invoke-PASRestMethod -MockWith { } + + $InputObj = [pscustomobject]@{ + 'AccountID' = '11_1' + 'dependentAccountId' = '22_2' + } + + $response = $InputObj | Resume-PASDependentAccount + + } + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/Accounts/11_1/dependentAccounts/22_2/Resume" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'POST' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with no body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Body -eq $null } -Times 1 -Exactly -Scope It + + } + + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '14.5' + { $InputObj | Resume-PASDependentAccount } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + + } + + Context 'Output' { + + BeforeEach { + $psPASSession.ExternalVersion = '0.0' + Mock Invoke-PASRestMethod -MockWith { } + + $InputObj = [pscustomobject]@{ + 'AccountID' = '11_1' + 'dependentAccountId' = '22_2' + } + + $response = $InputObj | Resume-PASDependentAccount + + } + + It 'provides no output' { + + $response | Should -BeNullOrEmpty + + } + + } + + } + +} diff --git a/Tests/Set-PASDependentAccount.Tests.ps1 b/Tests/Set-PASDependentAccount.Tests.ps1 new file mode 100644 index 00000000..d914fc71 --- /dev/null +++ b/Tests/Set-PASDependentAccount.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Add Tests for Set-PASDependentAccount \ No newline at end of file diff --git a/Tests/Set-PASDirectoryMapping.Tests.ps1 b/Tests/Set-PASDirectoryMapping.Tests.ps1 index 6972ba9f..6ad459fc 100644 --- a/Tests/Set-PASDirectoryMapping.Tests.ps1 +++ b/Tests/Set-PASDirectoryMapping.Tests.ps1 @@ -103,6 +103,12 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { $psPASSession.ExternalVersion = '0.0' } + It 'throws error if version requirement not met' { + $psPASSession.ExternalVersion = '14.3' + { $InputObj | Set-PASDirectoryMapping -allowedAuthenticationMethods 'FIDO' } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + } + } } diff --git a/Tests/Set-PASMasterPolicy.Tests.ps1 b/Tests/Set-PASMasterPolicy.Tests.ps1 new file mode 100644 index 00000000..87c96844 --- /dev/null +++ b/Tests/Set-PASMasterPolicy.Tests.ps1 @@ -0,0 +1 @@ +#TODO - Define Tests! \ No newline at end of file diff --git a/Tests/Set-PASPTASMTP.Tests.ps1 b/Tests/Set-PASPTASMTP.Tests.ps1 new file mode 100644 index 00000000..b4cef39e --- /dev/null +++ b/Tests/Set-PASPTASMTP.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Implement tests for Set-PASPTASMTP \ No newline at end of file diff --git a/Tests/Set-PASSafeMember.Tests.ps1 b/Tests/Set-PASSafeMember.Tests.ps1 index d461c8cd..d4601609 100644 --- a/Tests/Set-PASSafeMember.Tests.ps1 +++ b/Tests/Set-PASSafeMember.Tests.ps1 @@ -54,7 +54,7 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { param($Parameter) - (Get-Command Set-PASSafeMember).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + (Get-Command Set-PASSafeMember).Parameters["$Parameter"].Attributes.Mandatory | Select-Object -Unique | Should -Be $true } diff --git a/Tests/Set-PASTheme.Tests.ps1 b/Tests/Set-PASTheme.Tests.ps1 new file mode 100644 index 00000000..57a92da1 --- /dev/null +++ b/Tests/Set-PASTheme.Tests.ps1 @@ -0,0 +1 @@ +#TODO: Write tests for Set-PASTheme function \ No newline at end of file diff --git a/Tests/Set-PASUser.Tests.ps1 b/Tests/Set-PASUser.Tests.ps1 index e4d14e88..2d3ba3a5 100644 --- a/Tests/Set-PASUser.Tests.ps1 +++ b/Tests/Set-PASUser.Tests.ps1 @@ -223,6 +223,14 @@ Describe $($PSCommandPath -Replace '.Tests.ps1') { } + It 'throws error if allowedAuthenticationMethods version requirement not met' { + $psPASSession.ExternalVersion = '14.3' + + { Set-PASUser -id 1234 -UserName TestUser -allowedAuthenticationMethods SAML,PKI } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + + } + } diff --git a/Tests/Sync-PASDependentAccount.Tests.ps1 b/Tests/Sync-PASDependentAccount.Tests.ps1 new file mode 100644 index 00000000..066ee5f4 --- /dev/null +++ b/Tests/Sync-PASDependentAccount.Tests.ps1 @@ -0,0 +1,196 @@ +Describe $($PSCommandPath -Replace '.Tests.ps1') { + + BeforeAll { + #Get Current Directory + $Here = Split-Path -Parent $PSCommandPath + + #Assume ModuleName from Repository Root folder + $ModuleName = Split-Path (Split-Path $Here -Parent) -Leaf + + #Resolve Path to Module Directory + $ModulePath = Resolve-Path "$Here\..\$ModuleName" + + #Define Path to Module Manifest + $ManifestPath = Join-Path "$ModulePath" "$ModuleName.psd1" + + if ( -not (Get-Module -Name $ModuleName -All)) { + + Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop + + } + + $Script:RequestBody = $null + $psPASSession = [ordered]@{ + BaseURI = 'https://SomeURL/SomeApp' + User = $null + ExternalVersion = [System.Version]'0.0' + WebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession + StartTime = $null + ElapsedTime = $null + LastCommand = $null + LastCommandTime = $null + LastCommandResults = $null + } + + New-Variable -Name psPASSession -Value $psPASSession -Scope Script -Force + + } + + AfterAll { + + $Script:RequestBody = $null + + } + + InModuleScope $(Split-Path (Split-Path (Split-Path -Parent $PSCommandPath) -Parent) -Leaf ) { + + Context 'Mandatory Parameters' { + + $Parameters = @{Parameter = 'accountId'}, @{Parameter = 'dependentAccountId'} + + It 'specifies parameter as mandatory' -TestCases $Parameters { + + param($Parameter) + + (Get-Command Sync-PASDependentAccount).Parameters["$Parameter"].Attributes.Mandatory | Should -Be $true + + } + + } + + Context 'Input' { + + BeforeEach { + + $psPASSession.ExternalVersion = '0.0' + + Mock Invoke-PASRestMethod -MockWith { + + } + + $InputObj = [pscustomobject]@{ + 'accountId' = '12_34' + 'dependentAccountId' = '56_78' + } + + Sync-PASDependentAccount -accountId $InputObj.accountId -dependentAccountId $InputObj.dependentAccountId + + } + + It 'sends request' { + + Assert-MockCalled Invoke-PASRestMethod -Times 1 -Exactly -Scope It + + } + + It 'sends request to expected endpoint' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/Accounts/12_34/dependentAccounts/56_78/Sync" + + } -Times 1 -Exactly -Scope It + + } + + It 'uses expected method' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { $Method -match 'POST' } -Times 1 -Exactly -Scope It + + } + + It 'sends request with no body' { + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $Body -eq $null + + } -Times 1 -Exactly -Scope It + + } + + It 'throws error if version requirement not met' { + + $psPASSession.ExternalVersion = '1.0' + { Sync-PASDependentAccount -accountId $InputObj.accountId -dependentAccountId $InputObj.dependentAccountId } | Should -Throw + $psPASSession.ExternalVersion = '0.0' + + } + + It 'sends requests for bulk sync to expected endpoint' { + + $psPASSession.ExternalVersion = '14.6' + Sync-PASDependentAccount -accountId $InputObj.accountId -dependentAccountId 1,2,3,4 + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $URI -eq "$($Script:psPASSession.BaseURI)/API/Accounts/$($InputObj.accountId)/dependentAccounts/Sync/Bulk" + + } -Times 1 -Exactly -Scope It + } + + It 'sends request with body for bulk confirmations' { + + Sync-PASDependentAccount -accountId $InputObj.accountId -dependentAccountId 1,2,3,4 + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $Body -ne $null + + } -Times 1 -Exactly -Scope It + + } + + It 'sends request with expected body for bulk confirmations' -Skip { + #TODO: figure out why this errors + Sync-PASDependentAccount -accountId $InputObj.accountId -dependentAccountId 1,2,3,4 + + Assert-MockCalled Invoke-PASRestMethod -ParameterFilter { + + $Script:RequestBody = $Body | ConvertFrom-Json + + ($Script:RequestBody.BulkItems) -ne $null + + } -Times 1 -Exactly -Scope It + + } + + It 'has a request body with expected number of confirmations' -Skip { + #TODO: Fix previous test + ($Script:RequestBody.BulkItems).count | Should -Be 4 + + } + + + } + + Context 'Output' { + + BeforeEach { + + $psPASSession.ExternalVersion = '0.0' + + Mock Invoke-PASRestMethod -MockWith { + + } + + $InputObj = [pscustomobject]@{ + 'accountId' = '12_34' + 'dependentAccountId' = '56_78' + } + + $response = Sync-PASDependentAccount -accountId $InputObj.accountId -dependentAccountId $InputObj.dependentAccountId + + } + + It 'provides no output' { + + $response | Should -BeNullOrEmpty + + } + + } + + } + +} diff --git a/Tests/psPAS.Tests.ps1 b/Tests/psPAS.Tests.ps1 index 57fa889e..af929493 100644 --- a/Tests/psPAS.Tests.ps1 +++ b/Tests/psPAS.Tests.ps1 @@ -24,7 +24,7 @@ Describe 'Module' -Tag 'Consistency' { Get-Module -Name $ModuleName -All | Remove-Module -Force -ErrorAction Ignore - $Module = Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop -PassThru + $Module = Import-Module -Name "$ManifestPath" -ArgumentList $true -Force -ErrorAction Stop -PassThru | Where-Object { $_.Name -eq $ModuleName } #Get Public Function Names $PublicFunctions = Get-ChildItem "$ModulePath\Functions" -Include *.ps1 -Recurse | Select-Object -ExpandProperty BaseName diff --git a/appveyor.yml b/appveyor.yml index 1f6bbc12..04cdd7cf 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,5 +1,5 @@ # version format -version: 6.4.{build} +version: 7.0.{build} environment: #GIT_TRACE: 1 diff --git a/docs/_data/navigation.yml b/docs/_data/navigation.yml index 21deafbc..33f52f32 100644 --- a/docs/_data/navigation.yml +++ b/docs/_data/navigation.yml @@ -50,6 +50,10 @@ commands: url: /commands/Remove-PASPrivateSSHKey - title: "Clear-PASPrivateSSHKey" url: /commands/Clear-PASPrivateSSHKey + - title: "Add-PASUserAllowedAuthenticationMethod" + url: /commands/Add-PASUserAllowedAuthenticationMethod + - title: "Remove-PASUserAllowedAuthenticationMethod" + url: /commands/Remove-PASUserAllowedAuthenticationMethod - title: "Account ACL" children: @@ -143,6 +147,23 @@ commands: url: /commands/Add-PASDiscoveredLocalAccount - title: "Remove-PASDiscoveredLocalAccount" url: /commands/Remove-PASDiscoveredLocalAccount + - title: "Get-PASAccountSearchProperty" + url: /commands/Get-PASAccountSearchProperty + + - title: "Dependent Accounts" + children: + - title: "Add-PASDependentAccount" + url: /commands/Add-PASDependentAccount + - title: "Remove-PASDependentAccount" + url: /commands/Remove-PASDependentAccount + - title: "Resume-PASDependentAccount" + url: /commands/Resume-PASDependentAccount + - title: "Get-PASDependentAccount" + url: /commands/Get-PASDependentAccount + - title: "Sync-PASDependentAccount" + url: /commands/Sync-PASDependentAccount + - title: "Set-PASDependentAccount" + url: /commands/Set-PASDependentAccount - title: "Applications" children: @@ -197,6 +218,23 @@ commands: - title: "Get-PASPTARiskSummary" url: /commands/Get-PASPTARiskSummary + - title: "PTA Configuration" + children: + - title: "Remove-PASPTASecurityConfigurationProperty" + url: /commands/Remove-PASPTASecurityConfigurationProperty + - title: "Reset-PASPTASecurityConfigurationProperty" + url: /commands/Reset-PASPTASecurityConfigurationProperty + - title: "Reset-PASPTASecurityConfigurationCategory" + url: /commands/Reset-PASPTASecurityConfigurationCategory + - title: "Get-PASPTASecurityConfigurationCategory" + url: /commands/Get-PASPTASecurityConfigurationCategory + - title: "Add-PASPTASyslog" + url: /commands/Add-PASPTASyslog + - title: "Remove-PASPTASyslog" + url: /commands/Remove-PASPTASyslog + - title: "Set-PASPTASMTP" + url: /commands/Set-PASPTASMTP + - title: "General" children: - title: "Get-PASAllowedReferrer" @@ -285,6 +323,10 @@ commands: url: /commands/Set-PASPlatformPSMConfig - title: "Get-PASPlatformSummary" url: /commands/Get-PASPlatformSummary + - title: "Get-PASStoredPlatform" + url: /commands/Get-PASStoredPlatform + - title: "Remove-PASStoredPlatform" + url: /commands/Remove-PASStoredPlatform - title: "Policy ACL" children: @@ -388,6 +430,15 @@ commands: url: /commands/Disable-PASUser - title: "Get-PASUserTypeInfo" url: /commands/Get-PASUserTypeInfo + - title: "Remove-PASFIDO2Device" + url: /commands/Remove-PASFIDO2Device + + - title: "Master Policy" + children: + - title: "Get-PASMasterPolicy" + url: /commands/Get-PASMasterPolicy + - title: "Set-PASMasterPolicy" + url: /commands/Set-PASMasterPolicy - title: "BYOK" children: @@ -401,6 +452,40 @@ commands: - title: "Set-PASIPAllowList" url: /commands/Set-PASIPAllowLists + - title: "Reports" + children: + - title: "Get-PASUserLicenseReport" + url: /commands/Get-PASUserLicenseReport + - title: "Get-PASReport" + url: /commands/Get-PASReport + - title: "Get-PASReportSchedule" + url: /commands/Get-PASReportSchedule + - title: "New-PASReportSchedule" + url: /commands/New-PASReportSchedule + - title: "Export-PASReport" + url: /commands/Export-PASReport + + - title: "UI Theme" + children: + - title: "Enable-PASTheme" + url: /commands/Enable-PASTheme + - title: "Remove-PASTheme" + url: /commands/Remove-PASTheme + - title: "Import-PASThemeImage" + url: /commands/Import-PASThemeImage + - title: "Export-PASThemeImage" + url: /commands/Export-PASThemeImage + - title: "Reset-PASTheme" + url: /commands/Reset-PASTheme + - title: "Publish-PASTheme" + url: /commands/Publish-PASTheme + - title: "Get-PASTheme" + url: /commands/Get-PASTheme + - title: "New-PASTheme" + url: /commands/New-PASTheme + - title: "Set-PASTheme" + url: /commands/Set-PASTheme + # documentation links docs: - title: Installation diff --git a/docs/collections/_commands/Add-PASAccount.md b/docs/collections/_commands/Add-PASAccount.md index a5408065..aa65fb4e 100644 --- a/docs/collections/_commands/Add-PASAccount.md +++ b/docs/collections/_commands/Add-PASAccount.md @@ -21,7 +21,7 @@ Can target either the Gen2 API present from 10.4 onwards, or the previous Gen1 A Add-PASAccount [-name ] [-address ] [-userName ] -platformID -SafeName [-secretType ] [-secret ] [-platformAccountProperties ] [-automaticManagementEnabled ] [-manualManagementReason ] [-remoteMachines ] - [-accessRestrictedToRemoteMachines ] [] + [-accessRestrictedToRemoteMachines ] [-AllowAccountDuplications ] [] ``` ### Gen1 @@ -519,6 +519,25 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -AllowAccountDuplications +Whether to allow duplicated accounts to be added to the system. + +This parameter is only enforced only if AccountDuplicationEnforcementLevel in the General Configurations is set to Notify or Prevent. + +Only Applies to Self Hosted, and requires version 14.6 + +```yaml +Type: Boolean +Parameter Sets: Gen2 +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Add-PASDependentAccount.md b/docs/collections/_commands/Add-PASDependentAccount.md new file mode 100644 index 00000000..b7181227 --- /dev/null +++ b/docs/collections/_commands/Add-PASDependentAccount.md @@ -0,0 +1,172 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Add-PASDependentAccount +schema: 2.0.0 +title: Add-PASDependentAccount +--- + +# Add-PASDependentAccount + +## SYNOPSIS +Adds a dependent account to an existing account + +## SYNTAX + +``` +Add-PASDependentAccount [-AccountId] [[-name] ] [-platformId] + [-platformAccountProperties] [[-automaticManagementEnabled] ] + [[-manualManagementReason] ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Adds a dependent account to an existing account. The dependent account is created in the same Safe and folder as the master account. + +The user performing this task must have the "Add Accounts" permissions on the Safe: + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Add-PASDependentAccount -AccountId 12_34 -name "windows-1.2.3.4-service-test" -platformId 10 -platformAccountProperties @{"address"="1.2.3.4";"servicename"="test"} +``` + +Adds a Dependent Account with the specified property values + +## PARAMETERS + +### -AccountId +The account id of the master account + +```yaml +Type: String +Parameter Sets: (All) +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -name +The name of the dependent account + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -platformId +Unique identifier of the dependent platform + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -platformAccountProperties +Hashtable containing key-value pairs to associate with the dependent account, as defined by the dependent account platform. + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: True +Position: 4 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -automaticManagementEnabled +Whether the account secret is automatically managed by the CPM + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 5 +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -manualManagementReason +The reason for disabling automatic secret management + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Add-PASDependentAccount](https://pspas.pspete.dev/commands/Add-PASDependentAccount) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/add-dependent-account.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/add-dependent-account.htm) diff --git a/docs/collections/_commands/Add-PASPTASyslog.md b/docs/collections/_commands/Add-PASPTASyslog.md new file mode 100644 index 00000000..6371a179 --- /dev/null +++ b/docs/collections/_commands/Add-PASPTASyslog.md @@ -0,0 +1,168 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Add-PASPTASyslog +schema: 2.0.0 +title: Add-PASPTASyslog +--- + +# Add-PASPTASyslog + +## SYNOPSIS +Add a SYSLOG configuration to PTA + +## SYNTAX + +``` +Add-PASPTASyslog [-siem] [-format] [-host] [-port] [-protocol] + [[-CertificateFile] ] [-syslogType] [-tcpOctetCounting] [] +``` + +## DESCRIPTION +Add a new SYSLOG configuration to PTA + +This API is not officially documented, so this help file may not help 100% + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Add-PASPTASyslog -siem SomeSIEM -format CEF -host SOMEHOST.domain.com -port 514 -protocol UDP -syslogType SomeType -tcpOctetCounting $false +``` + +Adds the specified SYSLOG configuration to PTA + +## PARAMETERS + +### -siem +A name for the SIEM configuration + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Name + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -format +CEF or LEEF format + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -host +The SYSLOG host + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -port +The SYSLOG port + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: True +Position: 4 +Default value: 0 +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -protocol +The SYSLOG protocol + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 5 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CertificateFile +The certificate file for SYSLOG connectivity + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -syslogType +The SYSLOG type + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 7 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -tcpOctetCounting +Whether to set TCP Octet Counting + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: True +Position: 8 +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Add-PASPTASyslog](https://pspas.pspete.dev/commands/Add-PASPTASyslog) diff --git a/docs/collections/_commands/Add-PASSafeMember.md b/docs/collections/_commands/Add-PASSafeMember.md index 5f885b16..40302852 100644 --- a/docs/collections/_commands/Add-PASSafeMember.md +++ b/docs/collections/_commands/Add-PASSafeMember.md @@ -27,6 +27,36 @@ Add-PASSafeMember -SafeName -MemberName [-SearchIn ] [-DeleteFolders ] [-MoveAccountsAndFolders ] [-memberType ] [] ``` +### Full +``` +Add-PASSafeMember -SafeName -MemberName [-SearchIn ] + [-MembershipExpirationDate ] [-memberType ] [-Full] [] +``` + +### AccountsManager +``` +Add-PASSafeMember -SafeName -MemberName [-SearchIn ] + [-MembershipExpirationDate ] [-memberType ] [-AccountsManager] [] +``` + +### Approver +``` +Add-PASSafeMember -SafeName -MemberName [-SearchIn ] + [-MembershipExpirationDate ] [-memberType ] [-Approver] [] +``` + +### ReadOnly +``` +Add-PASSafeMember -SafeName -MemberName [-SearchIn ] + [-MembershipExpirationDate ] [-memberType ] [-ReadOnly] [] +``` + +### ConnectOnly +``` +Add-PASSafeMember -SafeName -MemberName [-SearchIn ] + [-MembershipExpirationDate ] [-memberType ] [-ConnectOnly] [] +``` + ### Gen1 ``` Add-PASSafeMember -SafeName -MemberName [-SearchIn ] @@ -188,7 +218,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: RestrictedRetri ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: RestrictedRetrieve Required: False @@ -206,7 +236,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: Retrieve ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Retrieve Required: False @@ -224,7 +254,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: ListContent ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: ListContent Required: False @@ -244,7 +274,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: Add ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Add Required: False @@ -262,7 +292,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: Update ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Update Required: False @@ -280,7 +310,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: UpdateMetadata ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: UpdateMetadata Required: False @@ -300,7 +330,7 @@ Get-PASSafeMember (Gen1) may not return details of this permission ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -322,7 +352,7 @@ Get-PASSafeMember (Gen1) may not return details of this permission ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -340,7 +370,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: Rename ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Rename Required: False @@ -358,7 +388,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: Delete ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Delete Required: False @@ -376,7 +406,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: Unlock ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Unlock Required: False @@ -392,7 +422,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -408,7 +438,7 @@ member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -424,7 +454,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -442,7 +472,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: ViewAudit ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: ViewAudit Required: False @@ -460,7 +490,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: ViewMembers ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: ViewMembers Required: False @@ -499,7 +529,7 @@ Get-PASSafeMember (Gen1) may not return details of this permission ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -517,7 +547,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: AddRenameFolder ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: AddRenameFolder Required: False @@ -533,7 +563,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -551,7 +581,7 @@ Get-PASSafeMember (Gen1) returns the name of this permission as: MoveFilesAndFol ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: MoveFilesAndFolders Required: False @@ -623,7 +653,7 @@ Minimum required version 12.6 ```yaml Type: String -Parameter Sets: Gen2 +Parameter Sets: Gen2, Full, AccountsManager, Approver, ReadOnly, ConnectOnly Aliases: Required: False @@ -633,6 +663,81 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -AccountsManager +Adds Account Manager permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: AccountsManager +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Approver +Adds Approver permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: Approver +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ConnectOnly +Adds Connect Only permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: ConnectOnly +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Full +Adds Full permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: Full +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReadOnly +Adds Read Only permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: ReadOnly +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Add-PASUserAllowedAuthenticationMethod.md b/docs/collections/_commands/Add-PASUserAllowedAuthenticationMethod.md new file mode 100644 index 00000000..fec43049 --- /dev/null +++ b/docs/collections/_commands/Add-PASUserAllowedAuthenticationMethod.md @@ -0,0 +1,109 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Add-PASUserAllowedAuthenticationMethod +schema: 2.0.0 +title: Add-PASUserAllowedAuthenticationMethod +--- + +# Add-PASUserAllowedAuthenticationMethod + +## SYNOPSIS +Adds allowed authentication methods to multiple Vault users. + +## SYNTAX + +``` +Add-PASUserAllowedAuthenticationMethod [-userIds] [-allowedAuthenticationMethods] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Adds new authentication methods to a list of accounts in a single request. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Add-PASUserAllowedAuthenticationMethod -userIds 36,37 -allowedAuthenticationMethods SAML, RADIUS +``` + +Adds specified authentication methods to specified users + +## PARAMETERS + +### -userIds +A list of user IDs to add the allowed authentication methods to + +```yaml +Type: Int32[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -allowedAuthenticationMethods +A list of the non-Vault authentication methods (specified by ID) that the users can use to log on. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Add-PASUserAllowedAuthenticationMethod](https://pspas.pspete.dev/commands/Add-PASUserAllowedAuthenticationMethod) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-add-allowed-auth.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-add-allowed-auth.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Approve-PASRequest.md b/docs/collections/_commands/Approve-PASRequest.md index 9a9c4317..85f07bfa 100644 --- a/docs/collections/_commands/Approve-PASRequest.md +++ b/docs/collections/_commands/Approve-PASRequest.md @@ -15,15 +15,13 @@ Confirm a single request ## SYNTAX ``` -Approve-PASRequest [-RequestId] [[-Reason] ] [-WhatIf] [-Confirm] [] +Approve-PASRequest [-RequestId] [[-Reason] ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION Enables a request confirmer to confirm a single request, identified by its requestID. -Officially supported from version 9.10. - -Reports received that function works in 9.9 also. +Bulk Confirmation of requests is supported from Version 14.6 ## EXAMPLES @@ -37,17 +35,18 @@ Confirms request \ ## PARAMETERS ### -RequestId -The ID of the request to confirm +The ID(s) of the request(s) to confirm +Specify multiple requestIDs to confirm in bulk using a single request (Requires version 14.6) ```yaml -Type: String +Type: String[] Parameter Sets: (All) Aliases: Required: True Position: 1 Default value: None -Accept pipeline input: True (ByPropertyName) +Accept pipeline input: False Accept wildcard characters: False ``` @@ -62,7 +61,7 @@ Aliases: Required: False Position: 2 Default value: None -Accept pipeline input: True (ByPropertyName) +Accept pipeline input: False Accept wildcard characters: False ``` @@ -107,8 +106,12 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES Minimum CyberArk Version 9.10 +Bulk Confirmation requires version 14.6 + ## RELATED LINKS [https://pspas.pspete.dev/commands/Approve-PASRequest](https://pspas.pspete.dev/commands/Approve-PASRequest) [https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ConfirmRequest.htm](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ConfirmRequest.htm) + +[https://docs.cyberark.com/pam-self-hosted/14.6/en/content/webservices/bulkconfirmrequest.htm](https://docs.cyberark.com/pam-self-hosted/14.6/en/content/webservices/bulkconfirmrequest.htm) diff --git a/docs/collections/_commands/Clear-PASDiscoveredLocalAccount.md b/docs/collections/_commands/Clear-PASDiscoveredLocalAccount.md index 73cc7b07..2c5681fd 100644 --- a/docs/collections/_commands/Clear-PASDiscoveredLocalAccount.md +++ b/docs/collections/_commands/Clear-PASDiscoveredLocalAccount.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Clear-PASDiscoveredLocalAccount schema: 2.0.0 +title: Clear-PASDiscoveredLocalAccount --- # Clear-PASDiscoveredLocalAccount diff --git a/docs/collections/_commands/Deny-PASRequest.md b/docs/collections/_commands/Deny-PASRequest.md index d9e82258..4b29ccff 100644 --- a/docs/collections/_commands/Deny-PASRequest.md +++ b/docs/collections/_commands/Deny-PASRequest.md @@ -15,15 +15,15 @@ Reject a single request ## SYNTAX ``` -Deny-PASRequest [-RequestId] [[-Reason] ] [-WhatIf] [-Confirm] [] +Deny-PASRequest [-RequestId] [[-Reason] ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Enables a request confirmer to reject a single request, identified by its requestID. +Enables a request confirmer to reject requests identified by their requestID. Officially supported from version 9.10. -Reports received that function works in 9.9 also. +Bulk rejection of requests using a single command invocation is supported from version 14.6 ## EXAMPLES @@ -34,13 +34,20 @@ Deny-PASRequest -RequestID -Reason "" Denies request \ +### EXAMPLE 2 +``` +Deny-PASRequest -RequestID SomeSafe1_1, SomeSafe1_2, SomeSafe1_3 -Reason " Some Reason" +``` + +Denies requests SomeSafe1_1, SomeSafe1_2 & SomeSafe1_3 + ## PARAMETERS ### -RequestId -The ID of the request to confirm +The ID of the request(s) to reject ```yaml -Type: String +Type: String[] Parameter Sets: (All) Aliases: @@ -52,7 +59,7 @@ Accept wildcard characters: False ``` ### -Reason -The reason why the request is approved +The reason why the request is rejected ```yaml Type: String @@ -112,3 +119,5 @@ Minimum CyberArk Version 9.10 [https://pspas.pspete.dev/commands/Deny-PASRequest](https://pspas.pspete.dev/commands/Deny-PASRequest) [https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RejectRequest.htm](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RejectRequest.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulkrejectrequest.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulkrejectrequest.htm) diff --git a/docs/collections/_commands/Disable-PASUser.md b/docs/collections/_commands/Disable-PASUser.md index 6f9b0259..b001b833 100644 --- a/docs/collections/_commands/Disable-PASUser.md +++ b/docs/collections/_commands/Disable-PASUser.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Disable-PASPlatform schema: 2.0.0 +title: Disable-PASPlatform --- # Disable-PASUser diff --git a/docs/collections/_commands/Enable-PASTheme.md b/docs/collections/_commands/Enable-PASTheme.md new file mode 100644 index 00000000..b1189f09 --- /dev/null +++ b/docs/collections/_commands/Enable-PASTheme.md @@ -0,0 +1,94 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Enable-PASTheme +schema: 2.0.0 +title: Enable-PASTheme +--- + +# Enable-PASTheme + +## SYNOPSIS +Activate Theme + +## SYNTAX + +``` +Enable-PASTheme -ThemesNames [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Sets a specific theme. It can be the default one or custom themes + +## EXAMPLES + +### EXAMPLE 1 +``` +Enable-PASTheme -ThemesNames "Default Dark" +``` + +Sets the theme to the default dark theme + +## PARAMETERS + +### -ThemesNames +The Name of the theme to activate + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Enable-PASTheme](https://pspas.pspete.dev/commands/Enable-PASTheme) + +[https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-activate.htm](https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-activate.htm) diff --git a/docs/collections/_commands/Enable-PASUser.md b/docs/collections/_commands/Enable-PASUser.md index 2f1b676a..1c021a2a 100644 --- a/docs/collections/_commands/Enable-PASUser.md +++ b/docs/collections/_commands/Enable-PASUser.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Enable-PASPlatform schema: 2.0.0 +title: Enable-PASPlatform --- # Enable-PASUser diff --git a/docs/collections/_commands/Export-PASReport.md b/docs/collections/_commands/Export-PASReport.md new file mode 100644 index 00000000..bfbb59a0 --- /dev/null +++ b/docs/collections/_commands/Export-PASReport.md @@ -0,0 +1,163 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Export-PASReport +schema: 2.0.0 +title: Export-PASReport +--- + +# Export-PASReport + +## SYNOPSIS +Exports a report to an Excel or CSV + +## SYNTAX + +``` +Export-PASReport -Safe -Folder -FileName -Type [-ReportFormat] + [-path] [] +``` + +## DESCRIPTION +Exports a report to an Excel or CSV + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Export-PASReport -Safe 'PVWAReports' -Folder 'Root\33' ` + -FileName 'InventoryReports.InventoryReportUI_2025-09-07_180314.094.xml' ` + -Type 'InventoryReports.InventoryReportUI' -ReportFormat XLSX -path C:\Temp\ +``` + +Exports a report in XLSX format + +### Example 2 +```powershell +PS C:\> Export-PASReport -Safe 'PVWAReports' -Folder 'Root\33' ` + -FileName 'InventoryReports.InventoryReportUI_2025-09-07_180314.094.xml' ` + -Type 'InventoryReports.InventoryReportUI' -ReportFormat XLS -path C:\Temp\ +``` + +Exports a report in XLS format + +### Example 3 +```powershell +PS C:\> Export-PASReport -Safe 'PVWAReports' -Folder 'Root\33' ` + -FileName 'InventoryReports.InventoryReportUI_2025-09-07_180314.094.xml' ` + -Type 'InventoryReports.InventoryReportUI' -ReportFormat CSV -path C:\Temp\Report.csv +``` + +Exports a report in CSV format + +## PARAMETERS + +### -ReportFormat +The format to export the report in +- XLSX +- XLS +- CSV + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -path +The path to save the report to + +For CSV reports, the path must include the required filename. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FileName +The name of the report file to export from the Report Safe + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Folder +The folder in the Report Safe the report is stored in + +```yaml +Type: String +Parameter Sets: (All) +Aliases: location + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Safe +The Safe the report is stored in + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Type +The Type name of the report to be exported + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Add-PASUserAllowedAuthenticationMethod](https://pspas.pspete.dev/commands/Export-PASReport) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/download-report.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/download-report.htm) diff --git a/docs/collections/_commands/Export-PASThemeImage.md b/docs/collections/_commands/Export-PASThemeImage.md new file mode 100644 index 00000000..a2f83ff7 --- /dev/null +++ b/docs/collections/_commands/Export-PASThemeImage.md @@ -0,0 +1,79 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Export-PASThemeImage +schema: 2.0.0 +title: Export-PASThemeImage +--- + +# Export-PASThemeImage + +## SYNOPSIS +Retrieves a specific image. + +## SYNTAX + +``` +Export-PASThemeImage [-imageName] [-Path] [] +``` + +## DESCRIPTION +Retrieves a specific image. + +Requires Vault Admin Privileges + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Export-PASThemeImage -imageName SomeImage -Path C:\SomeFolder +``` + +Retrieves the theme image to the specified location + +## PARAMETERS + +### -imageName +The name of the image to retrieve + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Path +The folder to export the image to. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Export-PASThemeImage](https://pspas.pspete.dev/commands/Export-PASThemeImage) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-ret-image.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-ret-image.htm) diff --git a/docs/collections/_commands/Get-PASAccount.md b/docs/collections/_commands/Get-PASAccount.md index 5390137e..8910d5ab 100644 --- a/docs/collections/_commands/Get-PASAccount.md +++ b/docs/collections/_commands/Get-PASAccount.md @@ -18,7 +18,8 @@ Returns information about a single account. (Version 9.3 - 10.3) ### Gen2Query (Default) ``` Get-PASAccount [-search ] [-searchType ] [-safeName ] [-savedFilter ] - [-modificationTime ] [-sort ] [-limit ] [-TimeoutSec ] [] + [-modificationTime ] [-sort ] [-limit ] [-TimeoutSec ] + [-LogicalOperator ] [] ``` ### Gen2ID @@ -330,6 +331,23 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -LogicalOperator +Specify either the 'OR' or 'AND' logical operator to apply against provided search parameters. + +Default mode of operation is 'AND' + +```yaml +Type: String +Parameter Sets: Gen2Query +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Get-PASAccountSearchProperty.md b/docs/collections/_commands/Get-PASAccountSearchProperty.md new file mode 100644 index 00000000..5152e700 --- /dev/null +++ b/docs/collections/_commands/Get-PASAccountSearchProperty.md @@ -0,0 +1,49 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASAccountSearchProperty +schema: 2.0.0 +title: Get-PASAccountSearchProperty +--- + +# Get-PASAccountSearchProperty + +## SYNOPSIS +Return a list of available search properties + +## SYNTAX + +``` +Get-PASAccountSearchProperty [] +``` + +## DESCRIPTION +Returns a list of all the properties that are included in the search filter when searching for an account. + +The list is created from the list of parameters in Options > Search Properties + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASAccountSearchProperty +``` + +Returns valid search properties and any valid operators which can be used + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASAccountSearchProperty](https://pspas.pspete.dev/commands/Get-PASAccountSearchProperty) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/get-advanced-search-properties.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/get-advanced-search-properties.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Get-PASBYOKConfig.md b/docs/collections/_commands/Get-PASBYOKConfig.md index 4fdc460c..ce532b54 100644 --- a/docs/collections/_commands/Get-PASBYOKConfig.md +++ b/docs/collections/_commands/Get-PASBYOKConfig.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Get-PASBYOKConfig schema: 2.0.0 +title: Get-PASBYOKConfig --- # Get-PASBYOKConfig diff --git a/docs/collections/_commands/Get-PASDependentAccount.md b/docs/collections/_commands/Get-PASDependentAccount.md new file mode 100644 index 00000000..d64deaae --- /dev/null +++ b/docs/collections/_commands/Get-PASDependentAccount.md @@ -0,0 +1,262 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASDependentAccount +schema: 2.0.0 +title: Get-PASDependentAccount +--- + +# Get-PASDependentAccount + +## SYNOPSIS +Returns details of dependent accounts. + +## SYNTAX + +### AllDependentAccounts (Default) +``` +Get-PASDependentAccount [-search ] [-MasterAccountId ] [-modificationTime ] + [-platformId ] [-SafeName ] [-includeDeleted ] [-limit ] [-TimeoutSec ] + [] +``` + +### SpecificDependentAccount +``` +Get-PASDependentAccount -id -dependentAccountId [-extendedDetails ] + [-TimeoutSec ] [] +``` + +### SpecificAccount +``` +Get-PASDependentAccount -id [-search ] [-modificationTime ] [-platformId ] + [-failed ] [-TimeoutSec ] [] +``` + +## DESCRIPTION +Returns details of dependent accounts. + +Can return all dependent accounts, specific dependent accounts, or details fo dependent accounts associated with a specific master account + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASDependentAccount +``` + +Returns all Dependent Accounts + +### Example 2 +```powershell +PS C:\> Get-PASDependentAccount -id 12_34 +``` + +Returns all Dependent Accounts of Account with id 12_34 + +### Example 3 +```powershell +PS C:\> Get-PASDependentAccount -id 12_34 -dependentAccountId 12_78 +``` + +Returns Dependent Account with id of 12_78 of Account with id 12_34 + +## PARAMETERS + +### -id +The account ID of the master account + +```yaml +Type: String +Parameter Sets: SpecificDependentAccount, SpecificAccount +Aliases: AccountID + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -dependentAccountId +The unique ID of the dependent account + +```yaml +Type: String +Parameter Sets: SpecificDependentAccount +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -search +A list of keywords to search for in accounts, separated by a space. + +```yaml +Type: String +Parameter Sets: AllDependentAccounts, SpecificAccount +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -MasterAccountId +The parent account ID of the dependent accounts to return. + +```yaml +Type: String +Parameter Sets: AllDependentAccounts +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -modificationTime +Date after which the dependent account was modified. + +```yaml +Type: DateTime +Parameter Sets: AllDependentAccounts, SpecificAccount +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -platformId +Unique identifier of the dependent platform. + +```yaml +Type: String +Parameter Sets: AllDependentAccounts, SpecificAccount +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -SafeName +The Safe name of the dependent account. + +```yaml +Type: String +Parameter Sets: AllDependentAccounts +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -includeDeleted +Whether to include deleted accounts in the results or not. + +```yaml +Type: Boolean +Parameter Sets: AllDependentAccounts +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -failed +Get only failed dependent accounts. + +```yaml +Type: Boolean +Parameter Sets: SpecificAccount +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -extendedDetails +Whether to retrieve Linked Accounts data or not + +```yaml +Type: Boolean +Parameter Sets: SpecificDependentAccount +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -limit +The maximum number of dependent accounts to return in each page of results + +```yaml +Type: Int32 +Parameter Sets: AllDependentAccounts +Aliases: + +Required: False +Position: Named +Default value: 0 +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TimeoutSec +Timeout in seconds for the request + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: 0 +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASDependentAccount](https://pspas.pspete.dev/commands/Get-PASDependentAccount) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts-specific.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts-specific.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-dependent-account-details.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-dependent-account-details.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Get-PASDiscoveredLocalAccount.md b/docs/collections/_commands/Get-PASDiscoveredLocalAccount.md index e4f9fe40..e43451eb 100644 --- a/docs/collections/_commands/Get-PASDiscoveredLocalAccount.md +++ b/docs/collections/_commands/Get-PASDiscoveredLocalAccount.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Get-PASDiscoveredLocalAccount schema: 2.0.0 +title: Get-PASDiscoveredLocalAccount --- # Get-PASDiscoveredLocalAccount diff --git a/docs/collections/_commands/Get-PASDiscoveredLocalAccountActivity.md b/docs/collections/_commands/Get-PASDiscoveredLocalAccountActivity.md index b1618bc1..27eead0b 100644 --- a/docs/collections/_commands/Get-PASDiscoveredLocalAccountActivity.md +++ b/docs/collections/_commands/Get-PASDiscoveredLocalAccountActivity.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Get-PASDiscoveredLocalAccountActivity schema: 2.0.0 +title: Get-PASDiscoveredLocalAccountActivity --- # Get-PASDiscoveredLocalAccountActivity diff --git a/docs/collections/_commands/Get-PASIPAllowList.md b/docs/collections/_commands/Get-PASIPAllowList.md index 47663836..54153cce 100644 --- a/docs/collections/_commands/Get-PASIPAllowList.md +++ b/docs/collections/_commands/Get-PASIPAllowList.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Get-PASIPAllowList schema: 2.0.0 +title: Get-PASIPAllowList --- # Get-PASIPAllowList diff --git a/docs/collections/_commands/Get-PASMasterPolicy.md b/docs/collections/_commands/Get-PASMasterPolicy.md new file mode 100644 index 00000000..2baef29a --- /dev/null +++ b/docs/collections/_commands/Get-PASMasterPolicy.md @@ -0,0 +1,50 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASMasterPolicy +schema: 2.0.0 +title: Get-PASMasterPolicy +--- + +# Get-PASMasterPolicy + +## SYNOPSIS +Retrieves Master Policy details + +## SYNTAX + +``` +Get-PASMasterPolicy [] +``` + +## DESCRIPTION +Retrieves Master Policy details + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASMasterPolicy +``` + +Outputs all Master Policy details + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASMasterPolicy](https://pspas.pspete.dev/commands/Get-PASMasterPolicy) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-policy-by-id.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-policy-by-id.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Get-PASPTARiskSummary.md b/docs/collections/_commands/Get-PASPTARiskSummary.md index 29138f1d..48a4caa5 100644 --- a/docs/collections/_commands/Get-PASPTARiskSummary.md +++ b/docs/collections/_commands/Get-PASPTARiskSummary.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Get-PASPTARiskEventSummary schema: 2.0.0 +title: Get-PASPTARiskEventSummary --- # Get-PASPTARiskSummary diff --git a/docs/collections/_commands/Get-PASPTASecurityConfigurationCategory.md b/docs/collections/_commands/Get-PASPTASecurityConfigurationCategory.md new file mode 100644 index 00000000..dbf96716 --- /dev/null +++ b/docs/collections/_commands/Get-PASPTASecurityConfigurationCategory.md @@ -0,0 +1,64 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASPTASecurityConfigurationCategory +schema: 2.0.0 +title: Get-PASPTASecurityConfigurationCategory +--- + +# Get-PASPTASecurityConfigurationCategory + +## SYNOPSIS +Returns PTA security configuration categories + +## SYNTAX + +``` +Get-PASPTASecurityConfigurationCategory [-categoryKey ] [] +``` + +## DESCRIPTION +Returns PTA security configuration categories + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-PASPTASecurityConfigurationCategory +``` + +Returns all PTA security configuration categories + +## PARAMETERS + +### -categoryKey +The PTA category to return information on + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Category + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES +Minimum Version CyberArk 14.2 + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASPTASecurityConfigurationCategory](https://pspas.pspete.dev/commands/Get-PASPTASecurityConfigurationCategory) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getsecuritycategories.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getsecuritycategories.htm) diff --git a/docs/collections/_commands/Get-PASReport.md b/docs/collections/_commands/Get-PASReport.md new file mode 100644 index 00000000..f51b9769 --- /dev/null +++ b/docs/collections/_commands/Get-PASReport.md @@ -0,0 +1,47 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASReport +schema: 2.0.0 +title: Get-PASReport +--- + +# Get-PASReport + +## SYNOPSIS +Returns a list of available reports + +## SYNTAX + +``` +Get-PASReport [] +``` + +## DESCRIPTION +Returns a list of reports available to the authenticated user + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASReport +``` + +Returns a list of all available reports + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASReport](https://pspas.pspete.dev/commands/Get-PASReport) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-reports.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-reports.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Get-PASReportSchedule.md b/docs/collections/_commands/Get-PASReportSchedule.md new file mode 100644 index 00000000..98d9edf3 --- /dev/null +++ b/docs/collections/_commands/Get-PASReportSchedule.md @@ -0,0 +1,47 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASReportSchedule +schema: 2.0.0 +title: Get-PASReportSchedule +--- + +# Get-PASReportSchedule + +## SYNOPSIS +Returns details of available report schedules + +## SYNTAX + +``` +Get-PASReportSchedule [] +``` + +## DESCRIPTION +Returns all available report schedules for the user + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASReportSchedule +``` + +Returns all report schedules for the user + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASReportSchedule](https://pspas.pspete.dev/commands/Get-PASReportSchedule) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-tasks.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-tasks.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Get-PASSafe.md b/docs/collections/_commands/Get-PASSafe.md index 205e1a9b..ed671dd2 100644 --- a/docs/collections/_commands/Get-PASSafe.md +++ b/docs/collections/_commands/Get-PASSafe.md @@ -16,8 +16,8 @@ Returns safe details from the vault. ### Gen2 (Default) ``` -Get-PASSafe [-search ] [-sort ] [-includeAccounts ] [-extendedDetails ] - [-TimeoutSec ] [] +Get-PASSafe [-search ] [-sort ] [-sortDirection ] [-includeAccounts ] + [-extendedDetails ] [-TimeoutSec ] [] ``` ### Gen2-byName @@ -143,7 +143,7 @@ Accept wildcard characters: False ``` ### -sort -Sorts according to the safeName property in ascending order (default) or descending order. +Sorts output according to the safeName or ManagingCPM properties. Minimum required version 12.0 @@ -294,6 +294,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -sortDirection +Sort according to the property specified for the sort parameter in ascending order (default) or descending order. + +```yaml +Type: String +Parameter Sets: Gen2 +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Get-PASStoredPlatform.md b/docs/collections/_commands/Get-PASStoredPlatform.md new file mode 100644 index 00000000..43d8f79b --- /dev/null +++ b/docs/collections/_commands/Get-PASStoredPlatform.md @@ -0,0 +1,47 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASStoredPlatform +schema: 2.0.0 +title: Get-PASStoredPlatform +--- + +# Get-PASStoredPlatform + +## SYNOPSIS +Returns the details of the platform imported and stored in memory + +## SYNTAX + +``` +Get-PASStoredPlatform [] +``` + +## DESCRIPTION +Returns the details of the platform stored in memory, and a list of the existing conflicted platforms that can be updated using these platform details. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASStoredPlatform +``` + +Output the detail of the platform stored in memory + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASStoredPlatform](https://pspas.pspete.dev/commands/Get-PASStoredPlatform) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getstoredplatformdetails.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getstoredplatformdetails.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Get-PASTheme.md b/docs/collections/_commands/Get-PASTheme.md new file mode 100644 index 00000000..53762368 --- /dev/null +++ b/docs/collections/_commands/Get-PASTheme.md @@ -0,0 +1,123 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASTheme +schema: 2.0.0 +title: Get-PASTheme +--- + +# Get-PASTheme + +## SYNOPSIS +Return Custom Theme Details + +## SYNTAX + +### byAll (Default) +``` +Get-PASTheme [-FindAll] [] +``` + +### ByName +``` +Get-PASTheme -ThemeName [] +``` + +### ByActive +``` +Get-PASTheme [-Active] [] +``` + +## DESCRIPTION +Returns a list of all available custom themes, a specific theme, or the current active theme. + +Requires Membership of the Vault Admin group. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASTheme +``` + +Return all available custom themes + +### Example 2 +```powershell +PS C:\> Get-PASTheme -ThemeName SomeTheme +``` + +Return details of the specified theme + +### Example 3 +```powershell +PS C:\> Get-PASTheme -Active +``` + +Return details fo the active theme + +## PARAMETERS + +### -ThemeName +The name of the theme to return details of + +```yaml +Type: String +Parameter Sets: ByName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Active +Specify to return the details of the currently active theme + +```yaml +Type: SwitchParameter +Parameter Sets: ByActive +Aliases: + +Required: True +Position: Named +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -FindAll +Specify to return the details of all available themes + +```yaml +Type: SwitchParameter +Parameter Sets: byAll +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASTheme](https://pspas.pspete.dev/commands/Get-PASTheme) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-list.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-list.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-theme.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-theme.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-current.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-current.htm) diff --git a/docs/collections/_commands/Get-PASUserLicenseReport.md b/docs/collections/_commands/Get-PASUserLicenseReport.md new file mode 100644 index 00000000..c7c244ab --- /dev/null +++ b/docs/collections/_commands/Get-PASUserLicenseReport.md @@ -0,0 +1,59 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Get-PASUserLicenseReport +schema: 2.0.0 +title: Get-PASUserLicenseReport +--- + +# Get-PASUserLicenseReport + +## SYNOPSIS +Returns information about usage of the Privilege Cloud user licenses defined in your system + +## SYNTAX + +``` +Get-PASUserLicenseReport [] +``` + +## DESCRIPTION +Returns information about usage of the Privilege Cloud user licenses + +A license is in use in one of the following scenarios: +- A user is connected using a license +- A user is added to a Safe using a license + +User license types +- Privileged Basic User +- Privileged Standard Lite User +- Privileged Standard User +- Privileged External User +- Credential Providers (CPs/CCPs) +- Total Applications + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-PASUserLicenseReport +``` + +Returns information about usage of the Privilege Cloud user licenses + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Get-PASUserLicenseReport](https://pspas.pspete.dev/commands/Get-PASUserLicenseReport) + +[https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/content/privilegecloudapis/privcloud-user-licenses-report.htm](https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/content/privilegecloudapis/privcloud-user-licenses-report.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Import-PASPlatform.md b/docs/collections/_commands/Import-PASPlatform.md index c2eafec5..4e9aa2ae 100644 --- a/docs/collections/_commands/Import-PASPlatform.md +++ b/docs/collections/_commands/Import-PASPlatform.md @@ -14,10 +14,22 @@ Import a new platform ## SYNTAX +### Import ``` Import-PASPlatform [-ImportFile] [-WhatIf] [-Confirm] [] ``` +### SideBySide +``` +Import-PASPlatform -PlatformId -PlatformName [-Description ] [-WhatIf] [-Confirm] + [] +``` + +### Update +``` +Import-PASPlatform -PlatformId [-Force] [-WhatIf] [-Confirm] [] +``` + ## DESCRIPTION Import a new CPM platform. @@ -30,6 +42,20 @@ Import-PASPlatform -ImportFile CustomApp.zip Imports CustomApp.zip Platform package +### EXAMPLE 2 +``` +Import-PASPlatform -PlatformId CustomAppV2 -PlatformName CustomApp-V2 -Description "Platform for Custom App Version 2" +``` + +Imports Platform side by side with existing Platform + +### EXAMPLE 3 +``` +Import-PASPlatform -PlatformId CustomApp -Force +``` + +Updates existing Platform with new package + ## PARAMETERS ### -ImportFile @@ -37,7 +63,7 @@ The zip file that contains the platform. ```yaml Type: String -Parameter Sets: (All) +Parameter Sets: Import Aliases: Required: True @@ -78,6 +104,66 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -Description +A description value for the platform + +```yaml +Type: String +Parameter Sets: SideBySide +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force +Specify to force update of an existing platform, replacing it with the imported platform + +```yaml +Type: SwitchParameter +Parameter Sets: Update +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PlatformId +Set a PlatformId for the imported platform + +```yaml +Type: String +Parameter Sets: SideBySide, Update +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PlatformName +Set a name for the imported platform + +```yaml +Type: String +Parameter Sets: SideBySide +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). @@ -93,3 +179,7 @@ Minimum CyberArk version 10.2 [https://pspas.pspete.dev/commands/Import-PASPlatform](https://pspas.pspete.dev/commands/Import-PASPlatform) [https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ImportPlatform.htm](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ImportPlatform.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/updateplatformwithstoredplatform.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/updateplatformwithstoredplatform.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/importstoredplatformpatch.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/importstoredplatformpatch.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Import-PASThemeImage.md b/docs/collections/_commands/Import-PASThemeImage.md new file mode 100644 index 00000000..3260bad9 --- /dev/null +++ b/docs/collections/_commands/Import-PASThemeImage.md @@ -0,0 +1,110 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Import-PASThemeImage +schema: 2.0.0 +title: Import-PASThemeImage +--- + +# Import-PASThemeImage + +## SYNOPSIS +Adds an image used by a theme + +## SYNTAX + +``` +Import-PASThemeImage [-Name] [-ImageFile] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Adds an image used by a theme to the system. + +Requires Vault Admin Privileges + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Import-PASThemeImage -Name SomeImage -ImageFile SomeImageFile.png +``` + +Adds SomeImageFile.png to the system for use in a theme + +## PARAMETERS + +### -Name +The name of the image + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ImageFile +The image file to add + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Import-PASThemeImage](https://pspas.pspete.dev/commands/Import-PASThemeImage) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-add-image.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-add-image.htm) diff --git a/docs/collections/_commands/New-PASAccountObject.md b/docs/collections/_commands/New-PASAccountObject.md index 569ac561..3845a6cc 100644 --- a/docs/collections/_commands/New-PASAccountObject.md +++ b/docs/collections/_commands/New-PASAccountObject.md @@ -29,6 +29,13 @@ New-PASAccountObject -userName -address -secret [-WhatIf] [-Confirm] [] ``` +### DependentAccountObject +``` +New-PASAccountObject [-name ] [-platformID ] [-platformAccountProperties ] + [-automaticManagementEnabled ] [-manualManagementReason ] [-DependentAccount] [-WhatIf] + [-Confirm] [] +``` + ## DESCRIPTION Provide parameter values to return hashtable structured to be used as input for add account operations. @@ -41,6 +48,13 @@ New-PASAccountObject -userName SomeAccount1 -address domain.com -platformID WinD Returns hashtable structured to be used as input for add account operations +### EXAMPLE 2 +``` +New-PASAccountObject -name SomeName -platformAccountProperties @{"Some"="Prop"} -DependentAccountObject +``` + +Returns hashtable structured to be used as input for dependent account operations + ## PARAMETERS ### -uploadIndex @@ -90,7 +104,7 @@ The name of the account. ```yaml Type: String -Parameter Sets: AccountObject +Parameter Sets: AccountObject, DependentAccountObject Aliases: Required: False @@ -142,6 +156,18 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +```yaml +Type: String +Parameter Sets: DependentAccountObject +Aliases: PolicyID + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### -SafeName The safe where the account will be created @@ -206,7 +232,7 @@ These properties are validated against the mandatory and optional properties of ```yaml Type: Hashtable -Parameter Sets: AccountObject +Parameter Sets: AccountObject, DependentAccountObject Aliases: Required: False @@ -221,7 +247,7 @@ Whether CPM Password Management should be enabled ```yaml Type: Boolean -Parameter Sets: AccountObject +Parameter Sets: AccountObject, DependentAccountObject Aliases: Required: False @@ -236,7 +262,7 @@ A reason for disabling CPM Password Management ```yaml Type: String -Parameter Sets: AccountObject +Parameter Sets: AccountObject, DependentAccountObject Aliases: Required: False @@ -337,6 +363,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -DependentAccount +Specify to format the account object for dependent account operations + +```yaml +Type: SwitchParameter +Parameter Sets: DependentAccountObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/New-PASDirectoryMapping.md b/docs/collections/_commands/New-PASDirectoryMapping.md index 06a4feba..939e5556 100644 --- a/docs/collections/_commands/New-PASDirectoryMapping.md +++ b/docs/collections/_commands/New-PASDirectoryMapping.md @@ -18,8 +18,8 @@ Adds a new Directory Mapping for an existing directory New-PASDirectoryMapping [-DirectoryName] [-MappingName] [-LDAPBranch] [-DomainGroups] [[-VaultGroups] ] [[-Location] ] [[-LDAPQuery] ] [[-MappingAuthorizations] ] [[-UserActivityLogPeriod] ] [-UsedQuota ] - [-AuthorizedInterfaces ] [-EnableENEWhenDisconnected ] [-WhatIf] [-Confirm] - [] + [-AuthorizedInterfaces ] [-EnableENEWhenDisconnected ] + [-allowedAuthenticationMethods ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -288,6 +288,23 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -allowedAuthenticationMethods +All the non-Vault authentication methods (specified by ID) that the user can use to log on. + +Requires 14.4 + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). @@ -301,4 +318,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable [https://pspas.pspete.dev/commands/New-PASDirectoryMapping](https://pspas.pspete.dev/commands/New-PASDirectoryMapping) -[https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/LDAP_Create_Directory_Mapping.htm](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/LDAP_Create_Directory_Mapping.htm) +[https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/LDAP_Create_Directory_Mapping.htm](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/LDAP_Create_Directory_Mapping.htm) \ No newline at end of file diff --git a/docs/collections/_commands/New-PASReportSchedule.md b/docs/collections/_commands/New-PASReportSchedule.md new file mode 100644 index 00000000..9736eebd --- /dev/null +++ b/docs/collections/_commands/New-PASReportSchedule.md @@ -0,0 +1,279 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/New-PASReportSchedule +schema: 2.0.0 +title: New-PASReportSchedule +--- + +# New-PASReportSchedule + +## SYNOPSIS +Creates a new schedule for reports + +## SYNTAX + +``` +New-PASReportSchedule [[-version] ] [[-type] ] [-subType] [-name] + [-keepTaskDefinition] [[-startTime] ] [[-recurrenceType] ] + [[-recurrenceValue] ] [[-daysOfWeek] ] [[-weekNumber] ] + [[-Subscribers] ] [-notifyOnFailure] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Creates a new schedule for reports + +A `[Subscriber]` Class has been created to assist witho formatting of data for this request, see the example below + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> $Subscriber = [Subscriber]::AddSubscriber() +Enter subscriber name: pspete +Enter subscriber type: User +Notify on success? (true/false): true +Add LDAP info? (yes/no): yes +Enter LDAP directory name: PSPETE.DEV +Enter full DN: + + > $Subscriber + +name type notifyOnSuccess ldapInfo +---- ---- --------------- -------- +pspete User True LdapInfo + +PS C:\> New-PASReportSchedule -version 1 -type 'Report' -subType 'CyberArk.Reports.LicenseCapacityReport.LicenseCapacityReportUI' ` +-name 'Some Report' -keepTaskDefinition $true -Subscribers $Subscriber -notifyOnFailure $True$ +``` + +Adds a new report schedule + +## PARAMETERS + +### -version +Task definition version + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: 0 +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -type +Task type. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -subType +Task subtype. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -name +Task name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 4 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -keepTaskDefinition +Keep task definition after execution. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: True +Position: 5 +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -startTime +Scheduled start time. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -recurrenceType +Recurrence type. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 7 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -recurrenceValue +Frequency multiplier (e.g. every 2 weeks). + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 8 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -daysOfWeek +Days of the week to trigger the task. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 9 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -weekNumber +Week number for monthly recurrence. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 10 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Subscribers +Create definition for one or more subscribers using the `[Subscriber]` Class. + +`[Subscriber]::AddSubscriber()` interactively prompts for required details. + +```yaml +Type: Subscriber[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 11 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -notifyOnFailure +Notify the task creator if execution fails. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: True +Position: 12 +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/New-PASReportSchedule](https://pspas.pspete.dev/commands/New-PASReportSchedule) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/create-task.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/create-task.htm) diff --git a/docs/collections/_commands/New-PASTheme.md b/docs/collections/_commands/New-PASTheme.md new file mode 100644 index 00000000..74e5b59f --- /dev/null +++ b/docs/collections/_commands/New-PASTheme.md @@ -0,0 +1,891 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/New-PASTheme +schema: 2.0.0 +title: New-PASTheme +--- + +# New-PASTheme + +## SYNOPSIS +Creates a custom theme + +## SYNTAX + +``` +New-PASTheme [-name] [-isDraft] [[-mainBackgroundImage] ] [[-mainLogoDark] ] + [[-advancedSmallLogo] ] [[-advancedSymbolLogo] ] [[-colorsStyle] ] + [[-backgroundMain_Dark] ] [[-borderMain_Dark] ] [[-textMain_Dark] ] + [[-disableMain_Dark] ] [[-disableTextPrimary_Dark] ] + [[-disableBackgroundPrimary_Dark] ] [[-successPrimary_Dark] ] + [[-successSecondary_Dark] ] [[-warningPrimary_Dark] ] [[-warningSecondary_Dark] ] + [[-infoPrimary_Dark] ] [[-infoSecondary_Dark] ] [[-errorPrimary_Dark] ] + [[-errorSecondary_Dark] ] [[-backgroundMain_Bright] ] [[-borderMain_Bright] ] + [[-textMain_Bright] ] [[-disableMain_Bright] ] [[-disableTextPrimary_Bright] ] + [[-disableBackgroundPrimary_Bright] ] [[-successPrimary_Bright] ] + [[-successSecondary_Bright] ] [[-warningPrimary_Bright] ] + [[-warningSecondary_Bright] ] [[-infoPrimary_Bright] ] [[-infoSecondary_Bright] ] + [[-errorPrimary_Bright] ] [[-errorSecondary_Bright] ] [[-mainColor] ] + [[-selectedMain] ] [[-hoverMain] ] [[-defaultButtonTextPrimary] ] + [[-menuLogoBackground] ] [[-menuBackground] ] [[-menuHoverBackground] ] + [[-menuActiveBackgroundPrimary] ] [[-menuActiveBackgroundSecondary] ] [[-menuText] ] + [[-menuTextActive] ] [[-menuIcon] ] [[-backgroundMain] ] [[-borderMain] ] + [[-textMain] ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Creates a new custom theme. + +Requires membership of Vault Admins group + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> New-PASTheme -name "Barbie Pink" -isDraft $false ` + -colorsStyle "Bright" ` + -backgroundMain_Dark "#2A002E" ` + -borderMain_Dark "#FF1493" ` + -textMain_Dark "#FFC0CB" ` + -disableMain_Dark "#4B004F" ` + -disableTextPrimary_Dark "#A0527D" ` + -disableBackgroundPrimary_Dark "#3B003F" ` + -successPrimary_Dark "#FF69B4" ` + -successSecondary_Dark "#FF1493" ` + -warningPrimary_Dark "#FF85A2" ` + -warningSecondary_Dark "#5A003F" ` + -infoPrimary_Dark "#DA70D6" ` + -infoSecondary_Dark "#BA55D3" ` + -errorPrimary_Dark "#FF3366" ` + -errorSecondary_Dark "#8B008B" ` + -backgroundMain_Bright "#FFF0F5" ` + -borderMain_Bright "#FFB6C1" ` + -textMain_Bright "#C71585" ` + -disableMain_Bright "#F8D8E2" ` + -disableTextPrimary_Bright "#D87093" ` + -disableBackgroundPrimary_Bright "#FFE4E1" ` + -successPrimary_Bright "#FF69B4" ` + -successSecondary_Bright "#FFB6C1" ` + -warningPrimary_Bright "#FF85A2" ` + -warningSecondary_Bright "#FFDDEE" ` + -infoPrimary_Bright "#DA70D6" ` + -infoSecondary_Bright "#E6A8D7" ` + -errorPrimary_Bright "#C71585" ` + -errorSecondary_Bright "#FF99AA" ` + -mainColor "#FF69B4" ` + -selectedMain "#FF1493" ` + -hoverMain "#FFC0CB" ` + -defaultButtonTextPrimary "#FFFFFF" ` + -menuLogoBackground "#FF69B4" ` + -menuBackground "#FFF0F5" ` + -menuHoverBackground "#FFDDEE" ` + -menuActiveBackgroundPrimary "#FF1493" ` + -menuActiveBackgroundSecondary "#FFB6C1" ` + -menuText "#C71585" ` + -menuTextActive "#FFFFFF" ` + -menuIcon "#FF69B4" ` + -backgroundMain "#FFF5FA" ` + -borderMain "#FFB6C1" ` + -textMain "#C71585" +``` + +Creates a new "Barbie Pink" custom theme. + +## PARAMETERS + +### -name +Theme name + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -isDraft +Whether the theme is marked as draft + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -mainBackgroundImage +the main background image + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -mainLogoDark +the main logo in darker colors + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -advancedSmallLogo +the advanced small logo + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 5 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -advancedSymbolLogo +the advanced symbol logo + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -colorsStyle +Type of the theme (dark or bright) + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 7 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -backgroundMain_Dark +Dark mode main background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 8 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -borderMain_Dark +Dark mode main border color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 9 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -textMain_Dark +Dark mode main text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 10 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableMain_Dark +Dark mode main disable color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 11 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableTextPrimary_Dark +Dark mode primary disable text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 12 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableBackgroundPrimary_Dark +Dark mode primary disable background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 13 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successPrimary_Dark +Dark mode primary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 14 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successSecondary_Dark +Dark mode secondary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 15 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningPrimary_Dark +Dark mode primary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 16 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningSecondary_Dark +Dark mode secondary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 17 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoPrimary_Dark +Dark mode primary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 18 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoSecondary_Dark +Dark mode secondary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 19 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorPrimary_Dark +Dark mode primary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 20 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorSecondary_Dark +Dark mode secondary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 21 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -backgroundMain_Bright +Light mode main background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 22 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -borderMain_Bright +Light mode main border color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 23 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -textMain_Bright +Light mode main text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 24 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableMain_Bright +Light mode main disable color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 25 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableTextPrimary_Bright +Light mode primary disable text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 26 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableBackgroundPrimary_Bright +Light mode primary disable background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 27 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successPrimary_Bright +Light mode primary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 28 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successSecondary_Bright +Light mode secondary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 29 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningPrimary_Bright +Light mode primary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 30 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningSecondary_Bright +Light mode secondary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 31 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoPrimary_Bright +Light mode primary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 32 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoSecondary_Bright +Light mode secondary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 33 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorPrimary_Bright +Light mode primary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 34 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorSecondary_Bright +Light mode secondary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 35 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -mainColor +The primary color of the theme + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 36 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -selectedMain +The color used for elements in their selected state + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 37 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -hoverMain +The color used for elements in their hover state + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 38 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -defaultButtonTextPrimary +The default text color used on buttons + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 39 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuLogoBackground +The background color of the menu logo + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 40 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuBackground +The background color of the menu + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 41 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuHoverBackground +The background color of the menu items on hover + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 42 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuActiveBackgroundPrimary +The primary background color of the menu items when active + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 43 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuActiveBackgroundSecondary +The secondary background color of the menu items when active + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 44 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuText +The text color of the menu items + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 45 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuTextActive +The text color of the menu items when active + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 46 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuIcon +The color of the menu icons + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 47 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -backgroundMain +The main background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 48 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -borderMain +The main border color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 49 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -textMain +The main text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 50 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/New-PASTheme](https://pspas.pspete.dev/commands/New-PASTheme) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-create.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-create.htm) diff --git a/docs/collections/_commands/New-PASUser.md b/docs/collections/_commands/New-PASUser.md index 1f4da8a5..49b92e3f 100644 --- a/docs/collections/_commands/New-PASUser.md +++ b/docs/collections/_commands/New-PASUser.md @@ -26,8 +26,8 @@ New-PASUser -UserName [-InitialPassword ] [-userType ] [-cellularNumber ] [-faxNumber ] [-pagerNumber ] [-description ] [-FirstName ] [-MiddleName ] [-LastName ] [-street ] [-city ] [-state ] [-zip ] [-country ] [-title ] - [-organization ] [-department ] [-profession ] [-WhatIf] [-Confirm] - [] + [-organization ] [-department ] [-profession ] + [-allowedAuthenticationMethods ] [-WhatIf] [-Confirm] [] ``` ### Gen1 @@ -935,6 +935,24 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -allowedAuthenticationMethods +All the non-Vault authentication methods (specified by ID) that the user can use to log on. + +Minimum required version 14.4 + + +```yaml +Type: String[] +Parameter Sets: Gen2 +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Publish-PASDiscoveredLocalAccount.md b/docs/collections/_commands/Publish-PASDiscoveredLocalAccount.md index 309e11d4..151a1d1d 100644 --- a/docs/collections/_commands/Publish-PASDiscoveredLocalAccount.md +++ b/docs/collections/_commands/Publish-PASDiscoveredLocalAccount.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Publish-PASDiscoveredLocalAccount schema: 2.0.0 +title: Publish-PASDiscoveredLocalAccount --- # Publish-PASDiscoveredLocalAccount diff --git a/docs/collections/_commands/Publish-PASTheme.md b/docs/collections/_commands/Publish-PASTheme.md new file mode 100644 index 00000000..c438e83b --- /dev/null +++ b/docs/collections/_commands/Publish-PASTheme.md @@ -0,0 +1,93 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Publish-PASTheme +schema: 2.0.0 +title: Publish-PASTheme +--- + +# Publish-PASTheme + +## SYNOPSIS +Updates draft state a custom theme + +## SYNTAX + +``` +Publish-PASTheme [-ThemeName] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Updates the draft state of a specific custom theme from $true to $false + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Publish-PASTheme -ThemeName SomeTheme +``` + +Update the draft state of SomeTheme + +## PARAMETERS + +### -ThemeName +The name of the custom theme to update its draft state. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Publish-PASTheme](https://pspas.pspete.dev/commands/Publish-PASTheme) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update-draft.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update-draft.htm) diff --git a/docs/collections/_commands/Remove-PASDependentAccount.md b/docs/collections/_commands/Remove-PASDependentAccount.md new file mode 100644 index 00000000..50281a24 --- /dev/null +++ b/docs/collections/_commands/Remove-PASDependentAccount.md @@ -0,0 +1,119 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Remove-PASDependentAccount +schema: 2.0.0 +title: Remove-PASDependentAccount +--- + +# Remove-PASDependentAccount + +## SYNOPSIS +This deletes an existing dependent account. + +## SYNTAX + +``` +Remove-PASDependentAccount [-AccountID] [-dependentAccountId] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +Removes the association between a main privileged account and the dependent account. + +Requires CyberArk version 14.6 or later. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-PASDependentAccount -AccountID "123_456" -dependentAccountId "22_2" +``` + +Removes the dependent account with ID "789_012" from the main account "123_456". +The system will prompt for confirmation before performing the removal. + +### Example 2 +```powershell +PS C:\> Get-PASAccount -id "123_456" | Remove-PASDependentAccount -dependentAccountId "22_2" -WhatIf +``` + +Shows what would happen if the dependent account were removed, but does not actually perform the removal. +Uses pipeline input from Get-PASAccount for the main account ID. + +## PARAMETERS + +### -AccountID +The unique ID of the main privileged account that has the dependent account associated with it. +This parameter accepts pipeline input and can be aliased as 'id'. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -dependentAccountId +The unique ID of the dependent account that should be removed from the main account association. +This parameter accepts pipeline input and can be aliased as 'dependentid'. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: dependentid + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/docs/collections/_commands/Remove-PASDiscoveredLocalAccount.md b/docs/collections/_commands/Remove-PASDiscoveredLocalAccount.md index 3c69cb88..f6cc4c80 100644 --- a/docs/collections/_commands/Remove-PASDiscoveredLocalAccount.md +++ b/docs/collections/_commands/Remove-PASDiscoveredLocalAccount.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Remove-PASDiscoveredLocalAccount schema: 2.0.0 +title: Remove-PASDiscoveredLocalAccount --- # Remove-PASDiscoveredLocalAccount diff --git a/docs/collections/_commands/Remove-PASFIDO2Device.md b/docs/collections/_commands/Remove-PASFIDO2Device.md new file mode 100644 index 00000000..1f439ac2 --- /dev/null +++ b/docs/collections/_commands/Remove-PASFIDO2Device.md @@ -0,0 +1,129 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Remove-PASFIDO2Device +schema: 2.0.0 +title: Remove-PASFIDO2Device +--- + +# Remove-PASFIDO2Device + +## SYNOPSIS +Removes a FIDO2 device from a user's authentication methods. + +## SYNTAX + +### Default (Default) +``` +Remove-PASFIDO2Device [-id] [-WhatIf] [-Confirm] [] +``` + +### OwnDevice +``` +Remove-PASFIDO2Device [-id] [-OwnDevice] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Removes a FIDO2 device from either a user's authentication methods or from the current user's own authentication methods. + +Requires CyberArk version 14.6 or later. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-PASFIDO2Device -id "device123" +``` + +Removes the FIDO2 device with ID "device123" from a user's registered authentication methods. +This requires administrative privileges. + +### Example 2 +```powershell +PS C:\> Remove-PASFIDO2Device -id "device123" -OwnDevice +``` + +Removes the FIDO2 device with ID "device123" from the current user's own registered +authentication methods. This allows users to self-manage their FIDO2 devices. + +## PARAMETERS + +### -id +The unique identifier of the FIDO2 device to be removed from a user's authentication methods. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OwnDevice +When specified, removes the FIDO2 device from the current user's own authentication methods. +Without this parameter, the device is removed from the user that it belongs do in their authentication methods. + +```yaml +Type: SwitchParameter +Parameter Sets: OwnDevice +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Remove-PASFIDO2Device](https://pspas.pspete.dev/commands/Remove-PASFIDO2Device) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-remove.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-remove.htm) + +[\[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-remove.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-selfremove.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Remove-PASGroup.md b/docs/collections/_commands/Remove-PASGroup.md index 84fc8f37..d00d17f4 100644 --- a/docs/collections/_commands/Remove-PASGroup.md +++ b/docs/collections/_commands/Remove-PASGroup.md @@ -67,7 +67,7 @@ Accept wildcard characters: False ``` ### -ID -{{ Fill ID Description }} +The Group ID ```yaml Type: Int32 diff --git a/docs/collections/_commands/Remove-PASPTASecurityConfigurationProperty.md b/docs/collections/_commands/Remove-PASPTASecurityConfigurationProperty.md new file mode 100644 index 00000000..63f8d9c7 --- /dev/null +++ b/docs/collections/_commands/Remove-PASPTASecurityConfigurationProperty.md @@ -0,0 +1,118 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Remove-PASPTASecurityConfigurationProperty +schema: 2.0.0 +title: Remove-PASPTASecurityConfigurationProperty +--- + +# Remove-PASPTASecurityConfigurationProperty + +## SYNOPSIS +Removes PTA security configuration property + +## SYNTAX + +``` +Remove-PASPTASecurityConfigurationProperty [-propertyKey] [-id] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +This deletes a specific PTA security configuration property + +## EXAMPLES + +### EXAMPLE 1 +``` +Remove-PASPTASecurityConfigurationProperty -propertyKey "PrivilegedUsersList" -id "someid" +``` + +Removes the specified id from the PrivilegedUsersList property + +### EXAMPLE 2 +``` +Remove-PASPTASecurityConfigurationProperty -propertyKey "SCTExcludedAccountsList" -id "someid" +``` + +Removes the specified id from the SCTExcludedAccountsList property + +## PARAMETERS + +### -propertyKey +The key of the PTA security configuration property + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -id +The ID of the item to remove from the property + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES +Minimum Version CyberArk 14.2 + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Remove-PASPTASecurityConfigurationProperty](https://pspas.pspete.dev/commands/Remove-PASPTASecurityConfigurationProperty) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletesecurity.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletesecurity.htm) diff --git a/docs/collections/_commands/Remove-PASPTASyslog.md b/docs/collections/_commands/Remove-PASPTASyslog.md new file mode 100644 index 00000000..c9155058 --- /dev/null +++ b/docs/collections/_commands/Remove-PASPTASyslog.md @@ -0,0 +1,91 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Remove-PASPTASyslog +schema: 2.0.0 +title: Remove-PASPTASyslog +--- + +# Remove-PASPTASyslog + +## SYNOPSIS +Removes SYSLOG configuration from PTA + +## SYNTAX + +``` +Remove-PASPTASyslog [-ID] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Removes a SYSLOG configuration from PTA + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-PASPTASyslog -ID SomeID +``` + +Removes specified SYSLOG configuration from PTA + +## PARAMETERS + +### -ID +The ID of the SYSLOG configuration to delete + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Remove-PASPTASyslog](https://pspas.pspete.dev/commands/Remove-PASPTASyslog) diff --git a/docs/collections/_commands/Remove-PASStoredPlatform.md b/docs/collections/_commands/Remove-PASStoredPlatform.md new file mode 100644 index 00000000..06cff737 --- /dev/null +++ b/docs/collections/_commands/Remove-PASStoredPlatform.md @@ -0,0 +1,80 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Remove-PASStoredPlatform +schema: 2.0.0 +title: Remove-PASStoredPlatform +--- + +# Remove-PASStoredPlatform + +## SYNOPSIS +Removes the platform stored in memory. + +## SYNTAX + +``` +Remove-PASStoredPlatform [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Removes the platform stored in memory. + +Requires Vault Admin membership + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-PASStoredPlatform +``` + +Delete the stored platform from memory + +## PARAMETERS + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Remove-PASStoredPlatform](https://pspas.pspete.dev/commands/Remove-PASStoredPlatform) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletestoredplatform.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletestoredplatform.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Remove-PASTheme.md b/docs/collections/_commands/Remove-PASTheme.md new file mode 100644 index 00000000..6c311345 --- /dev/null +++ b/docs/collections/_commands/Remove-PASTheme.md @@ -0,0 +1,94 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Remove-PASTheme +schema: 2.0.0 +title: Set-PASTheme +--- + +# Remove-PASTheme + +## SYNOPSIS +Delete Theme + +## SYNTAX + +``` +Remove-PASTheme [-ThemeName] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Removes a specific theme + +## EXAMPLES + +### EXAMPLE 1 +``` +Remove-PASTheme -ThemeName "Custom Dark" +``` + +Removes the theme "Custom Dark" + +## PARAMETERS + +### -ThemeName +The name of the theme + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: 0 +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Remove-PASTheme](https://pspas.pspete.dev/commands/Remove-PASTheme) + +[https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-delete.htm](https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-delete.htm) diff --git a/docs/collections/_commands/Remove-PASUserAllowedAuthenticationMethod.md b/docs/collections/_commands/Remove-PASUserAllowedAuthenticationMethod.md new file mode 100644 index 00000000..98fc6409 --- /dev/null +++ b/docs/collections/_commands/Remove-PASUserAllowedAuthenticationMethod.md @@ -0,0 +1,111 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Remove-PASUserAllowedAuthenticationMethod +schema: 2.0.0 +title: Remove-PASUserAllowedAuthenticationMethod +--- + +# Remove-PASUserAllowedAuthenticationMethod + +## SYNOPSIS +Delete allowed authentication methods from multiple users + +## SYNTAX + +``` +Remove-PASUserAllowedAuthenticationMethod [-userIds] [-allowedAuthenticationMethods] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Deletes allowed authentication methods from multiple Vault users using a single request. + +Requires the Add/Update Users authorizations to be held by the user running the command. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-PASUserAllowedAuthenticationMethod -userIds 67,68,69 -allowedAuthenticationMethods LDAP +``` + +Deletes the LDAP authentication methods from users with ids 67, 68 & 69 + +## PARAMETERS + +### -userIds +A list of strings of the user IDs from which to delete the allowed authentication methods. + +```yaml +Type: Int32[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -allowedAuthenticationMethods +A list of strings of all the non-Vault authentication methods (specified by ID) that the users cannot use to log on. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Remove-PASUserAllowedAuthenticationMethod](https://pspas.pspete.dev/commands/Remove-PASUserAllowedAuthenticationMethod) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-delete-allowed-auth.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-delete-allowed-auth.htm) diff --git a/docs/collections/_commands/Reset-PASPTASecurityConfigurationCategory.md b/docs/collections/_commands/Reset-PASPTASecurityConfigurationCategory.md new file mode 100644 index 00000000..d23ba3ce --- /dev/null +++ b/docs/collections/_commands/Reset-PASPTASecurityConfigurationCategory.md @@ -0,0 +1,102 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationCategory +schema: 2.0.0 +title: Reset-PASPTASecurityConfigurationCategory +--- + +# Reset-PASPTASecurityConfigurationCategory + +## SYNOPSIS +Resets PTA security configuration category to default values + +## SYNTAX + +``` +Reset-PASPTASecurityConfigurationCategory [-categoryKey] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Resets PTA security configuration category to default values + +## EXAMPLES + +### EXAMPLE 1 +``` +Reset-PASPTASecurityConfigurationCategory -categoryKey "ActiveDormantUser" +``` + +Resets the ActiveDormantUser category to default values + +### EXAMPLE 2 +``` +Reset-PASPTASecurityConfigurationCategory -categoryKey "SuspectedCredentialsTheft" +``` + +Resets the SuspectedCredentialsTheft category to default values + +## PARAMETERS + +### -categoryKey +The key of the PTA security configuration category to reset + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES +Minimum Version CyberArk 14.2 + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationCategory](https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationCategory) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecuritycategory.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecuritycategory.htm) diff --git a/docs/collections/_commands/Reset-PASPTASecurityConfigurationProperty.md b/docs/collections/_commands/Reset-PASPTASecurityConfigurationProperty.md new file mode 100644 index 00000000..75dd7137 --- /dev/null +++ b/docs/collections/_commands/Reset-PASPTASecurityConfigurationProperty.md @@ -0,0 +1,104 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationProperty +schema: 2.0.0 +title: Reset-PASPTASecurityConfigurationProperty +--- + +# Reset-PASPTASecurityConfigurationProperty + +## SYNOPSIS +Resets PTA security configuration property to default value + +## SYNTAX + +``` +Reset-PASPTASecurityConfigurationProperty [-propertyKey] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Resets PTA security configuration property to default value + +Minimum required version 14.2 + +## EXAMPLES + +### EXAMPLE 1 +``` +Reset-PASPTASecurityConfigurationProperty -propertyKey "ActiveDormantUserDays" +``` + +Resets the ActiveDormantUserDays property to its default value + +### EXAMPLE 2 +``` +Reset-PASPTASecurityConfigurationProperty -propertyKey "FailedVaultLogonAttemptsThreshold" +``` + +Resets the FailedVaultLogonAttemptsThreshold property to its default value + +## PARAMETERS + +### -propertyKey +The key of the PTA security configuration property to reset + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES +Minimum Version CyberArk 14.2 + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationProperty](https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationProperty) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecurityproperty.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecurityproperty.htm) diff --git a/docs/collections/_commands/Reset-PASTheme.md b/docs/collections/_commands/Reset-PASTheme.md new file mode 100644 index 00000000..1142b97d --- /dev/null +++ b/docs/collections/_commands/Reset-PASTheme.md @@ -0,0 +1,78 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Reset-PASTheme +schema: 2.0.0 +title: Reset-PASTheme +--- + +# Reset-PASTheme + +## SYNOPSIS +Revert the UI to the default theme + +## SYNTAX + +``` +Reset-PASTheme [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Deactivates the custom theme and revert the UI to the default theme + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Reset-PASTheme +``` + +Reverts the UI to the default theme + +## PARAMETERS + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Reset-PASTheme](https://pspas.pspete.dev/commands/Reset-PASTheme) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-deactivate.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-deactivate.htm) diff --git a/docs/collections/_commands/Resume-PASDependentAccount.md b/docs/collections/_commands/Resume-PASDependentAccount.md new file mode 100644 index 00000000..256033ab --- /dev/null +++ b/docs/collections/_commands/Resume-PASDependentAccount.md @@ -0,0 +1,119 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Resume-PASDependentAccount +schema: 2.0.0 +title: Resume-PASDependentAccount +--- + +# Resume-PASDependentAccount + +## SYNOPSIS +This resumes automatic management of a dependent account by the CPM. + +## SYNTAX + +``` +Resume-PASDependentAccount [-AccountID] [-dependentAccountId] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +Resumes automatic management of a dependent account by the Central Password Manager (CPM). + +Requires CyberArk version 14.6 or later. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Resume-PASDependentAccount -AccountID "123_456" -dependentAccountId "22_2" +``` + +Resumes automatic CPM management for the dependent account with ID "789_012" that is +associated with the main account "123_456". + +### Example 2 +```powershell +PS C:\> Get-PASAccount -id "123_456" | Resume-PASDependentAccount -dependentAccountId "22_2" +``` + +Uses pipeline input to resume automatic management of dependent account "789_012" for +the main account retrieved by Get-PASAccount. + +## PARAMETERS + +### -AccountID +The unique ID of the main privileged account that has the dependent account associated with it. +This parameter accepts pipeline input and can be aliased as 'id'. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -dependentAccountId +The unique ID of the dependent account for which automatic CPM management should be resumed. +This parameter accepts pipeline input and can be aliased as 'dependentid'. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: dependentid + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/docs/collections/_commands/Set-PASDependentAccount.md b/docs/collections/_commands/Set-PASDependentAccount.md new file mode 100644 index 00000000..15ea0760 --- /dev/null +++ b/docs/collections/_commands/Set-PASDependentAccount.md @@ -0,0 +1,174 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Set-PASDependentAccount +schema: 2.0.0 +title: Set-PASDependentAccount +--- + +# Set-PASDependentAccount + +## SYNOPSIS +Updates a Dependent Account + +## SYNTAX + +``` +Set-PASDependentAccount [-accountId] [-dependentAccountId] [[-name] ] + [[-platformAccountProperties] ] [[-automaticManagementEnabled] ] + [[-manualManagementReason] ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Updates an existing dependent account. + +Requires the Update account properties permission for the Account. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Set-PASDependentAccount -accountId 123_45 -dependentAccountId 123_560 -name SomeNewName + -platformAccountProperties @{"Property"="Value"} -automaticManagementEnabled $false + -manualManagementReason "Some Reason" +``` + +Updates the Dependent Account with the specified values + +## PARAMETERS + +### -accountId +The account ID of the master account + +```yaml +Type: String +Parameter Sets: (All) +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -dependentAccountId +The unique ID of the dependent account + +```yaml +Type: String +Parameter Sets: (All) +Aliases: dependentid + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -name +The name of the dependent account + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -platformAccountProperties +Hashtable of mandatory and optional parameters of the dependent account, based on the platform. + +```yaml +Type: Hashtable +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -automaticManagementEnabled +Whether the account secret is automatically managed by the CPM + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 5 +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -manualManagementReason +The reason for disabling automatic secret management + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Set-PASDependentAccount](https://pspas.pspete.dev/commands/Set-PASDependentAccount) + +[(https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-dependent-account.htm)](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-dependent-account.htm) diff --git a/docs/collections/_commands/Set-PASDirectoryMapping.md b/docs/collections/_commands/Set-PASDirectoryMapping.md index 543ddfc3..33d226e4 100644 --- a/docs/collections/_commands/Set-PASDirectoryMapping.md +++ b/docs/collections/_commands/Set-PASDirectoryMapping.md @@ -18,8 +18,8 @@ Updates an existing Directory Mapping for a directory Set-PASDirectoryMapping [-DirectoryName] [-MappingID] [[-MappingName] ] [[-LDAPBranch] ] [[-DomainGroups] ] [[-VaultGroups] ] [[-Location] ] [[-LDAPQuery] ] [[-MappingAuthorizations] ] [[-UserActivityLogPeriod] ] - [-UsedQuota ] [-AuthorizedInterfaces ] [-EnableENEWhenDisconnected ] [-WhatIf] - [-Confirm] [] + [-UsedQuota ] [-AuthorizedInterfaces ] [-EnableENEWhenDisconnected ] + [-allowedAuthenticationMethods ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -313,6 +313,23 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -allowedAuthenticationMethods +All the non-Vault authentication methods (specified by ID) that the user can use to log on. + +Requires 14.4 + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). @@ -326,4 +343,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable [https://pspas.pspete.dev/commands/Set-PASDirectoryMapping](https://pspas.pspete.dev/commands/Set-PASDirectoryMapping) -[https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm) +[https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Set-PASGroup.md b/docs/collections/_commands/Set-PASGroup.md index 7bc1e80e..77ceb442 100644 --- a/docs/collections/_commands/Set-PASGroup.md +++ b/docs/collections/_commands/Set-PASGroup.md @@ -83,7 +83,7 @@ Accept wildcard characters: False ``` ### -ID -{{ Fill ID Description }} +The Group ID ```yaml Type: Int32 diff --git a/docs/collections/_commands/Set-PASIPAllowList.md b/docs/collections/_commands/Set-PASIPAllowList.md index 46d22804..61e260a6 100644 --- a/docs/collections/_commands/Set-PASIPAllowList.md +++ b/docs/collections/_commands/Set-PASIPAllowList.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Set-PASIPAllowList schema: 2.0.0 +title: Set-PASIPAllowList --- # Set-PASIPAllowList diff --git a/docs/collections/_commands/Set-PASMasterPolicy.md b/docs/collections/_commands/Set-PASMasterPolicy.md new file mode 100644 index 00000000..8bf64264 --- /dev/null +++ b/docs/collections/_commands/Set-PASMasterPolicy.md @@ -0,0 +1,312 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Set-PASMasterPolicy +schema: 2.0.0 +title: Set-PASMasterPolicy +--- + +# Set-PASMasterPolicy + +## SYNOPSIS +Updates Master Policy + +## SYNTAX + +``` +Set-PASMasterPolicy [[-DualControl] ] [[-MultiLevelApproval] ] + [[-OnlyManagersApproval] ] [[-ConfirmersNumber] ] [[-EnforceExclusiveAccess] ] + [[-EnforceOneTimePassword] ] [[-TransparentConnection] ] [[-AllowViewPassword] ] + [[-RequireReason] ] [[-AllowFreeText] ] [[-PasswordChangeDays] ] + [[-PasswordVerificationDays] ] [[-RequireMonitoringAndIsolation] ] + [[-RecordActivity] ] [[-RetentionPeriod] ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Allows a Vault Admin to update Master Policy Settings + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Set-PASMasterPolicy -DualControl $false +``` + +Disables Dual Control in master Policy + +## PARAMETERS + +### -AllowFreeText +Allow free text reason. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 9 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AllowViewPassword +Allow view password policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 7 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ConfirmersNumber +Configure number of confirmers policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DualControl +Set Dual control policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -EnforceExclusiveAccess +Enforce exclusive access policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -EnforceOneTimePassword +Enforce one-time password policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 5 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -MultiLevelApproval +Configure Multi-level approvals. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -OnlyManagersApproval +Configure approval by managers only policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PasswordChangeDays +Password change frequency policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 10 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PasswordVerificationDays +Password verification frequency policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 11 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RecordActivity +Record activity policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 13 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RequireMonitoringAndIsolation +Require monitoring and isolation policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 12 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RequireReason +Require reason policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 8 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -RetentionPeriod +Retention period policy. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: 14 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TransparentConnection +Transparent connection policy. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Boolean + +### System.Int32 + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Set-PASMasterPolicy](https://pspas.pspete.dev/commands/Set-PASMasterPolicy) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-policy-by-id.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-policy-by-id.htm) \ No newline at end of file diff --git a/docs/collections/_commands/Set-PASPTARiskEvent.md b/docs/collections/_commands/Set-PASPTARiskEvent.md index 9537024f..ad4dc531 100644 --- a/docs/collections/_commands/Set-PASPTARiskEvent.md +++ b/docs/collections/_commands/Set-PASPTARiskEvent.md @@ -3,6 +3,7 @@ external help file: psPAS-help.xml Module Name: psPAS online version: https://pspas.pspete.dev/commands/Set-PASPTARiskEvent schema: 2.0.0 +title: Set-PASPTARiskEvent --- # Set-PASPTARiskEvent diff --git a/docs/collections/_commands/Set-PASPTASMTP.md b/docs/collections/_commands/Set-PASPTASMTP.md new file mode 100644 index 00000000..655e26fa --- /dev/null +++ b/docs/collections/_commands/Set-PASPTASMTP.md @@ -0,0 +1,200 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Set-PASPTASMTP +schema: 2.0.0 +title: Set-PASPTASMTP +--- + +# Set-PASPTASMTP + +## SYNOPSIS +Sets an SMTP configuration to PTA + +## SYNTAX + +``` +Set-PASPTASMTP [-host] [-protocol] [-port] [-sender] + [-recipients] [[-accountId] ] [[-CertificateFile] ] + [-AlertToEmailScoreThreshold] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Configure PTA SMTP settings + +API is not documented, so this help file may not be 100% accurate + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Set-PASPTASMTP -host smtp.domain.com -protocol TCP -port 25 -sender 'PTA@domain.com' ` + -recipients 'security_team@domain.com' -AlertToEmailScoreThreshold 70 +``` + +Configures PTA SMTP settings + +## PARAMETERS + +### -host +The SMTP host + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -protocol +The protocol for SMTP integration + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -port +The port for the SMTP communication + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: True +Position: 3 +Default value: 0 +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -sender +The sender address + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 4 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -recipients +The recipient address + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 5 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -accountId +Account to use for SMTP authentication + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -CertificateFile +Certificate to use for SMTP authentication + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 7 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlertToEmailScoreThreshold +PTA Alert Score threshold for email alerts + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: True +Position: 8 +Default value: 0 +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Set-PASPTASMTP](https://pspas.pspete.dev/commands/Set-PASPTASMTP) diff --git a/docs/collections/_commands/Set-PASSafe.md b/docs/collections/_commands/Set-PASSafe.md index 93ae541f..80ddf1df 100644 --- a/docs/collections/_commands/Set-PASSafe.md +++ b/docs/collections/_commands/Set-PASSafe.md @@ -45,8 +45,6 @@ Set-PASSafe -SafeName [-NewSafeName ] [-Description ] [ ## DESCRIPTION Updates a single safe in the Vault. Manage Safe permission is required. -All required properties should be sent in the request. -Any properties set on the safe not included in the request will be cleared. ## EXAMPLES @@ -61,15 +59,6 @@ Minimum required version 12.2 ### EXAMPLE 2 ``` -Get-PASSafe -SafeName SAFE | Set-PASSafe -SafeName SAFE -NumberOfVersionsRetention 10 -``` - -Updates version retention on SAFE using Gen2 API, maintaining all other properties. - -Minimum required version 12.2 - -### EXAMPLE 3 -``` Set-PASSafe -SafeName SAFE -Description "New-Description" -NumberOfDaysRetention 10 -UseGen1API ``` diff --git a/docs/collections/_commands/Set-PASSafeMember.md b/docs/collections/_commands/Set-PASSafeMember.md index 565e49ed..346b37d7 100644 --- a/docs/collections/_commands/Set-PASSafeMember.md +++ b/docs/collections/_commands/Set-PASSafeMember.md @@ -27,6 +27,36 @@ Set-PASSafeMember -SafeName -MemberName [-MembershipExpiration [-MoveAccountsAndFolders ] [-WhatIf] [-Confirm] [] ``` +### Full +``` +Set-PASSafeMember -SafeName -MemberName [-MembershipExpirationDate ] [-Full] + [-WhatIf] [-Confirm] [] +``` + +### AccountsManager +``` +Set-PASSafeMember -SafeName -MemberName [-MembershipExpirationDate ] + [-AccountsManager] [-WhatIf] [-Confirm] [] +``` + +### Approver +``` +Set-PASSafeMember -SafeName -MemberName [-MembershipExpirationDate ] [-Approver] + [-WhatIf] [-Confirm] [] +``` + +### ReadOnly +``` +Set-PASSafeMember -SafeName -MemberName [-MembershipExpirationDate ] [-ReadOnly] + [-WhatIf] [-Confirm] [] +``` + +### ConnectOnly +``` +Set-PASSafeMember -SafeName -MemberName [-MembershipExpirationDate ] [-ConnectOnly] + [-WhatIf] [-Confirm] [] +``` + ### Gen1 ``` Set-PASSafeMember -SafeName -MemberName [-MembershipExpirationDate ] @@ -118,7 +148,7 @@ safe member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: RestrictedRetrieve Required: False @@ -134,7 +164,7 @@ to safe member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Retrieve Required: False @@ -150,7 +180,7 @@ safe member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: ListContent Required: False @@ -168,7 +198,7 @@ Includes UpdateAccountProperties (when adding or removing permission). ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Add Required: False @@ -184,7 +214,7 @@ member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Update Required: False @@ -200,7 +230,7 @@ to safe member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: UpdateMetadata Required: False @@ -216,7 +246,7 @@ will be granted to safe member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -232,7 +262,7 @@ to safe member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -248,7 +278,7 @@ member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Rename Required: False @@ -264,7 +294,7 @@ member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Delete Required: False @@ -280,7 +310,7 @@ member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Unlock Required: False @@ -296,7 +326,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -312,7 +342,7 @@ member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -328,7 +358,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -344,7 +374,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: ViewAudit Required: False @@ -360,7 +390,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: ViewMembers Required: False @@ -393,7 +423,7 @@ safe member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -409,7 +439,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: AddRenameFolder Required: False @@ -425,7 +455,7 @@ on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: Required: False @@ -441,7 +471,7 @@ member on safe. ```yaml Type: Boolean -Parameter Sets: (All) +Parameter Sets: Gen2, Gen1 Aliases: MoveFilesAndFolders Required: False @@ -533,6 +563,81 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -AccountsManager +Sets Accounts Manager permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: AccountsManager +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Approver +Sets Approver permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: Approver +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ConnectOnly +Set Connect Only permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: ConnectOnly +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Full +Sets Full Permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: Full +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ReadOnly +Sets Read Only permissions for user on safe + +```yaml +Type: SwitchParameter +Parameter Sets: ReadOnly +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Set-PASTheme.md b/docs/collections/_commands/Set-PASTheme.md new file mode 100644 index 00000000..a33ab022 --- /dev/null +++ b/docs/collections/_commands/Set-PASTheme.md @@ -0,0 +1,862 @@ +--- +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Set-PASTheme +schema: 2.0.0 +title: Set-PASTheme +--- + +# Set-PASTheme + +## SYNOPSIS +Updates a custom theme + +## SYNTAX + +``` +Set-PASTheme [-ThemeName] [[-name] ] [[-isDraft] ] [[-mainBackgroundImage] ] + [[-mainLogoDark] ] [[-advancedSmallLogo] ] [[-advancedSymbolLogo] ] + [[-colorsStyle] ] [[-backgroundMain_Dark] ] [[-borderMain_Dark] ] + [[-textMain_Dark] ] [[-disableMain_Dark] ] [[-disableTextPrimary_Dark] ] + [[-disableBackgroundPrimary_Dark] ] [[-successPrimary_Dark] ] + [[-successSecondary_Dark] ] [[-warningPrimary_Dark] ] [[-warningSecondary_Dark] ] + [[-infoPrimary_Dark] ] [[-infoSecondary_Dark] ] [[-errorPrimary_Dark] ] + [[-errorSecondary_Dark] ] [[-backgroundMain_Bright] ] [[-borderMain_Bright] ] + [[-textMain_Bright] ] [[-disableMain_Bright] ] [[-disableTextPrimary_Bright] ] + [[-disableBackgroundPrimary_Bright] ] [[-successPrimary_Bright] ] + [[-successSecondary_Bright] ] [[-warningPrimary_Bright] ] + [[-warningSecondary_Bright] ] [[-infoPrimary_Bright] ] [[-infoSecondary_Bright] ] + [[-errorPrimary_Bright] ] [[-errorSecondary_Bright] ] [[-mainColor] ] + [[-selectedMain] ] [[-hoverMain] ] [[-defaultButtonTextPrimary] ] + [[-menuLogoBackground] ] [[-menuBackground] ] [[-menuHoverBackground] ] + [[-menuActiveBackgroundPrimary] ] [[-menuActiveBackgroundSecondary] ] [[-menuText] ] + [[-menuTextActive] ] [[-menuIcon] ] [[-backgroundMain] ] [[-borderMain] ] + [[-textMain] ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Updates an existing custom theme. + +Requires membership of Vault Admins group + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> New-PASTheme -ThemeName "Barbie Pink" -name "Pink Pony Club" +``` + +Updates the theme name from "Barbie Pink" to "Pink Pony Club" + +## PARAMETERS + +### -ThemeName +The name of the existing theme to update + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -name +The theme name to set on the existing theme + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -isDraft +Whether the theme is marked as draft + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: 3 +Default value: False +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -mainBackgroundImage +the main background image + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -mainLogoDark +the main logo in darker colors + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 5 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -advancedSmallLogo +the advanced small logo + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 6 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -advancedSymbolLogo +the advanced symbol logo + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 7 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -colorsStyle +Type of the theme (dark or bright) + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 8 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -backgroundMain_Dark +Dark mode main background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 9 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -borderMain_Dark +Dark mode main border color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 10 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -textMain_Dark +Dark mode main text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 11 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableMain_Dark +Dark mode main disable color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 12 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableTextPrimary_Dark +Dark mode primary disable text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 13 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableBackgroundPrimary_Dark +Dark mode primary disable background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 14 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successPrimary_Dark +Dark mode primary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 15 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successSecondary_Dark +Dark mode secondary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 16 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningPrimary_Dark +Dark mode primary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 17 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningSecondary_Dark +Dark mode secondary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 18 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoPrimary_Dark +Dark mode primary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 19 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoSecondary_Dark +Dark mode secondary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 20 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorPrimary_Dark +Dark mode primary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 21 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorSecondary_Dark +Dark mode secondary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 22 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -backgroundMain_Bright +Light mode main background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 23 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -borderMain_Bright +Light mode main border color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 24 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -textMain_Bright +Light mode main text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 25 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableMain_Bright +Light mode main disable color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 26 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableTextPrimary_Bright +Light mode primary disable text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 27 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -disableBackgroundPrimary_Bright +Light mode primary disable background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 28 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successPrimary_Bright +Light mode primary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 29 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -successSecondary_Bright +Light mode secondary success color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 30 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningPrimary_Bright +Light mode primary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 31 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -warningSecondary_Bright +Light mode secondary warning color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 32 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoPrimary_Bright +Light mode primary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 33 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -infoSecondary_Bright +Light mode secondary info color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 34 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorPrimary_Bright +Light mode primary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 35 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -errorSecondary_Bright +Light mode secondary error color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 36 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -mainColor +The primary color of the theme + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 37 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -selectedMain +The color used for elements in their selected state + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 38 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -hoverMain +The color used for elements in their hover state + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 39 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -defaultButtonTextPrimary +The default text color used on buttons + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 40 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuLogoBackground +The background color of the menu logo + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 41 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuBackground +The background color of the menu + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 42 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuHoverBackground +The background color of the menu items on hover + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 43 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuActiveBackgroundPrimary +The primary background color of the menu items when active + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 44 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuActiveBackgroundSecondary +The secondary background color of the menu items when active + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 45 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuText +The text color of the menu items + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 46 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuTextActive +The text color of the menu items when active + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 47 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -menuIcon +The color of the menu icons + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 48 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -backgroundMain +The main background color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 49 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -borderMain +The main border color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 50 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -textMain +The main text color + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 51 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Set-PASTheme](https://pspas.pspete.dev/commands/Set-PASTheme) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update.htm) diff --git a/docs/collections/_commands/Set-PASUser.md b/docs/collections/_commands/Set-PASUser.md index 7fc12ff7..cd8250b0 100644 --- a/docs/collections/_commands/Set-PASUser.md +++ b/docs/collections/_commands/Set-PASUser.md @@ -26,8 +26,8 @@ Set-PASUser -id -username [-NewPassword ] [-userT [-businessNumber ] [-cellularNumber ] [-faxNumber ] [-pagerNumber ] [-description ] [-FirstName ] [-MiddleName ] [-LastName ] [-street ] [-city ] [-state ] [-zip ] [-country ] [-title ] - [-organization ] [-department ] [-profession ] [-WhatIf] [-Confirm] - [] + [-organization ] [-department ] [-profession ] + [-allowedAuthenticationMethods ] [-WhatIf] [-Confirm] [] ``` ### Gen1 @@ -974,6 +974,24 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -allowedAuthenticationMethods +All the non-Vault authentication methods (specified by ID) that the user can use to log on. + +Minimum required version 14.4 + + +```yaml +Type: String[] +Parameter Sets: Gen2 +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). diff --git a/docs/collections/_commands/Sync-PASDependentAccount.md b/docs/collections/_commands/Sync-PASDependentAccount.md new file mode 100644 index 00000000..760ce3e0 --- /dev/null +++ b/docs/collections/_commands/Sync-PASDependentAccount.md @@ -0,0 +1,136 @@ +--- +category: PSPAS +external help file: psPAS-help.xml +Module Name: psPAS +online version: https://pspas.pspete.dev/commands/Sync-PASDependentAccount +schema: 2.0.0 +title: Sync-PASDependentAccount +--- + +# Sync-PASDependentAccount + +## SYNOPSIS + +This syncs the dependent account secret with its master account. + +## SYNTAX + +``` +Sync-PASDependentAccount [-accountId] [-dependentAccountId] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION + +Syncs the dependent account secret with its master account. + +The user performing this task must have the following permissions in the Safe where the privileged account is stored: + +Initiate CPM password management operations + +Requires minimum version 14.6. + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +PS C:\> Sync-PASDependentAccount -accountId 12_34 -dependentAccountId 56_78 +``` + +Synchronizes the password of dependent account with ID 56_78 with its parent account 12_34. + +### EXAMPLE 2 + +```powershell +PS C:\> Sync-PASDependentAccount -accountId 12_34 -dependentAccountId 12_78, 12_01, 12_45, 12_89 +``` + +Synchronizes the password of the specified dependent accounts for parent account with id 12_34. + +## PARAMETERS + +### -accountId + +The ID of the parent account whose password will be synchronized to the dependent account. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: id + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -dependentAccountId + +The ID of the dependent account that will receive the synchronized password from the parent account. + +Specify multiple values to perform bulk synchronisation in a single request. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: dependentid + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +Requires minimum version 14.6 + +## RELATED LINKS + +[https://pspas.pspete.dev/commands/Sync-PASDependentAccount](https://pspas.pspete.dev/commands/Sync-PASDependentAccount) + +[https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/Dependent-Accounts.htm](https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/Dependent-Accounts.htm) + +[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-sync-dependent-account-secret.htm](https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-sync-dependent-account-secret.htm) diff --git a/docs/collections/_docs/10-compatibility.md b/docs/collections/_docs/10-compatibility.md index bbab0f89..f8f18fa2 100644 --- a/docs/collections/_docs/10-compatibility.md +++ b/docs/collections/_docs/10-compatibility.md @@ -2,7 +2,7 @@ title: "Compatibility" permalink: /docs/compatibility/ excerpt: "Module Compatibility" -last_modified_at: 2023-03-06T01:23:45-00:00 +last_modified_at: 2025-09-09T01:23:45-00:00 toc: false --- @@ -207,7 +207,77 @@ If version requirement criteria are not met, operations may be prevented. [`Get-PASDiscoveredLocalAccount`][Get-PASDiscoveredLocalAccount] |**P Cloud Only** |Get P Cloud Discovered Local Account [`Clear-PASDiscoveredLocalAccount`][Clear-PASDiscoveredLocalAccount] |**P Cloud Only** |Clear all P Cloud Discovered Local Accounts [`Add-PASDiscoveredLocalAccount`][Add-PASDiscoveredLocalAccount] |**P Cloud Only** |Add P Cloud Discovered Local Account - +[`Enable-PASTheme`][Enable-PASTheme] |**14.6** |Activate a custom UI theme +[`Remove-PASTheme`][Remove-PASTheme] |**14.6** |Delete a custom UI theme +[`Import-PASThemeImage`][Import-PASThemeImage] |**14.6** |Import an image for use in a custom UI theme +[`Export-PASThemeImage`][Export-PASThemeImage] |**14.6** |Export an image used in a custom UI theme +[`Reset-PASTheme`][Reset-PASTheme] |**14.6** |Reset the UI theme to default +[`Publish-PASTheme`][Publish-PASTheme] |**14.6** |Change the draft status of a custom UI theme +[`Get-PASTheme`][Get-PASTheme] |**14.6** |Return details of custom UI themes +[`New-PASTheme`][New-PASTheme] |**14.6** |Create a new custom UI theme +[`Set-PASTheme`][Set-PASTheme] |**14.6** |Update a custom UI theme +[`Get-PASStoredPlatform`][Get-PASStoredPlatform] |**14.6** |Get details of platforms stored in memory for import +[`Remove-PASStoredPlatform`][Remove-PASStoredPlatform] |**14.6** |Delete a stored platform from memory +[`Get-PASUserLicenseReport`][Get-PASUserLicenseReport] |**14.6** |Return usage information for Privilege Cloud user licenses +[`Get-PASReport`][Get-PASReport] |**14.6** |List reports available to your user +[`Get-PASReportSchedule`][Get-PASReportSchedule] |**14.6** |List report schedules +[`New-PASReportSchedule`][New-PASReportSchedule] |**14.6** |Create a scheduled report +[`Export-PASReport`][Export-PASReport] |**14.6** |Export an available report +[`Add-PASUserAllowedAuthenticationMethod`][Add-PASUserAllowedAuthenticationMethod] |**14.4** |Add allowed authentication methods to multiple users +[`Remove-PASUserAllowedAuthenticationMethod`][Remove-PASUserAllowedAuthenticationMethod] |**14.4** |Remove allowed authentication methods from multiple users +[`Remove-PASFIDO2Device`][Remove-PASFIDO2Device] |**14.6** |Remove a configured FIDO2 device from a user +[`Get-PASMasterPolicy`][Get-PASMasterPolicy] |**14.6** |List Master Policy settings +[`Set-PASMasterPolicy`][Set-PASMasterPolicy] |**14.6** |Update Master Policy settings +[`Add-PASDependentAccount`][Add-PASDependentAccount] |**14.6** |Add a new dependent account +[`Remove-PASDependentAccount`][Remove-PASDependentAccount] |**14.6** |Delete dependent accounts +[`Resume-PASDependentAccount`][Resume-PASDependentAccount] |**14.6** |Resume password management of dependent accounts +[`Get-PASDependentAccount`][Get-PASDependentAccount] |**14.6** |List details of dependent accounts +[`Sync-PASDependentAccount`][Sync-PASDependentAccount] |**14.6** |Synchronize the password of a dependent account with its master +[`Set-PASDependentAccount`][Set-PASDependentAccount] |**14.6** |Update a dependent account +[`Remove-PASPTASecurityConfigurationProperty`][Remove-PASPTASecurityConfigurationProperty]|**14.6** |Delete PTA security configuration properties +[`Reset-PASPTASecurityConfigurationProperty`][Reset-PASPTASecurityConfigurationProperty] |**14.6** |Reset PTA security configuration properties +[`Reset-PASPTASecurityConfigurationCategory`][Reset-PASPTASecurityConfigurationCategory] |**14.6** |Reset PTA security configuration categories +[`Get-PASPTASecurityConfigurationCategory`][Get-PASPTASecurityConfigurationCategory] |**14.6** |Return PTA security configuration categories +[`Add-PASPTASyslog`][Add-PASPTASyslog] |**14.6** |Add a new syslog configuration to PTA +[`Remove-PASPTASyslog`][Remove-PASPTASyslog] |**14.6** |Remove a syslog configuration from PTA +[`Set-PASPTASMTP`][Set-PASPTASMTP] |**14.4** |Add a new SMTP configuration to PTA +[`Get-PASAccountSearchProperty`][Get-PASAccountSearchProperty] |**14.6** |List configured search properties + +[Enable-PASTheme]:/commands/Enable-PASTheme +[Remove-PASTheme]:/commands/Remove-PASTheme +[Import-PASThemeImage]:/commands/Import-PASThemeImage +[Export-PASThemeImage]:/commands/Export-PASThemeImage +[Reset-PASTheme]:/commands/Reset-PASTheme +[Publish-PASTheme]:/commands/Publish-PASTheme +[Get-PASTheme]:/commands/Get-PASTheme +[New-PASTheme]:/commands/New-PASTheme +[Set-PASTheme]:/commands/Set-PASTheme +[Get-PASStoredPlatform]:/commands/Get-PASStoredPlatform +[Remove-PASStoredPlatform]:/commands/Remove-PASStoredPlatform +[Get-PASUserLicenseReport]:/commands/Get-PASUserLicenseReport +[Get-PASReport]:/commands/Get-PASReport +[Get-PASReportSchedule]:/commands/Get-PASReportSchedule +[New-PASReportSchedule]:/commands/New-PASReportSchedule +[Export-PASReport]:/commands/Export-PASReport +[Add-PASUserAllowedAuthenticationMethod]:/commands/Add-PASUserAllowedAuthenticationMethod +[Remove-PASUserAllowedAuthenticationMethod]:/commands/Remove-PASUserAllowedAuthenticationMethod +[Remove-PASFIDO2Device]:/commands/Remove-PASFIDO2Device +[Get-PASMasterPolicy]:/commands/Get-PASMasterPolicy +[Set-PASMasterPolicy]:/commands/Set-PASMasterPolicy +[Add-PASDependentAccount]:/commands/Add-PASDependentAccount +[Remove-PASDependentAccount]:/commands/Remove-PASDependentAccount +[Resume-PASDependentAccount]:/commands/Resume-PASDependentAccount +[Get-PASDependentAccount]:/commands/Get-PASDependentAccount +[Sync-PASDependentAccount]:/commands/Sync-PASDependentAccount +[Set-PASDependentAccount]:/commands/Set-PASDependentAccount +[Remove-PASPTASecurityConfigurationProperty]:/commands/Remove-PASPTASecurityConfigurationProperty +[Reset-PASPTASecurityConfigurationProperty]:/commands/Reset-PASPTASecurityConfigurationProperty +[Reset-PASPTASecurityConfigurationCategory]:/commands/Reset-PASPTASecurityConfigurationCategory +[Get-PASPTASecurityConfigurationCategory]:/commands/Get-PASPTASecurityConfigurationCategory +[Add-PASPTASyslog]:/commands/Add-PASPTASyslog +[Remove-PASPTASyslog]:/commands/Remove-PASPTASyslog +[Set-PASPTASMTP]:/commands/Set-PASPTASMTP +[Get-PASAccountSearchProperty]:/commands/Get-PASAccountSearchProperty [Get-PASIPAllowList]:/commands/Get-PASIPAllowList [Set-PASIPAllowList]:/commands/Set-PASIPAllowList [Get-PASBYOKConfig]:/commands/Get-PASBYOKConfig diff --git a/docs/collections/_pages/about.md b/docs/collections/_pages/about.md index 0d776112..f3ed56fe 100644 --- a/docs/collections/_pages/about.md +++ b/docs/collections/_pages/about.md @@ -3,18 +3,18 @@ title: "About psPAS" layout: single permalink: /about/ excerpt: "All about psPAS" -last_modified_at: 2022-09-24T01:23:45-00:00 +last_modified_at: 2025-09-09T01:23:45-00:00 toc: true author_profile: true header: image: /assets/images/shop_banner_symbol.png --- -Over 100 commands for the CyberArk REST API are included in psPAS, which was first made available via Github in 2017 and is now also downloadable via the PowerShell Gallery. +psPAS offers over 200 PowerShell commands for interacting with the CyberArk REST API. Originally launched on GitHub in 2017, the module is now also available via the PowerShell Gallery for easy installation and updates. -The module is intended to work with both the newest CyberArk version release and also older versions of the API, giving users of CyberArk an easily accessible tool for automating both routine administrative tasks and more specialized requirements. +Designed for flexibility, psPAS supports both the latest CyberArk releases and legacy API versions, making it a powerful tool for automating everything from day-to-day admin tasks to complex operational workflows. -It is possible to develop and automate CyberArk operations for Windows, Linux, and macOS because of the module's compatibility with both PowerShell Core and Windows PowerShell. +With full compatibility across Windows PowerShell and PowerShell Core, the module enables cross-platform automation on Windows, Linux, and macOS. The module's standard set of commands offers a number of advantages for dealing with the CyberArk API, including: diff --git a/docs/collections/_pages/commands.md b/docs/collections/_pages/commands.md index 20670276..67d54af5 100644 --- a/docs/collections/_pages/commands.md +++ b/docs/collections/_pages/commands.md @@ -2,7 +2,7 @@ title: "psPAS + API Command Reference" permalink: /commands/ excerpt: "Command Reference" -last_modified_at: 2023-03-06T01:23:45-00:00 +last_modified_at: 2025-09-09T01:23:45-00:00 toc: false layout: single-mod classes: wide @@ -209,7 +209,77 @@ A psPAS command may not appear in the below list due to it not being explicitly [Get risk events][Get risk events] | [Get-PASPTARiskEvent][Get-PASPTARiskEvent] [Update risk event][Update risk event] | [Set-PASPTARiskEvent][Set-PASPTARiskEvent] [Get risk summary][Get risk summary] | [Get-PASPTARiskSummary][Get-PASPTARiskSummary] +[Activate UI Theme][Activate UI Theme] | [Enable-PASTheme][Enable-PASTheme] +[Remove UI Theme][Remove UI Theme] | [Remove-PASTheme][Remove-PASTheme] +[Import Theme Image][Import Theme Image] | [Import-PASThemeImage][Import-PASThemeImage] +[Export Theme Image][Export Theme Image] | [Export-PASThemeImage][Export-PASThemeImage] +[Reset UI Theme][Reset UI Theme] | [Reset-PASTheme][Reset-PASTheme] +[Publish UI Theme][Publish UI Theme] | [Publish-PASTheme][Publish-PASTheme] +[Get UI Theme Details][Get UI Theme Details] | [Get-PASTheme][Get-PASTheme] +[Create UI Theme][Create UI Theme] | [New-PASTheme][New-PASTheme] +[Update UI Theme][Update UI Theme] | [Set-PASTheme][Set-PASTheme] +[Get Stored Platform][Get Stored Platform] | [Get-PASStoredPlatform][Get-PASStoredPlatform] +[Remove Stored Platform][Remove Stored Platform] | [Remove-PASStoredPlatform][Remove-PASStoredPlatform] +[Get User License Report][Get User License Report] | [Get-PASUserLicenseReport][Get-PASUserLicenseReport] +[List Available Reports][List Available Reports] | [Get-PASReport][Get-PASReport] +[List Report Schedules][List Report Schedules] | [Get-PASReportSchedule][Get-PASReportSchedule] +[Create Report Schedule][Create Report Schedule] | [New-PASReportSchedule][New-PASReportSchedule] +[Export Report][Export Report] | [Export-PASReport][Export-PASReport] +[Add Allowed Authentication Methods][Add Allowed Authentication Methods] | [Add-PASUserAllowedAuthenticationMethod][Add-PASUserAllowedAuthenticationMethod] +[Remove Allowed Authentication Methods][Remove Allowed Authentication Methods] | [Remove-PASUserAllowedAuthenticationMethod][Remove-PASUserAllowedAuthenticationMethod] +[Remove FIDO2 Device][Remove FIDO2 Device] | [Remove-PASFIDO2Device][Remove-PASFIDO2Device] +[Get Master Policy Settings][Get Master Policy Settings] | [Get-PASMasterPolicy][Get-PASMasterPolicy] +[Update Master Policy Settings][Update Master Policy Settings] | [Set-PASMasterPolicy][Set-PASMasterPolicy] +[Add Dependent Account][Add Dependent Account] | [Add-PASDependentAccount][Add-PASDependentAccount] +[Remove Dependent Account][Remove Dependent Account] | [Remove-PASDependentAccount][Remove-PASDependentAccount] +[Resume Dependent Account Management][Resume Dependent Account Management] | [Resume-PASDependentAccount][Resume-PASDependentAccount] +[Get Dependent Account Details][Get Dependent Account Details] | [Get-PASDependentAccount][Get-PASDependentAccount] +[Sync Dependent Account Password][Sync Dependent Account Password] | [Sync-PASDependentAccount][Sync-PASDependentAccount] +[Update Dependent Account][Update Dependent Account] | [Set-PASDependentAccount][Set-PASDependentAccount] +[Remove PTA Security Property][Remove PTA Security Property] | [Remove-PASPTASecurityConfigurationProperty][Remove-PASPTASecurityConfigurationProperty] +[Reset PTA Security Property][Reset PTA Security Property] | [Reset-PASPTASecurityConfigurationProperty][Reset-PASPTASecurityConfigurationProperty] +[Reset PTA Security Category][Reset PTA Security Category] | [Reset-PASPTASecurityConfigurationCategory][Reset-PASPTASecurityConfigurationCategory] +[Get PTA Security Categories][Get PTA Security Categories] | [Get-PASPTASecurityConfigurationCategory][Get-PASPTASecurityConfigurationCategory] +[Add PTA Syslog Configuration][Add PTA Syslog Configuration] | [Add-PASPTASyslog][Add-PASPTASyslog] +[Remove PTA Syslog Configuration][Remove PTA Syslog Configuration] | [Remove-PASPTASyslog][Remove-PASPTASyslog] +[Set PTA SMTP Configuration][Set PTA SMTP Configuration] | [Set-PASPTASMTP][Set-PASPTASMTP] +[List Account Search Properties][List Account Search Properties] | [Get-PASAccountSearchProperty][Get-PASAccountSearchProperty] +[Enable-PASTheme]:/psPAS/Functions/Theme/Enable-PASTheme +[Remove-PASTheme]:/psPAS/Functions/Theme/Remove-PASTheme +[Import-PASThemeImage]:/psPAS/Functions/Theme/Import-PASThemeImage +[Export-PASThemeImage]:/psPAS/Functions/Theme/Export-PASThemeImage +[Reset-PASTheme]:/psPAS/Functions/Theme/Reset-PASTheme +[Publish-PASTheme]:/psPAS/Functions/Theme/Publish-PASTheme +[Get-PASTheme]:/psPAS/Functions/Theme/Get-PASTheme +[New-PASTheme]:/psPAS/Functions/Theme/New-PASTheme +[Set-PASTheme]:/psPAS/Functions/Theme/Set-PASTheme +[Get-PASStoredPlatform]:/psPAS/Functions/Platforms/Get-PASStoredPlatform +[Remove-PASStoredPlatform]:/psPAS/Functions/Platforms/Remove-PASStoredPlatform +[Get-PASUserLicenseReport]:/psPAS/Functions/Reports/Get-PASUserLicenseReport +[Get-PASReport]:/psPAS/Functions/Reports/Get-PASReport +[Get-PASReportSchedule]:/psPAS/Functions/Reports/Get-PASReportSchedule +[New-PASReportSchedule]:/psPAS/Functions/Reports/New-PASReportSchedule +[Export-PASReport]:/psPAS/Functions/Reports/Export-PASReport +[Add-PASUserAllowedAuthenticationMethod]:/psPAS/Functions/Users/Add-PASUserAllowedAuthenticationMethod +[Remove-PASUserAllowedAuthenticationMethod]:/psPAS/Functions/Users/Remove-PASUserAllowedAuthenticationMethod +[Remove-PASFIDO2Device]:/psPAS/Functions/Users/Remove-PASFIDO2Device +[Get-PASMasterPolicy]:/psPAS/Functions/Policy/Get-PASMasterPolicy +[Set-PASMasterPolicy]:/psPAS/Functions/Policy/Set-PASMasterPolicy +[Add-PASDependentAccount]:/psPAS/Functions/Accounts/Add-PASDependentAccount +[Remove-PASDependentAccount]:/psPAS/Functions/Accounts/Remove-PASDependentAccount +[Resume-PASDependentAccount]:/psPAS/Functions/Accounts/Resume-PASDependentAccount +[Get-PASDependentAccount]:/psPAS/Functions/Accounts/Get-PASDependentAccount +[Sync-PASDependentAccount]:/psPAS/Functions/Accounts/Sync-PASDependentAccount +[Set-PASDependentAccount]:/psPAS/Functions/Accounts/Set-PASDependentAccount +[Remove-PASPTASecurityConfigurationProperty]:/psPAS/Functions/PTA/Remove-PASPTASecurityConfigurationProperty +[Reset-PASPTASecurityConfigurationProperty]:/psPAS/Functions/PTA/Reset-PASPTASecurityConfigurationProperty +[Reset-PASPTASecurityConfigurationCategory]:/psPAS/Functions/PTA/Reset-PASPTASecurityConfigurationCategory +[Get-PASPTASecurityConfigurationCategory]:/psPAS/Functions/PTA/Get-PASPTASecurityConfigurationCategory +[Add-PASPTASyslog]:/psPAS/Functions/PTA/Add-PASPTASyslog +[Remove-PASPTASyslog]:/psPAS/Functions/PTA/Remove-PASPTASyslog +[Set-PASPTASMTP]:/psPAS/Functions/PTA/Set-PASPTASMTP +[Get-PASAccountSearchProperty]:/psPAS/Functions/Accounts/Get-PASAccountSearchProperty [Get-PASUserTypeInfo]:/commands/Get-PASUserTypeInfo [Get-PASPTARiskEvent]:/commands/Get-PASPTARiskEvent [Set-PASPTARiskEvent]:/commands/Set-PASPTARiskEvent @@ -360,6 +430,41 @@ A psPAS command may not appear in the below list due to it not being explicitly [Get-PASPTAGlobalCatalog]:/commands/Get-PASPTAGlobalCatalog [Add-PASPTAGlobalCatalog]:/commands/Add-PASPTAGlobalCatalog +[Enable UI Theme]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EnableTheme.htm +[Remove UI Theme]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveTheme.htm +[Import Theme Image]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ImportThemeImage.htm +[Export Theme Image]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ExportThemeImage.htm +[Reset UI Theme]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ResetTheme.htm +[Publish UI Theme]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/PublishTheme.htm +[Get UI Theme Details]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetTheme.htm +[Create UI Theme]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/CreateTheme.htm +[Update UI Theme]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/UpdateTheme.htm +[Get Stored Platform]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetStoredPlatform.htm +[Remove Stored Platform]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveStoredPlatform.htm +[Get User License Report]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetUserLicenseReport.htm +[List Available Reports]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetReports.htm +[List Report Schedules]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetReportSchedules.htm +[Create Report Schedule]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/CreateReportSchedule.htm +[Export Report]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ExportReport.htm +[Add Allowed Authentication Methods]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/AddAllowedAuthenticationMethods.htm +[Remove Allowed Authentication Methods]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveAllowedAuthenticationMethods.htm +[Remove FIDO2 Device]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveFIDO2Device.htm +[Get Master Policy Settings]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetMasterPolicy.htm +[Update Master Policy Settings]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/UpdateMasterPolicy.htm +[Add Dependent Account]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/AddDependentAccount.htm +[Remove Dependent Account]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveDependentAccount.htm +[Resume Dependent Account Management]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ResumeDependentAccount.htm +[Get Dependent Account Details]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetDependentAccount.htm +[Sync Dependent Account Password]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/SyncDependentAccount.htm +[Update Dependent Account]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/UpdateDependentAccount.htm +[Remove PTA Security Property]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemovePTASecurityProperty.htm +[Reset PTA Security Property]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ResetPTASecurityProperty.htm +[Reset PTA Security Category]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ResetPTASecurityCategory.htm +[Get PTA Security Categories]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetPTASecurityCategories.htm +[Add PTA Syslog Configuration]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/AddPTASyslog.htm +[Remove PTA Syslog Configuration]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemovePTASyslog.htm +[Set PTA SMTP Configuration]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/SetPTASMTP.htm +[List Account Search Properties]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccountSearchProperties.htm [Get incoming request list]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetIncomingRequestList.htm [Create access request for multiple accounts]:https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.2/en/Content/WebServices/Create-multiple-requests.htm [Get risk events]:https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/GetRiskEvents.htm diff --git a/docs/collections/_posts/2025-09-09-pspas-release-7-0.md b/docs/collections/_posts/2025-09-09-pspas-release-7-0.md new file mode 100644 index 00000000..d4bd6165 --- /dev/null +++ b/docs/collections/_posts/2025-09-09-pspas-release-7-0.md @@ -0,0 +1,209 @@ +--- +title: "psPAS Release 7.0" +date: 2025-09-09 00:00:00 +tags: + - Release Notes + - Remove-PASPublicSSHKey + - Get-PASPublicSSHKey + - Add-PASPublicSSHKey + - Get-PASAccountPassword + - Get-PASSAMLResponse + - Get-PASSafe + - New-PASAccountObject + - New-PASAccountPassword + - Enable-PASTheme + - Remove-PASTheme + - Import-PASThemeImage + - Export-PASThemeImage + - Reset-PASTheme + - Publish-PASTheme + - Get-PASTheme + - New-PASTheme + - Set-PASTheme + - Get-PASStoredPlatform + - Remove-PASStoredPlatform + - Get-PASUserLicenseReport + - Get-PASReport + - Get-PASReportSchedule + - New-PASReportSchedule + - Export-PASReport + - Remove-PASUserAllowedAuthenticationMethod + - Add-PASUserAllowedAuthenticationMethod + - Remove-PASFIDO2Device + - Get-PASMasterPolicy + - Set-PASMasterPolicy + - Remove-PASDependentAccount + - Resume-PASDependentAccount + - Get-PASDependentAccount + - Sync-PASDependentAccount + - Set-PASDependentAccount + - Add-PASDependentAccount + - Remove-PASPTASecurityConfigurationProperty + - Reset-PASPTASecurityConfigurationProperty + - Reset-PASPTASecurityConfigurationCategory + - Get-PASPTASecurityConfigurationCategory + - Add-PASPTASyslog + - Remove-PASPTASyslog + - Set-PASPTASMTP + - Get-PASAccountSearchProperty + - Add-PASSafeMember + - Set-PASSafeMember + - Get-PASAccount + - Add-PASAccount + - Import-PASPlatform + - New-PASDirectoryMapping + - Set-PASDirectoryMapping + - New-PASUser + - Set-PASUser + - Get-PASComponentSummary + - Approve-PASRequest + - Deny-PASRequest +--- + +## **7.0** + +**Special shout out to [JP-Consulting](https://github.com/johannesconsulting) for the help on this release** + +_Update includes almost all updates for the 14.2, 14.4 & 14.6 CyberArk Self-Hosted Releases_ + +### Added +- `Enable-PASTheme` + - New 14.6 command to activate a custom UI theme + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Remove-PASTheme` + - New 14.6 command to delete a custom UI theme + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Import-PASThemeImage` + - New 14.6 command to import an image to use in a custom UI theme +- `Export-PASThemeImage` + - New 14.6 command to export an image used in a custom UI theme +- `Reset-PASTheme` + - New 14.6 command to reset the UI theme to default +- `Publish-PASTheme` + - New 14.6 command to change the draft status of a custom UI theme +- `Get-PASTheme` + - New 14.6 command to return details of custom UI themes +- `New-PASTheme` + - New 14.6 command to create a new custom UI theme +- `Set-PASTheme` + - New 14.6 command to update a custom UI theme +- `Get-PASStoredPlatform` + - New 14.6 command to get details of platforms stored in memory for import +- `Remove-PASStoredPlatform` + - New 14.6 command to delete a stored platform from memory +- `Get-PASUserLicenseReport` + - Returns information about usage of Privilege Cloud user licenses +- `Get-PASReport` + - New 14.6 command to list reports available to your user +- `Get-PASReportSchedule` + - New 14.6 command to list report schedules +- `New-PASReportSchedule` + - New 14.6 command to create a scheduled report +- `Export-PASReport` + - New 14.6 command to export an available report +- `Remove-PASUserAllowedAuthenticationMethod` + - New 14.4 command to remove allowed authentication methods from multiple users in a single request +- `Add-PASUserAllowedAuthenticationMethod` + - New 14.4 command to add allowed authentication methods to multiple users in a single request +- `Remove-PASFIDO2Device` + - New 14.6 command to remove a configured FIDO2 device from a user + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASMasterPolicy` + - New 14.6 command to list Master Policy settings +- `Set-PASMasterPolicy` + - New 14.6 command to update Master Policy settings +- `Remove-PASDependentAccount` + - New 14.6 command to delete dependent accounts +- `Resume-PASDependentAccount` + - New 14.6 command to resume password management of dependent accounts + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASDependentAccount` + - New 14.6 command to list details of dependent accounts +- `Sync-PASDependentAccount` + - New 14.6 command to synchronise the password of a dependent account with its master account + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Set-PASDependentAccount` + - New 14.6 command to update a dependent account +- `Add-PASDependentAccount` + - New 14.6 command to add a new dependent account +- `Remove-PASPTASecurityConfigurationProperty` + - New 14.6 command to delete PTA security configuration properties + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Reset-PASPTASecurityConfigurationProperty` + - New 14.6 command to reset PTA security configuration properties + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Reset-PASPTASecurityConfigurationCategory` + - New 14.6 command to reset PTA security configuration categories + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASPTASecurityConfigurationCategory` + - New 14.6 command to return PTA security configuration categories + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Add-PASPTASyslog` + - New 14.6 command to add a new syslog configuration to PTA + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Remove-PASPTASyslog` + - New 14.6 command to remove a syslog configuration from PTA + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Set-PASPTASMTP` + - New 14.4 command to add a new SMTP configuration to PTA + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASAccountSearchProperty` + - New 14.6 command to list configured search properties + +### Updated +- `Add-PASSafeMember` + - Updated to include permission pre-sets to match functionality available via PVWA + - Thanks [Slasky86](https://github.com/Slasky86)!! +- `Set-PASSafeMember` + - Updated to include permission pre-sets to match functionality available via PVWA + - Thanks [Slasky86](https://github.com/Slasky86)!! +- `Get-PASAccount` + - Updated to handle new quoting model for filter operations in version 14.6 + - Adds dynamic search properties to the filter parameters list + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Add-PASAccount` + - Added `AllowAccountDuplications` parameter, which works in conjunction with the 14.6 `AccountDuplicationEnforcementLevel` setting +- `Import-PASPlatform` + - New parameter sets added to support updating existing platforms and side-by-side imports +- `New-PASDirectoryMapping`, `Set-PASDirectoryMapping` + - Added the `allowedAuthenticationMethods` parameter + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `New-PASUser`, `Set-PASUser` + - Added the `allowedAuthenticationMethods` parameter + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Get-PASComponentSummary` + - Now includes vault replication data in command output + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! +- `Approve-PASRequest` + - Adds support for bulk approvals using a single request +- `Deny-PASRequest` + - Adds support for bulk rejections using a single request +- `New-PASAccountPassword` + - Updated to include additional error checking +- `New-PASAccountObject` + - Updated to create formatted objects for Dependent Account operations +- `Get-PASSafe` + - Fixed issue with incorrectly defined `sort` parameter + - Adds sortDirection parameter to enable ascending or descending sort of safes by SafeName or Managing CPM +- Script Methods + - `ToCredential()` + - Available on password objects + - Allows password values returned from the API to be converted to Credential objects + - `GetPermissions()` + - Available on Safe Member objects + - Enables conversion of safe ACL to hashtable which can be used to splat against Add-PASSafeMember & Set-PASSafeMember + - `ToHashtable()` + - Available on Account objects. + - Converts an Account object to a hashtable so that it can be splatted against Add-PASAccount +- Various corrections to help file contents + +### Fixed +- `Get-PASSAMLResponse` + - Fixes a responsibly disclosed security vulnerability where TLS 1.2 was not enforced when a value for the SAMLResponse parameter was not provided to the New-PASSession command when using the Gen2SAML ParameterSet. + - Much Respect to [Cristian Gaber](https://cgaber.com) for highlighting this to us. +- `Get-PASAccountPassword` + - Fixes a parsing issue that could affect password values returned from the command. + - Thanks [ChristopherRanney](https://github.com/ChristopherRanney)!! +- `Add-PASPublicSSHKey`, `Get-PASPublicSSHKey`, `Remove-PASPublicSSHKey` + - Corrects the URLs used by the commands + - Thanks [JP-Consulting](https://github.com/johannesconsulting)!!! diff --git a/psPAS/Functions/Accounts/Add-PASAccount.ps1 b/psPAS/Functions/Accounts/Add-PASAccount.ps1 index bc6922c7..6b059355 100644 --- a/psPAS/Functions/Accounts/Add-PASAccount.ps1 +++ b/psPAS/Functions/Accounts/Add-PASAccount.ps1 @@ -115,6 +115,13 @@ function Add-PASAccount { )] [boolean]$accessRestrictedToRemoteMachines, + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [boolean]$AllowAccountDuplications, + [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, @@ -229,7 +236,7 @@ function Add-PASAccount { PROCESS { #Get all parameters that will be sent in the request - $boundParameters = $PSBoundParameters | Get-PASParameter + $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove 'AllowAccountDuplications' switch ($PSCmdlet.ParameterSetName) { @@ -240,6 +247,13 @@ function Add-PASAccount { #Create URL for Request $URI = "$($psPASSession.BaseURI)/api/Accounts" + If($PSBoundParameters.ContainsKey('AllowAccountDuplications')) { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.6 + $URI = "$URI`?AllowAccountDuplications=$($PSBoundParameters['AllowAccountDuplications'])" + + } + $Account = New-PASAccountObject @boundParameters $body = $Account | ConvertTo-Json diff --git a/psPAS/Functions/Accounts/Add-PASDependentAccount.ps1 b/psPAS/Functions/Accounts/Add-PASDependentAccount.ps1 new file mode 100644 index 00000000..c724c731 --- /dev/null +++ b/psPAS/Functions/Accounts/Add-PASDependentAccount.ps1 @@ -0,0 +1,80 @@ +# .ExternalHelp psPAS-help.xml +Function Add-PASDependentAccount { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('id')] + [string]$AccountId, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [string]$name, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$platformId, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [hashtable]$platformAccountProperties, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [boolean]$automaticManagementEnabled, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [string]$manualManagementReason + + ) + + BEGIN { + + Assert-VersionRequirement -RequiredVersion 14.6 + + }#begin + + PROCESS { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Accounts/$AccountID/dependentAccounts" + + #Get all parameters that will be sent in the request + $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove AccountID + + $DependentAccount = New-PASAccountObject @boundParameters -DependentAccount + + $body = $DependentAccount | ConvertTo-Json + + if ($PSCmdlet.ShouldProcess($AccountID, "Add Dependent Account")) { + + #Send request to web service + $Result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $body + + } + + If ($null -ne $result) { + + #Return Results + $result + + } + + }#process + + END { }#end + +} diff --git a/psPAS/Functions/Accounts/Get-PASAccount.ps1 b/psPAS/Functions/Accounts/Get-PASAccount.ps1 index d516b521..40df6ab2 100644 --- a/psPAS/Functions/Accounts/Get-PASAccount.ps1 +++ b/psPAS/Functions/Accounts/Get-PASAccount.ps1 @@ -86,15 +86,71 @@ function Get-PASAccount { Mandatory = $false, ValueFromPipelineByPropertyName = $false )] - [int]$TimeoutSec + [int]$TimeoutSec, + + [parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $false, + ParameterSetName = 'Gen2Query' + )] + [ValidateSet('AND', 'OR')] + [string]$LogicalOperator = 'AND' ) + DynamicParam { + # Create dynamic parameters based on available search properties from the API + # Only available for Gen2Query parameter set and version 14.4+ + if ($PSCmdlet.ParameterSetName -eq 'Gen2Query' -and + $script:psPASSession.ExternalVersion -ge [version]'14.4') { + + # Get available search properties from the API + $SearchProperties = Get-PASAccountSearchProperty + $paramDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary + + # List of existing static parameters to avoid duplicates + $existingParams = @('id', 'search', 'searchType', 'safeName', 'savedFilter', 'modificationTime', 'sort', 'limit', 'Keywords', 'Safe', 'TimeoutSec', 'LogicalOperator') + + # Create dynamic parameter for each search property not already defined + foreach ($property in $SearchProperties) { + if ($existingParams -notcontains $property.PropertyName) { + $paramAttribute = New-Object System.Management.Automation.ParameterAttribute + $paramAttribute.Mandatory = $false + $paramAttribute.ParameterSetName = 'Gen2Query' + $paramAttribute.ValueFromPipelineByPropertyName = $false + + $attributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute] + $attributeCollection.Add($paramAttribute) + + # Create runtime parameter for the search property + $runtimeParam = New-Object System.Management.Automation.RuntimeDefinedParameter($property.PropertyName, [string], $attributeCollection) + $paramDictionary.Add($property.PropertyName, $runtimeParam) + } + } + + return $paramDictionary + } + } + BEGIN { #Parameter to include as filter value in url $Parameters = [Collections.Generic.List[String]]@('modificationTime', 'SafeName') + # Add dynamic search properties to the filter parameters list for Gen2 14.4+ + if ($PSCmdlet.ParameterSetName -match 'Gen2' -and $psPASSession.ExternalVersion -ge [version]'14.4') { + $SearchProperties = Get-PASAccountSearchProperty + # Build lookup for validation of supported operators + $SearchPropertyLookup = @{} + foreach ($property in $SearchProperties) { + $SearchPropertyLookup[$property.PropertyName] = $property + # Add property to filter parameters + if ($property.PropertyName -notin @('modificationTime', 'SafeName')) { + $Parameters.Add($property.PropertyName) + } + } + } + }#begin PROCESS { @@ -102,7 +158,13 @@ function Get-PASAccount { #Get Parameters to include in request $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove $Parameters $filterParameters = $PSBoundParameters | Get-PASParameter -ParametersToKeep $Parameters - $FilterString = $filterParameters | ConvertTo-FilterString + + # Only use LogicalOperator for API 14.6+ + if ($PSCmdlet.ParameterSetName -eq 'Gen2Query' -and $psPASSession.ExternalVersion -ge [version]'14.6') { + $FilterString = $filterParameters | ConvertTo-FilterString -LogicalOperator $LogicalOperator + } else { + $FilterString = $filterParameters | ConvertTo-FilterString + } switch ($PSCmdlet.ParameterSetName) { @@ -235,8 +297,8 @@ function Get-PASAccount { $InternalProps | - #Add each property name and value as object property of $InternalProps - Add-ObjectDetail -PropertyToAdd @{$InternalProperties[$int].key = $InternalProperties[$int].value } -Passthru $false + #Add each property name and value as object property of $InternalProps + Add-ObjectDetail -PropertyToAdd @{$InternalProperties[$int].key = $InternalProperties[$int].value } -Passthru $false } diff --git a/psPAS/Functions/Accounts/Get-PASAccountPassword.ps1 b/psPAS/Functions/Accounts/Get-PASAccountPassword.ps1 index f110e9d1..55f1cf90 100644 --- a/psPAS/Functions/Accounts/Get-PASAccountPassword.ps1 +++ b/psPAS/Functions/Accounts/Get-PASAccountPassword.ps1 @@ -146,8 +146,8 @@ function Get-PASAccountPassword { 'Gen2' { - #Unescape returned string and remove enclosing quotes. - $result = $([System.Text.RegularExpressions.Regex]::Unescape($result) -replace '^"|"$', '') + #convert the result from json + $result = ConvertFrom-Json $result #Get UserName if parameter value not provided. if ($PSBoundParameters.Keys -notcontains 'UserName') { diff --git a/psPAS/Functions/Accounts/Get-PASAccountSearchProperty.ps1 b/psPAS/Functions/Accounts/Get-PASAccountSearchProperty.ps1 new file mode 100644 index 00000000..05c98f49 --- /dev/null +++ b/psPAS/Functions/Accounts/Get-PASAccountSearchProperty.ps1 @@ -0,0 +1,38 @@ +# .ExternalHelp psPAS-help.xml +Function Get-PASAccountSearchProperty { + [CmdletBinding()] + param( ) + + Begin { + + Assert-VersionRequirement -RequiredVersion 14.4 + + } + + Process { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Accounts/AdvancedSearchProperties" + + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + If ($null -ne $Result) { + + #Process and return structured result + $Result.advancedSearchProperties.PSObject.Properties | ForEach-Object { + [PSCustomObject]@{ + PropertyName = $_.Name + ValidValues = $_.Value.validValues -join ', ' + SupportedOperators = $_.Value.supportedOperators -join ', ' + SupportedLogicalOperators = $_.Value.supportedLogicalOperators -join ', ' + } + } + + } + + } + + End {} + +} \ No newline at end of file diff --git a/psPAS/Functions/Accounts/Get-PASDependentAccount.ps1 b/psPAS/Functions/Accounts/Get-PASDependentAccount.ps1 new file mode 100644 index 00000000..507c8f4e --- /dev/null +++ b/psPAS/Functions/Accounts/Get-PASDependentAccount.ps1 @@ -0,0 +1,225 @@ +# .ExternalHelp psPAS-help.xml +function Get-PASDependentAccount { + [CmdletBinding(DefaultParameterSetName = 'AllDependentAccounts')] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificAccount' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificDependentAccount' + )] + [Alias('AccountID')] + [string]$id, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificDependentAccount' + )] + [string]$dependentAccountId, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AllDependentAccounts' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificAccount' + )] + [string]$search, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AllDependentAccounts' + )] + [string]$MasterAccountId, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AllDependentAccounts' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificAccount' + )] + [datetime]$modificationTime, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AllDependentAccounts' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificAccount' + )] + [string]$platformId, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AllDependentAccounts' + )] + [string]$SafeName, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AllDependentAccounts' + )] + [bool]$includeDeleted, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificAccount' + )] + [bool]$failed, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SpecificDependentAccount' + )] + [bool]$extendedDetails, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AllDependentAccounts' + )] + [ValidateRange(1, 1000)] + [int]$limit, + + [parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $false + )] + [int]$TimeoutSec + + ) + + BEGIN { + + #check required version + Assert-VersionRequirement -RequiredVersion 14.6 + + #Parameter to include as filter value in url + $Parameters = [Collections.Generic.List[String]]@('MasterAccountId', 'modificationTime', 'platformId', 'SafeName') + + }#begin + + PROCESS { + + #Get Parameters to include in request + $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove $Parameters, id, dependentAccountId + $filterParameters = $PSBoundParameters | Get-PASParameter -ParametersToKeep $Parameters + $FilterString = $filterParameters | ConvertTo-FilterString + + switch ($PSCmdlet.ParameterSetName) { + + 'SpecificAccount' { + + #define base URL + $URI = "$($psPASSession.BaseURI)/API/Accounts/$id/dependentAccounts" + break + + } + + 'AllDependentAccounts' { + + #define base URL + $URI = "$($psPASSession.BaseURI)/API/dependentAccounts" + + If ($PSBoundParameters.Keys -notcontains 'Limit') { + $Limit = 100 #default limit + $boundParameters.Add('Limit', $Limit) # Add to boundparameters for inclusion in query string + } + + break + + } + + 'SpecificDependentAccount'{ + + #define base URL + $URI = "$($psPASSession.BaseURI)/API/Accounts/$id/dependentAccounts/$($dependentAccountId)" + break + + } + + } + + If ($null -ne $FilterString) { + + $boundParameters = $boundParameters + $FilterString + + } + + #Create Query String, escaped for inclusion in request URL + $queryString = $boundParameters | ConvertTo-QueryString + + If ($null -ne $queryString) { + + #Build URL from base URL + $URI = "$URI`?$queryString" + + } + + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET -TimeoutSec $TimeoutSec + + $Total = $result.Total + + If ($Total -gt 0) { + + #Set events as output collection + $DependentAccounts = [Collections.Generic.List[Object]]::New(@($result.DependentAccounts)) + + #Split Request URL into baseURI & any query string value + $URLString = $URI.Split('?') + $URI = $URLString[0] + $queryString = $URLString[1] + + For ( $Offset = $Limit ; $Offset -lt $Total ; $Offset += $Limit ) { + + #While more DependentAccounts to return, create nextLink query value + $nextLink = "OffSet=$Offset" + + if ($null -ne $queryString) { + + #If original request contained a queryString, concatenate with nextLink value. + $nextLink = "$queryString&$nextLink" + + } + $result = (Invoke-PASRestMethod -Uri "$URI`?$nextLink" -Method GET).DependentAccounts + + #Request nextLink. Add DependentAccounts to output collection. + $Null = $DependentAccounts.AddRange($result) + } + + $Result = $DependentAccounts + + } + + If ($null -ne $result) { + + $Result + + } + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/Accounts/New-PASAccountObject.ps1 b/psPAS/Functions/Accounts/New-PASAccountObject.ps1 index d9f04f61..8bf9352b 100644 --- a/psPAS/Functions/Accounts/New-PASAccountObject.ps1 +++ b/psPAS/Functions/Accounts/New-PASAccountObject.ps1 @@ -30,6 +30,11 @@ Function New-PASAccountObject { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'AccountObject' )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'DependentAccountObject' + )] [string]$name, [parameter( @@ -50,6 +55,11 @@ Function New-PASAccountObject { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'AccountObject' )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'DependentAccountObject' + )] [Alias('PolicyID')] [string]$platformID, @@ -88,6 +98,11 @@ Function New-PASAccountObject { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'AccountObject' )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'DependentAccountObject' + )] [hashtable]$platformAccountProperties, [parameter( @@ -95,6 +110,11 @@ Function New-PASAccountObject { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'AccountObject' )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'DependentAccountObject' + )] [boolean]$automaticManagementEnabled, [parameter( @@ -102,6 +122,11 @@ Function New-PASAccountObject { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'AccountObject' )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'DependentAccountObject' + )] [string]$manualManagementReason, [parameter( @@ -130,7 +155,14 @@ Function New-PASAccountObject { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'PersonalAdminAccount' )] - [switch]$PersonalAdminAccount + [switch]$PersonalAdminAccount, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'DependentAccountObject' + )] + [switch]$DependentAccount ) @@ -194,11 +226,32 @@ Function New-PASAccountObject { } + 'DependentAccountObject' { + + $boundParameters.keys | Where-Object { $SecretMgmt -contains $PSItem } | ForEach-Object { + + $secretManagement = @{ } + + } { + + #add key=value to hashtable + $secretManagement[$PSItem] = $boundParameters[$PSItem] + + } { + + $boundParameters['secretManagement'] = $secretManagement + + } + + break + + } + } if ($PSCmdlet.ShouldProcess($userName, 'Create Account Object Definition')) { - $boundParameters | Get-PASParameter -ParametersToRemove @($remoteMachine + $SecretMgmt + 'PersonalAdminAccount') + $boundParameters | Get-PASParameter -ParametersToRemove @($remoteMachine + $SecretMgmt + 'PersonalAdminAccount' + 'DependentAccount') } diff --git a/psPAS/Functions/Accounts/New-PASAccountPassword.ps1 b/psPAS/Functions/Accounts/New-PASAccountPassword.ps1 index f0290e5b..ed42e6bd 100644 --- a/psPAS/Functions/Accounts/New-PASAccountPassword.ps1 +++ b/psPAS/Functions/Accounts/New-PASAccountPassword.ps1 @@ -31,8 +31,9 @@ function New-PASAccountPassword { if ($null -ne $result) { #Unescape returned string. - $result = [System.Text.RegularExpressions.Regex]::Unescape($result.password) - + try { + $result = [System.Text.RegularExpressions.Regex]::Unescape($result.password) + } catch { $result = $result.password } [PSCustomObject] @{'Password' = $result } | Add-ObjectDetail -typename psPAS.CyberArk.Vault.Credential } diff --git a/psPAS/Functions/Accounts/Remove-PASDependentAccount.ps1 b/psPAS/Functions/Accounts/Remove-PASDependentAccount.ps1 new file mode 100644 index 00000000..f1b3aa81 --- /dev/null +++ b/psPAS/Functions/Accounts/Remove-PASDependentAccount.ps1 @@ -0,0 +1,43 @@ +# .ExternalHelp psPAS-help.xml +Function Remove-PASDependentAccount { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('id')] + [string]$AccountID, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('dependentid')] + [string]$dependentAccountId + + ) + + BEGIN { + + Assert-VersionRequirement -RequiredVersion 14.6 + + }#begin + + PROCESS { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Accounts/$AccountID/dependentAccounts/$dependentAccountId" + + if ($PSCmdlet.ShouldProcess($AccountID, "Remove Dependent Account")) { + + #Send request to web service + Invoke-PASRestMethod -Uri $URI -Method DELETE + + } + + }#process + + END { }#end + +} diff --git a/psPAS/Functions/Accounts/Resume-PASDependentAccount.ps1 b/psPAS/Functions/Accounts/Resume-PASDependentAccount.ps1 new file mode 100644 index 00000000..4f2f5a40 --- /dev/null +++ b/psPAS/Functions/Accounts/Resume-PASDependentAccount.ps1 @@ -0,0 +1,43 @@ +# .ExternalHelp psPAS-help.xml +Function Resume-PASDependentAccount { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('id')] + [string]$AccountID, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('dependentid')] + [string]$dependentAccountId + + ) + + BEGIN { + + Assert-VersionRequirement -RequiredVersion 14.6 + + }#begin + + PROCESS { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Accounts/$AccountID/dependentAccounts/$dependentAccountId/Resume" + + if ($PSCmdlet.ShouldProcess($AccountID, "Resume Dependent Account")) { + + #Send request to web service + Invoke-PASRestMethod -Uri $URI -Method POST + + } + + }#process + + END { }#end + +} diff --git a/psPAS/Functions/Accounts/Set-PASDependentAccount.ps1 b/psPAS/Functions/Accounts/Set-PASDependentAccount.ps1 new file mode 100644 index 00000000..fd495947 --- /dev/null +++ b/psPAS/Functions/Accounts/Set-PASDependentAccount.ps1 @@ -0,0 +1,94 @@ +# .ExternalHelp psPAS-help.xml +Function Set-PASDependentAccount { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('id')] + [string]$accountId, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('dependentid')] + [string]$dependentAccountId, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [string]$name, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [hashtable]$platformAccountProperties, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [boolean]$automaticManagementEnabled, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [string]$manualManagementReason + + ) + + BEGIN { + + Assert-VersionRequirement -RequiredVersion 14.6 + + }#begin + + PROCESS { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Accounts/$AccountID/dependentAccounts/$dependentAccountId" + + #Get all parameters that will be sent in the request + $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove AccountID, dependentAccountId + + $DependentAccount = New-PASAccountObject @boundParameters -DependentAccount + + #Get the dependent account that is being updated + $DependentAccountObject = Get-PASDependentAccount -AccountId $AccountID -DependentAccountId $dependentAccountId + + #Set current values if required + if (-not $boundParameters.ContainsKey('name')) { + $DependentAccount.name = $DependentAccountObject.name + } + + if (-not $boundParameters.ContainsKey('platformAccountProperties')) { + $DependentAccount.platformAccountProperties = $DependentAccountObject.platformAccountProperties + } + + if (-not $boundParameters.ContainsKey('automaticManagementEnabled')) { + $DependentAccount.secretManagement.automaticManagementEnabled = $DependentAccountObject.secretManagement.automaticManagementEnabled + } + + if (-not $boundParameters.ContainsKey('manualManagementReason')) { + $DependentAccount.secretManagement.manualManagementReason = $DependentAccountObject.secretManagement.manualManagementReason + } + + $body = $DependentAccount | ConvertTo-Json + + if ($PSCmdlet.ShouldProcess($AccountID, "Update Dependent Account $dependentAccountId")) { + + #Send request to web service + Invoke-PASRestMethod -Uri $URI -Method PUT -Body $body + + } + + }#process + + END { }#end + +} diff --git a/psPAS/Functions/Accounts/Sync-PASDependentAccount.ps1 b/psPAS/Functions/Accounts/Sync-PASDependentAccount.ps1 new file mode 100644 index 00000000..cce04864 --- /dev/null +++ b/psPAS/Functions/Accounts/Sync-PASDependentAccount.ps1 @@ -0,0 +1,91 @@ +# .ExternalHelp psPAS-help.xml +Function Sync-PASDependentAccount { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false + )] + [Alias('id')] + [string]$accountId, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false + )] + [Alias('dependentid')] + [string[]]$dependentAccountId + + ) + + BEGIN { + + Assert-VersionRequirement -RequiredVersion 14.6 + + # Variable to track if we are doing bulk confirmation + $BulkConfirmation = $false + + $boundInput = $PSBoundParameters['dependentAccountId'] + + if (Test-IsMultiValue -Value $boundInput) { + + #Bulk Confirmations supported from 14.6 + Assert-VersionRequirement -RequiredVersion 14.6 + + $BulkConfirmation = $true + } + + $Request = @{ + Method = 'POST' + } + + }#begin + + PROCESS { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Accounts/$AccountID/dependentAccounts" + + if ($BulkConfirmation) { + + # Branch logic for bulk confirmation + #TODO: Confirm this URL - the documentation is unclear + $URI = "$URI/Sync/Bulk" + + #Create body of request + $Body = @{"BulkItems" = [System.Collections.Generic.List[object]]::new()} + $dependentAccountId | ForEach-Object { + $Body.BulkItems.Add( + @{ + accountId = $accountId + dependentAccountId = $PSItem + } + ) + } + + #Format body as JSON + $Body = $Body | ConvertTo-Json + + $Request.Add('Body', $Body) + + } Else{ + + # Branch logic for single confirmation + $URI = "$URI/$($boundInput)/Sync" + + } + + $Request.Add('Uri', $URI) + + if ($PSCmdlet.ShouldProcess($AccountID, "Sync Dependent Account")) { + + #Send request to web service + Invoke-PASRestMethod @Request + + } + + }#process + + END { }#end + +} diff --git a/psPAS/Functions/Authentication/Add-PASPublicSSHKey.ps1 b/psPAS/Functions/Authentication/Add-PASPublicSSHKey.ps1 index f3f5594c..a14ccc57 100644 --- a/psPAS/Functions/Authentication/Add-PASPublicSSHKey.ps1 +++ b/psPAS/Functions/Authentication/Add-PASPublicSSHKey.ps1 @@ -25,7 +25,7 @@ function Add-PASPublicSSHKey { #Create URL to endpoint for request $URI = "$($psPASSession.BaseURI)/WebServices/PIMServices.svc/Users/$($UserName | - Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/" + Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys" #create request body $Body = @{ diff --git a/psPAS/Functions/Authentication/Get-PASPublicSSHKey.ps1 b/psPAS/Functions/Authentication/Get-PASPublicSSHKey.ps1 index 9a69f3e2..b1e49061 100644 --- a/psPAS/Functions/Authentication/Get-PASPublicSSHKey.ps1 +++ b/psPAS/Functions/Authentication/Get-PASPublicSSHKey.ps1 @@ -18,7 +18,7 @@ function Get-PASPublicSSHKey { #Create URL for request $URI = "$($psPASSession.BaseURI)/WebServices/PIMServices.svc/Users/$($UserName | - Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/" + Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys" #Send request to web service $result = Invoke-PASRestMethod -Uri $URI -Method GET diff --git a/psPAS/Functions/Authentication/Remove-PASFIDO2Device.ps1 b/psPAS/Functions/Authentication/Remove-PASFIDO2Device.ps1 new file mode 100644 index 00000000..39f3fa67 --- /dev/null +++ b/psPAS/Functions/Authentication/Remove-PASFIDO2Device.ps1 @@ -0,0 +1,70 @@ +# .ExternalHelp psPAS-help.xml +Function Remove-PASFIDO2Device { + + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'OwnDevice', Justification = 'False Positive')] + [CmdletBinding(SupportsShouldProcess, DefaultParameterSetName = 'Default')] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Default' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'OwnDevice' + )] + [ValidateNotNullOrEmpty()] + [string]$id, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'OwnDevice' + )] + [switch]$OwnDevice + + ) + + BEGIN { + + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.6 + + }#begin + + PROCESS { + + switch ($PSCmdlet.ParameterSetName) { + + 'OwnDevice' { + + # Create URL for request to remove user's own FIDO2 device + $URI = "$($psPASSession.BaseURI)/api/fido2/selfKeys/$($id | Get-EscapedString)" + $ShouldProcessMessage = 'Delete Own FIDO2 Device' + break + + } + + default { + + # Create URL for request to remove user FIDO2 device + $URI = "$($psPASSession.BaseURI)/api/fido2/keys/$($id | Get-EscapedString)" + $ShouldProcessMessage = 'Delete FIDO2 Device' + + } + + } + + if ($PSCmdlet.ShouldProcess($id, $ShouldProcessMessage)) { + + #Send request to web service + Invoke-PASRestMethod -Uri $URI -Method DELETE + + } + + }#process + + END { }#end + +} diff --git a/psPAS/Functions/Authentication/Remove-PASPublicSSHKey.ps1 b/psPAS/Functions/Authentication/Remove-PASPublicSSHKey.ps1 index 432c1c03..25288160 100644 --- a/psPAS/Functions/Authentication/Remove-PASPublicSSHKey.ps1 +++ b/psPAS/Functions/Authentication/Remove-PASPublicSSHKey.ps1 @@ -24,7 +24,7 @@ function Remove-PASPublicSSHKey { #Create URL string for request $URI = "$($psPASSession.BaseURI)/WebServices/PIMServices.svc/Users/$($UserName | - Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/$KeyID/" + Get-EscapedString)/AuthenticationMethods/SSHKeyAuthentication/AuthorizedKeys/$KeyID" if ($PSCmdlet.ShouldProcess($KeyID, 'Delete Public SSH Key')) { diff --git a/psPAS/Functions/Connections/New-PASPSMSession.ps1 b/psPAS/Functions/Connections/New-PASPSMSession.ps1 index 0d8f5805..dbe99abf 100644 --- a/psPAS/Functions/Connections/New-PASPSMSession.ps1 +++ b/psPAS/Functions/Connections/New-PASPSMSession.ps1 @@ -313,7 +313,7 @@ function New-PASPSMSession { } Else { - #Save the RDP file to disk and automatically open it to spawn the RDP conenction to PSM + #Save the RDP file to disk and automatically open it to spawn the RDP connection to PSM Out-PASFile -InputObject $result -Path $Path | Invoke-Item } diff --git a/psPAS/Functions/Customization/Enable-PASTheme.ps1 b/psPAS/Functions/Customization/Enable-PASTheme.ps1 new file mode 100644 index 00000000..8c6ab5e5 --- /dev/null +++ b/psPAS/Functions/Customization/Enable-PASTheme.ps1 @@ -0,0 +1,37 @@ +# .ExternalHelp psPAS-help.xml +Function Enable-PASTheme { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string[]]$ThemesNames + + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/ActiveThemes/" + + #Request body + $Body = $PSBoundParameters | Get-PASParameter | ConvertTo-Json + + if ($PSCmdlet.ShouldProcess($ThemesNames, 'Setting UI Theme')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/Export-PASThemeImage.ps1 b/psPAS/Functions/Customization/Export-PASThemeImage.ps1 new file mode 100644 index 00000000..c8f3b30c --- /dev/null +++ b/psPAS/Functions/Customization/Export-PASThemeImage.ps1 @@ -0,0 +1,49 @@ +# .ExternalHelp psPAS-help.xml +Function Export-PASThemeImage { + [CmdletBinding()] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$imageName, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateNotNullOrEmpty()] + [ValidateScript( { Test-Path -Path $_ -IsValid })] + [string]$Path + + ) + + BEGIN { + + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/Images/$imageName/" + + #Request body + $Body = $PSBoundParameters | Get-PASParameter -ParametersToKeep imageName | ConvertTo-Json + + #send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET -Body $Body + + #if we get a byte array + If ($null -ne $result) { + + Out-PASFile -InputObject $result -Path $Path + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/Get-PASTheme.ps1 b/psPAS/Functions/Customization/Get-PASTheme.ps1 new file mode 100644 index 00000000..91c9da96 --- /dev/null +++ b/psPAS/Functions/Customization/Get-PASTheme.ps1 @@ -0,0 +1,86 @@ +# .ExternalHelp psPAS-help.xml +Function Get-PASTheme { + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'FindAll', Justification = 'False Positive')] + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'Active', Justification = 'False Positive')] + [CmdletBinding(DefaultParameterSetName = 'byAll')] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ByName' + )] + [string]$ThemeName, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ByActive' + )] + [switch]$Active, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'byAll' + )] + [switch]$FindAll + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/" + + switch ($PSCmdlet.ParameterSetName) { + + 'ByName' { + $URI = "$URI/Themes/$ThemeName/" + break + } + + 'ByActive'{ + $URI = "$URI/ActiveThemes/" + break + } + + default { + $URI = "$URI/Themes/" + } + + } + + #send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + if($null -ne $result) { + + switch ($PSCmdlet.ParameterSetName) { + + 'byAll' { + $return = $result | Select-Object -ExpandProperty CustomThemes + + break + } + + default { + $return = $result + + break + } + + } + + $return + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/Import-PASThemeImage.ps1 b/psPAS/Functions/Customization/Import-PASThemeImage.ps1 new file mode 100644 index 00000000..384b8f0b --- /dev/null +++ b/psPAS/Functions/Customization/Import-PASThemeImage.ps1 @@ -0,0 +1,55 @@ +# .ExternalHelp psPAS-help.xml +Function Import-PASThemeImage { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$Name, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateNotNullOrEmpty()] + [ValidateScript( { Test-Path -Path $_ -PathType Leaf })] + [string]$ImageFile + + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + $Request = @{} + $Request['Method'] = 'POST' + #Create URL for request + $Request['URI'] = "$($psPASSession.BaseURI)/API/Images/" + }#begin + + PROCESS { + + #Convert File to byte array + $FileBytes = $ImageFile | Get-ByteArray + + $Request['Body'] = @{ + 'Name' = $Name + 'Content' = $FileBytes + } | ConvertTo-Json + $Request['Debug'] = $false + + if ($PSCmdlet.ShouldProcess($Name, 'Add Image')) { + + try { + #send request to web service + Invoke-PASRestMethod @Request + } catch { + throw $_ + } + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/New-PASTheme.ps1 b/psPAS/Functions/Customization/New-PASTheme.ps1 new file mode 100644 index 00000000..bde28734 --- /dev/null +++ b/psPAS/Functions/Customization/New-PASTheme.ps1 @@ -0,0 +1,343 @@ +# .ExternalHelp psPAS-help.xml +Function New-PASTheme { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$name, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [boolean]$isDraft, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$mainBackgroundImage, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$mainLogoDark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$advancedSmallLogo, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$advancedSymbolLogo, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [ValidateSet('Bright', 'Dark')] + [string]$colorsStyle, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$backgroundMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$borderMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$textMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableTextPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableBackgroundPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$backgroundMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$borderMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$textMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableTextPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableBackgroundPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$mainColor, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$selectedMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$hoverMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$defaultButtonTextPrimary, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuLogoBackground, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuBackground, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuHoverBackground, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuActiveBackgroundPrimary, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuActiveBackgroundSecondary, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuText, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuTextActive, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuIcon, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$backgroundMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$borderMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$textMain + + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/Themes/" + + #Get request parameters + $boundParameters = $PSBoundParameters | Get-PASParameter + + $boundParameters = $boundParameters | Format-PASThemeObject + + #Construct Request Body + $Body = $boundParameters | ConvertTo-Json -Depth 4 + + if ($PSCmdlet.ShouldProcess($name, 'Adding New UI Theme')) { + + #send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body + + If ($null -ne $result) { + + $result + + } + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/Publish-PASTheme.ps1 b/psPAS/Functions/Customization/Publish-PASTheme.ps1 new file mode 100644 index 00000000..acd6b93a --- /dev/null +++ b/psPAS/Functions/Customization/Publish-PASTheme.ps1 @@ -0,0 +1,37 @@ +# .ExternalHelp psPAS-help.xml +Function Publish-PASTheme { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$ThemeName + + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/Themes/$ThemeName/draft/" + + #Request body + $Body = $PSBoundParameters | Get-PASParameter | ConvertTo-Json + + if ($PSCmdlet.ShouldProcess($ThemeName, 'Setting UI Theme')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/Remove-PASTheme.ps1 b/psPAS/Functions/Customization/Remove-PASTheme.ps1 new file mode 100644 index 00000000..99c3b2bc --- /dev/null +++ b/psPAS/Functions/Customization/Remove-PASTheme.ps1 @@ -0,0 +1,34 @@ +# .ExternalHelp psPAS-help.xml +Function Remove-PASTheme { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$ThemeName + + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/Themes/$($ThemeName | Get-EscapedString)" + + if ($PSCmdlet.ShouldProcess($ThemeName, 'Removing UI Theme')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method DELETE + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/Reset-PASTheme.ps1 b/psPAS/Functions/Customization/Reset-PASTheme.ps1 new file mode 100644 index 00000000..3e82255f --- /dev/null +++ b/psPAS/Functions/Customization/Reset-PASTheme.ps1 @@ -0,0 +1,28 @@ +# .ExternalHelp psPAS-help.xml +Function Reset-PASTheme { + [CmdletBinding(SupportsShouldProcess)] + param() + + BEGIN { + + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/ActiveThemes/" + + if ($PSCmdlet.ShouldProcess('Default Theme', 'Resetting UI Theme')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method DELETE + + } + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/Customization/Set-PASTheme.ps1 b/psPAS/Functions/Customization/Set-PASTheme.ps1 new file mode 100644 index 00000000..a2ebf2fa --- /dev/null +++ b/psPAS/Functions/Customization/Set-PASTheme.ps1 @@ -0,0 +1,362 @@ +# .ExternalHelp psPAS-help.xml +Function Set-PASTheme { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$ThemeName, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [string]$name, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [boolean]$isDraft, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$mainBackgroundImage, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$mainLogoDark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$advancedSmallLogo, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$advancedSymbolLogo, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [ValidateSet('Bright', 'Dark')] + [string]$colorsStyle, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$backgroundMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$borderMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$textMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableMain_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableTextPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableBackgroundPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorPrimary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorSecondary_Dark, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$backgroundMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$borderMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$textMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableMain_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableTextPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$disableBackgroundPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$successSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$warningSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$infoSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorPrimary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$errorSecondary_Bright, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$mainColor, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$selectedMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$hoverMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$defaultButtonTextPrimary, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuLogoBackground, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuBackground, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuHoverBackground, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuActiveBackgroundPrimary, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuActiveBackgroundSecondary, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuText, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuTextActive, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$menuIcon, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$backgroundMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$borderMain, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [string]$textMain + + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + }#begin + + PROCESS { + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/Themes/$ThemeName/" + + #Get request parameters + $boundParameters = $PSBoundParameters | Get-PASParameter + + #Get the theme that is being updated + $ThemeObject = Get-PASTheme -ThemeName $ThemeName + + if ($null -ne $ThemeObject) { + + # Flatten the theme object, and rename properties to match expected input + $ThemeObject = Format-FlattenedThemeObject -InputObject $ThemeObject + # Format the request object to include all necessary properties, including those not being explicitly updated + Format-PutRequestObject -InputObject $ThemeObject -boundParameters $BoundParameters + + } + + #Format the request object as required by the API + $boundParameters = $boundParameters | Format-PASThemeObject + + #Construct Request Body + $Body = $boundParameters | ConvertTo-Json -Depth 4 + + if ($PSCmdlet.ShouldProcess($ThemeName, 'Update UI Theme')) { + + #send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body + + If ($null -ne $result) { + + $result + + } + + } + + }#process + + END { }#end +} \ No newline at end of file diff --git a/psPAS/Functions/EventSecurity/Add-PASPTARule.ps1 b/psPAS/Functions/EventSecurity/Add-PASPTARule.ps1 index 9359a5ce..d333cd6f 100644 --- a/psPAS/Functions/EventSecurity/Add-PASPTARule.ps1 +++ b/psPAS/Functions/EventSecurity/Add-PASPTARule.ps1 @@ -107,8 +107,8 @@ Function Add-PASPTARule { if (-not($boundParameters['scope'].ContainsKey($scopeItem))) { $boundParameters['scope'].Add($scopeItem, @{}) } - #translate paramer names into request property name - #* Return only last 4 characters of parametername in lowercase + #translate parameter names into request property name + #* Return only last 4 characters of parameter name in lowercase #*vaultUsersMode & machinesMode translate to "mode" #*vaultUsersList & machinesList translate to "list" $property = ($PSItem).Substring(($PSItem).length - 4, 4).ToLower() diff --git a/psPAS/Functions/EventSecurity/Get-PASPTASecurityConfigurationCategory.ps1 b/psPAS/Functions/EventSecurity/Get-PASPTASecurityConfigurationCategory.ps1 new file mode 100644 index 00000000..aaf8e1ec --- /dev/null +++ b/psPAS/Functions/EventSecurity/Get-PASPTASecurityConfigurationCategory.ps1 @@ -0,0 +1,59 @@ +# .ExternalHelp psPAS-help.xml +Function Get-PASPTASecurityConfigurationCategory { + [CmdletBinding()] + param( + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [ValidateSet('ActiveDormantUser', 'PrivilegedUsersAndGroups', 'IrregularIpUser', 'SuspectedCredentialsTheft', 'InteractiveLogonWithServiceAccount', + 'IrregularHoursUser', 'UnmanagedPrivilegedAccess', 'SuspiciousActivityInPSMSession', 'IrregularDaysUser', 'FailedVaultLogonAttempts', + 'ExcessiveAccessUser', 'SuspiciousPasswordChange')] + [Alias('Category')] + [string]$categoryKey + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.2 + }#begin + + PROCESS { + + switch ($PSBoundParameters.keys) { + + 'categoryKey' { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/pta/API/configuration/categories/$categoryKey" + + break + + } + + Default { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/pta/API/configuration/categories" + + break + + } + + } + + #send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + If ($null -ne $result) { + + $result + + } + + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/EventSecurity/Remove-PASPTASecurityConfigurationProperty.ps1 b/psPAS/Functions/EventSecurity/Remove-PASPTASecurityConfigurationProperty.ps1 new file mode 100644 index 00000000..2147703f --- /dev/null +++ b/psPAS/Functions/EventSecurity/Remove-PASPTASecurityConfigurationProperty.ps1 @@ -0,0 +1,47 @@ +# .ExternalHelp psPAS-help.xml +Function Remove-PASPTASecurityConfigurationProperty { + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateSet('PrivilegedUsersList', 'PrivilegedDomainGroupsList', 'ActiveDormantUserAlgorithmEnabled', + 'ActiveDormantUserEventScore', 'ActiveDormantUserDays', 'ExcessiveAccessUserAlgorithmEnabled', 'ExcessiveAccessUserScoreRange', + 'FailedVaultLogonAttemptsAlgorithmEnabled', 'FailedVaultLogonAttemptsScoreOptions', 'FailedVaultLogonAttemptsThreshold', + 'FailedVaultLogonAttemptsTimeframe', 'IrregularDaysUserAlgorithmEnabled', 'IrregularDaysUserScoreRange', 'IrregularHoursUserAlgorithmEnabled', + 'IrregularHoursUserExcludedUsernames', 'IrregularHoursUserScoreRange', 'IrregularIpUserAlgorithmEnabled', 'IrregularIpUserExcludedSourceIpsList', + 'IrregularIpUserScoreRange', 'SCTAlgorithmEnabled', 'SCTEventScore', 'SCTExcludedAccountsList', 'SCTPasswordRetrievalTimeWindow', + 'InteractiveLogonWithServiceAccountAlgorithmEnabled', 'InteractiveLogonWithServiceAccountEventScore', 'ServiceAccountIncludeList', + 'SPCAlgorithmEnabled', 'SPCEventScore', 'SPCPassChangeByCPMTimeWindow', 'UPAAlgorithmEnabled', 'UPAEventScore', 'UPAExcludedAccountsList' ) ] + + [string]$propertyKey, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$id + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.2 + }#begin + + PROCESS { + + #Create request URL + $URI = "$($psPASSession.BaseURI)/API/pta/API/configuration/properties/$($propertyKey | Get-EscapedString)/$($id | Get-EscapedString)" + + if ($PSCmdlet.ShouldProcess($id, 'Delete PTA Security Configuration Property')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method DELETE + + } + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/EventSecurity/Reset-PASPTASecurityConfigurationCategory.ps1 b/psPAS/Functions/EventSecurity/Reset-PASPTASecurityConfigurationCategory.ps1 new file mode 100644 index 00000000..f71be4d0 --- /dev/null +++ b/psPAS/Functions/EventSecurity/Reset-PASPTASecurityConfigurationCategory.ps1 @@ -0,0 +1,35 @@ +# .ExternalHelp psPAS-help.xml +Function Reset-PASPTASecurityConfigurationCategory { + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateSet('ActiveDormantUser', 'PrivilegedUsersAndGroups', 'IrregularIpUser', 'SuspectedCredentialsTheft', 'InteractiveLogonWithServiceAccount', + 'IrregularHoursUser', 'UnmanagedPrivilegedAccess', 'SuspiciousActivityInPSMSession', 'IrregularDaysUser', 'FailedVaultLogonAttempts', 'ExcessiveAccessUser')] + [string]$categoryKey + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.2 + }#begin + + PROCESS { + + #Create request URL + $URI = "$($psPASSession.BaseURI)/API/pta/API/configuration/properties/$($categoryKey | Get-EscapedString)/default" + + if ($PSCmdlet.ShouldProcess($categoryKey, 'Reset PTA Security Configuration Category')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method PUT + + } + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/EventSecurity/Reset-PASPTASecurityConfigurationProperty.ps1 b/psPAS/Functions/EventSecurity/Reset-PASPTASecurityConfigurationProperty.ps1 new file mode 100644 index 00000000..28ba25bb --- /dev/null +++ b/psPAS/Functions/EventSecurity/Reset-PASPTASecurityConfigurationProperty.ps1 @@ -0,0 +1,42 @@ +# .ExternalHelp psPAS-help.xml +Function Reset-PASPTASecurityConfigurationProperty { + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateSet('PrivilegedUsersList', 'PrivilegedDomainGroupsList', 'ActiveDormantUserAlgorithmEnabled', + 'ActiveDormantUserEventScore', 'ActiveDormantUserDays', 'ExcessiveAccessUserAlgorithmEnabled', 'ExcessiveAccessUserScoreRange', + 'FailedVaultLogonAttemptsAlgorithmEnabled', 'FailedVaultLogonAttemptsScoreOptions', 'FailedVaultLogonAttemptsThreshold', + 'FailedVaultLogonAttemptsTimeframe', 'IrregularDaysUserAlgorithmEnabled', 'IrregularDaysUserScoreRange', 'IrregularHoursUserAlgorithmEnabled', + 'IrregularHoursUserExcludedUsernames', 'IrregularHoursUserScoreRange', 'IrregularIpUserAlgorithmEnabled', 'IrregularIpUserExcludedSourceIpsList', + 'IrregularIpUserScoreRange', 'SCTAlgorithmEnabled', 'SCTEventScore', 'SCTExcludedAccountsList', 'SCTPasswordRetrievalTimeWindow', + 'InteractiveLogonWithServiceAccountAlgorithmEnabled', 'InteractiveLogonWithServiceAccountEventScore', 'ServiceAccountIncludeList', + 'SPCAlgorithmEnabled', 'SPCEventScore', 'SPCPassChangeByCPMTimeWindow', 'UPAAlgorithmEnabled', 'UPAEventScore', 'UPAExcludedAccountsList' ) ] + + [string]$propertyKey + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.2 + }#begin + + PROCESS { + + #Create request URL + $URI = "$($psPASSession.BaseURI)/API/pta/API/configuration/properties/$($propertyKey | Get-EscapedString)/default" + + if ($PSCmdlet.ShouldProcess($propertyKey, 'Reset PTA Security Configuration Property')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method PUT + + } + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/LDAPDirectories/New-PASDirectoryMapping.ps1 b/psPAS/Functions/LDAPDirectories/New-PASDirectoryMapping.ps1 index 18bba55c..31e6dbe5 100644 --- a/psPAS/Functions/LDAPDirectories/New-PASDirectoryMapping.ps1 +++ b/psPAS/Functions/LDAPDirectories/New-PASDirectoryMapping.ps1 @@ -77,7 +77,15 @@ function New-PASDirectoryMapping { Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] - [boolean]$EnableENEWhenDisconnected + [boolean]$EnableENEWhenDisconnected, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyCollection()] + [ValidateSet('SAML', 'PKI', 'FIDO', 'WINDOWS')] + [string[]]$allowedAuthenticationMethods ) @@ -119,12 +127,20 @@ function New-PASDirectoryMapping { { $_ -match 'UsedQuota|AuthorizedInterfaces|EnableENEWhenDisconnected' } { - #v10.7 + #v14.0 Assert-VersionRequirement -RequiredVersion 14.0 Continue } + { $_ -match 'allowedAuthenticationMethods' } { + + #v14.4 + Assert-VersionRequirement -RequiredVersion 14.4 + Continue + + } + Default { #v10.4 diff --git a/psPAS/Functions/LDAPDirectories/Set-PASDirectoryMapping.ps1 b/psPAS/Functions/LDAPDirectories/Set-PASDirectoryMapping.ps1 index c7e600ab..bff2cc58 100644 --- a/psPAS/Functions/LDAPDirectories/Set-PASDirectoryMapping.ps1 +++ b/psPAS/Functions/LDAPDirectories/Set-PASDirectoryMapping.ps1 @@ -83,7 +83,15 @@ function Set-PASDirectoryMapping { Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] - [boolean]$EnableENEWhenDisconnected + [boolean]$EnableENEWhenDisconnected, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyCollection()] + [ValidateSet('SAML', 'PKI', 'FIDO', 'WINDOWS')] + [string[]]$allowedAuthenticationMethods ) @@ -121,12 +129,20 @@ function Set-PASDirectoryMapping { { $_ -match 'UsedQuota|AuthorizedInterfaces|EnableENEWhenDisconnected' } { - #v10.7 + #v14.0 Assert-VersionRequirement -RequiredVersion 14.0 Continue } + { $_ -match 'allowedAuthenticationMethods' } { + + #v14.4 + Assert-VersionRequirement -RequiredVersion 14.4 + Continue + + } + } #Create URL for request diff --git a/psPAS/Functions/EventSecurity/Add-PASPTAExcludedTarget.ps1 b/psPAS/Functions/PTAAdministration/Add-PASPTAExcludedTarget.ps1 similarity index 100% rename from psPAS/Functions/EventSecurity/Add-PASPTAExcludedTarget.ps1 rename to psPAS/Functions/PTAAdministration/Add-PASPTAExcludedTarget.ps1 diff --git a/psPAS/Functions/EventSecurity/Add-PASPTAGlobalCatalog.ps1 b/psPAS/Functions/PTAAdministration/Add-PASPTAGlobalCatalog.ps1 similarity index 100% rename from psPAS/Functions/EventSecurity/Add-PASPTAGlobalCatalog.ps1 rename to psPAS/Functions/PTAAdministration/Add-PASPTAGlobalCatalog.ps1 diff --git a/psPAS/Functions/EventSecurity/Add-PASPTAIncludedTarget.ps1 b/psPAS/Functions/PTAAdministration/Add-PASPTAIncludedTarget.ps1 similarity index 100% rename from psPAS/Functions/EventSecurity/Add-PASPTAIncludedTarget.ps1 rename to psPAS/Functions/PTAAdministration/Add-PASPTAIncludedTarget.ps1 diff --git a/psPAS/Functions/PTAAdministration/Add-PASPTASyslog.ps1 b/psPAS/Functions/PTAAdministration/Add-PASPTASyslog.ps1 new file mode 100644 index 00000000..1ddc7b83 --- /dev/null +++ b/psPAS/Functions/PTAAdministration/Add-PASPTASyslog.ps1 @@ -0,0 +1,109 @@ +# .ExternalHelp psPAS-help.xml +Function Add-PASPTASyslog { + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('Name')] + [string]$siem, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateSet('CEF', 'LEEF')] + [string]$format, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$host, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [int]$port, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateSet('TCP', 'UDP', 'TLS')] + [string]$protocol, + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [ValidateScript({ + if ($_ -and -not (Test-Path $_ -PathType Leaf)) { + throw "Certificate file does not exist: $_" + } + if ($_ -and $_ -notmatch '\.(crt|cer|pem)$') { + throw "Certificate file must have .crt, .cer, or .pem extension" + } + return $true + })] + [string]$CertificateFile, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateSet('RFC3164', 'RFC5424', 'SEMI_RFC5424')] + [string]$syslogType, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + HelpMessage = 'Enable octet-counting for syslog transmission over TCP. When enabled, the syslog message starts with its length.' + )] + [bool]$tcpOctetCounting + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.6 + }#begin + + PROCESS { + + #Create request URL + $URI = "$($psPASSession.BaseURI)/api/pta/API/Administration/properties/SyslogOutboundDataList" + + # Get Parameters for request body, excluding CertificateFile + $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove CertificateFile + + # Handle TLS certificate encoding + if ($protocol -eq 'TLS' -and $PSBoundParameters.ContainsKey('CertificateFile')) { + try { + # Read certificate file content + $CertContent = Get-Content -Path $CertificateFile -Raw -Encoding UTF8 + + # Convert to Base64 + $CertBytes = [System.Text.Encoding]::UTF8.GetBytes($CertContent) + $Base64Cert = [System.Convert]::ToBase64String($CertBytes) + + # Add encoded certificate to body parameters + $boundParameters['certificate'] = $Base64Cert + + } + catch { + throw "Failed to read or encode certificate file '$CertificateFile': $($_.Exception.Message)" + } + } + + #Create body of request + $Body = $boundParameters | ConvertTo-Json + + #send request to PAS web service + $result = Invoke-PASRestMethod -Uri $URI -Method PATCH -Body $Body + + If ($null -ne $result) { + + #Return Results + $result + + } + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/EventSecurity/Get-PASPTAExcludedTarget.ps1 b/psPAS/Functions/PTAAdministration/Get-PASPTAExcludedTarget.ps1 similarity index 100% rename from psPAS/Functions/EventSecurity/Get-PASPTAExcludedTarget.ps1 rename to psPAS/Functions/PTAAdministration/Get-PASPTAExcludedTarget.ps1 diff --git a/psPAS/Functions/EventSecurity/Get-PASPTAGlobalCatalog.ps1 b/psPAS/Functions/PTAAdministration/Get-PASPTAGlobalCatalog.ps1 similarity index 100% rename from psPAS/Functions/EventSecurity/Get-PASPTAGlobalCatalog.ps1 rename to psPAS/Functions/PTAAdministration/Get-PASPTAGlobalCatalog.ps1 diff --git a/psPAS/Functions/EventSecurity/Get-PASPTAIncludedTarget.ps1 b/psPAS/Functions/PTAAdministration/Get-PASPTAIncludedTarget.ps1 similarity index 100% rename from psPAS/Functions/EventSecurity/Get-PASPTAIncludedTarget.ps1 rename to psPAS/Functions/PTAAdministration/Get-PASPTAIncludedTarget.ps1 diff --git a/psPAS/Functions/EventSecurity/Remove-PASPTAIncludedTarget.ps1 b/psPAS/Functions/PTAAdministration/Remove-PASPTAIncludedTarget.ps1 similarity index 100% rename from psPAS/Functions/EventSecurity/Remove-PASPTAIncludedTarget.ps1 rename to psPAS/Functions/PTAAdministration/Remove-PASPTAIncludedTarget.ps1 diff --git a/psPAS/Functions/PTAAdministration/Remove-PASPTASyslog.ps1 b/psPAS/Functions/PTAAdministration/Remove-PASPTASyslog.ps1 new file mode 100644 index 00000000..17d8f83d --- /dev/null +++ b/psPAS/Functions/PTAAdministration/Remove-PASPTASyslog.ps1 @@ -0,0 +1,33 @@ +# .ExternalHelp psPAS-help.xml +Function Remove-PASPTASyslog { + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$ID + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.6 + }#begin + + PROCESS { + + #Create request URL + $URI = "$($psPASSession.BaseURI)/api/pta/API/Administration/properties/SyslogOutboundDataList/$ID" + + if ($PSCmdlet.ShouldProcess($ID, 'Delete PTA Syslog')) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method DELETE + + } + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/PTAAdministration/Set-PASPTASMTP.ps1 b/psPAS/Functions/PTAAdministration/Set-PASPTASMTP.ps1 new file mode 100644 index 00000000..6c95341a --- /dev/null +++ b/psPAS/Functions/PTAAdministration/Set-PASPTASMTP.ps1 @@ -0,0 +1,151 @@ +# .ExternalHelp psPAS-help.xml +Function Set-PASPTASMTP { + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$host, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateSet('NONE', 'SSL', 'STARTTLS')] + [string]$protocol, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [int]$port, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$sender, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string[]]$recipients, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + HelpMessage = 'Specify an AccountID for authenticationMethod. If not provided, no authentication to SMTP will be used.' + )] + [string]$accountId, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $false + )] + [ValidateScript({ + if ($_ -and -not (Test-Path $_ -PathType Leaf)) { + throw "Certificate file does not exist: $_" + } + if ($_ -and $_ -notmatch '\.(crt|cer|pem)$') { + throw "Certificate file must have .crt, .cer, or .pem extension" + } + return $true + })] + [string]$CertificateFile, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [ValidateRange(0, 100)] + [int]$AlertToEmailScoreThreshold + ) + + BEGIN { + Assert-VersionRequirement -SelfHosted + Assert-VersionRequirement -RequiredVersion 14.4 + + # Validate certificate requirement for non-NONE protocols + if ($protocol -ne 'NONE' -and -not $PSBoundParameters.ContainsKey('CertificateFile')) { + throw "Certificate file is required when protocol is not 'NONE'" + } + }#begin + + PROCESS { + + #Create request URL + $URI = "$($psPASSession.BaseURI)/api/pta/API/Administration/properties" + + # Build authenticationMethod based on whether accountId is provided + #TODO: Add option to use Basic Auth with username/password + $authMethod = @{} + if ($PSBoundParameters.ContainsKey('accountId') -and -not [string]::IsNullOrEmpty($accountId)) { + $authMethod['accountId'] = $accountId + } + + # Build the SMTP connectivity details + $smtpDetails = @{ + host = $host + protocol = $protocol + port = $port + sender = $sender + recipients = $recipients + authenticationMethod = $authMethod + } + + # Handle certificate encoding for SSL/STARTTLS + if ($protocol -ne 'NONE' -and $PSBoundParameters.ContainsKey('CertificateFile')) { + try { + # Read certificate file content + $CertContent = Get-Content -Path $CertificateFile -Raw -Encoding UTF8 + + # Convert to Base64 + $CertBytes = [System.Text.Encoding]::UTF8.GetBytes($CertContent) + $Base64Cert = [System.Convert]::ToBase64String($CertBytes) + + # Add encoded certificate to SMTP details + $smtpDetails['certificate'] = $Base64Cert + + } + catch { + throw "Failed to read or encode certificate file '$CertificateFile': $($_.Exception.Message)" + } + } + + # Build the payload structure + $payload = @( + @{ + key = "SMTPConnectivityDetails" + value = $smtpDetails + }, + @{ + key = "AlertToEmailScoreThreshold" + value = $AlertToEmailScoreThreshold + } + ) + + #Create body of request + $Body = $payload | ConvertTo-Json -Depth 5 + + if ($PSCmdlet.ShouldProcess($ID, 'Set PTA SMTP')) { + + #send request to PAS web service + $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body + + + If ($null -ne $result) { + + #Return Results + $result + + } + + } + + }#process + + END { }#end + +} \ No newline at end of file diff --git a/psPAS/Functions/Platforms/Get-PASStoredPlatform.ps1 b/psPAS/Functions/Platforms/Get-PASStoredPlatform.ps1 new file mode 100644 index 00000000..de8944ad --- /dev/null +++ b/psPAS/Functions/Platforms/Get-PASStoredPlatform.ps1 @@ -0,0 +1,26 @@ +# .ExternalHelp psPAS-help.xml +Function Get-PASStoredPlatform{ + +[CmdletBinding()] + param( ) + + BEGIN { + Assert-VersionRequirement -RequiredVersion 14.6 + }#begin + + PROCESS { + #Create request URL + $URI = "$($psPASSession.BaseURI)/API/Platforms/Storage" + + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + If ($result) { + + #Return Results + $result + + } + } + +} \ No newline at end of file diff --git a/psPAS/Functions/Platforms/Import-PASPlatform.ps1 b/psPAS/Functions/Platforms/Import-PASPlatform.ps1 index a411ef8d..e45eee14 100644 --- a/psPAS/Functions/Platforms/Import-PASPlatform.ps1 +++ b/psPAS/Functions/Platforms/Import-PASPlatform.ps1 @@ -1,36 +1,109 @@ # .ExternalHelp psPAS-help.xml function Import-PASPlatform { + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'PlatformName', Justification = 'False Positive')] + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'Description', Justification = 'False Positive')] + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'Force', Justification = 'False Positive')] [CmdletBinding(SupportsShouldProcess)] param( [parameter( Mandatory = $true, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Import' )] [ValidateNotNullOrEmpty()] [ValidateScript( { Test-Path -Path $_ -PathType Leaf })] [ValidatePattern( '\.zip$' )] - [string]$ImportFile + [string]$ImportFile, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Update' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SideBySide' + )] + [string]$PlatformId, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SideBySide' + )] + [string]$PlatformName, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'SideBySide' + )] + [string]$Description, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Update' + )] + [switch]$Force ) BEGIN { Assert-VersionRequirement -RequiredVersion 10.2 + $Request = @{} + $Request['Method'] = 'POST' + #Create URL for request + $Request['URI'] = "$($psPASSession.BaseURI)/API/Platforms/Import" + + $MessageItem = $null + $MessageText = $null }#begin PROCESS { - #Create URL for request - $URI = "$($psPASSession.BaseURI)/API/Platforms/Import" + switch ($PSCmdlet.ParameterSetName) { + + 'Import' { + #Convert File to byte array + $FileBytes = $ImportFile | Get-ByteArray + + $Request['Body'] = @{'ImportFile' = $FileBytes } | ConvertTo-Json + $Request['Debug'] = $false - #Convert File to byte array - $FileBytes = $ImportFile | Get-ByteArray + $MessageItem = $ImportFile + $MessageText = 'Imports Platform Package' - $Body = @{'ImportFile' = $FileBytes } | ConvertTo-Json + } + 'SideBySide' { + # Check if version is 14.6 or higher for update support + Assert-VersionRequirement -RequiredVersion 14.6 + $Request['Method'] = 'PATCH' + $Request['Body'] = $PSBoundParameters | Get-PASParameter | ConvertTo-Json - if ($PSCmdlet.ShouldProcess($ImportFile, 'Imports Platform Package')) { + $MessageItem = $PlatformId + $MessageText = 'Side By Side Import' + } + 'Update' { + # Check if version is 14.2 or higher for update support + Assert-VersionRequirement -RequiredVersion 14.2 + # Update existing platform + $Request['URI'] = "$($psPASSession.BaseURI)/API/Platforms/$PlatformId/Update" + + $MessageItem = $PlatformId + $MessageText = 'Update Platform' + } + + } - #send request to web service - Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -Debug:$false + if ($PSCmdlet.ShouldProcess($MessageItem, $MessageText)) { + try { + #send request to web service + Invoke-PASRestMethod @Request + } catch { + throw $_ + } } }#process diff --git a/psPAS/Functions/Platforms/Remove-PASStoredPlatform.ps1 b/psPAS/Functions/Platforms/Remove-PASStoredPlatform.ps1 new file mode 100644 index 00000000..982de766 --- /dev/null +++ b/psPAS/Functions/Platforms/Remove-PASStoredPlatform.ps1 @@ -0,0 +1,24 @@ +# .ExternalHelp psPAS-help.xml +Function Remove-PASStoredPlatform{ + +[CmdletBinding(SupportsShouldProcess)] + param( ) + + BEGIN { + Assert-VersionRequirement -RequiredVersion 14.6 + }#begin + + PROCESS { + #Create request URL + $URI = "$($psPASSession.BaseURI)/API/Platforms/Storage" + + if ($PSCmdlet.ShouldProcess('Stored Platform', "Delete Operation")) { + + #send request to web service + Invoke-PASRestMethod -Uri $URI -Method DELETE + + } + + } + +} \ No newline at end of file diff --git a/psPAS/Functions/Policies/Get-PASMasterPolicy.ps1 b/psPAS/Functions/Policies/Get-PASMasterPolicy.ps1 new file mode 100644 index 00000000..d7748b94 --- /dev/null +++ b/psPAS/Functions/Policies/Get-PASMasterPolicy.ps1 @@ -0,0 +1,30 @@ +Function Get-PASMasterPolicy { + [CmdletBinding()] + param ( + <# + [Parameter( + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $true + )] + [int]$PolicyId + #> + ) + + Begin{ + Assert-VersionRequirement -RequiredVersion 14.6 + $PolicyId = 1 + } + + Process{ + $URI = "$($psPASSession.BaseURI)/API/Policies/$PolicyId" + + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + if($null -ne $result) { + $result + } + } + + End{} +} \ No newline at end of file diff --git a/psPAS/Functions/Policies/Set-PASMasterPolicy.ps1 b/psPAS/Functions/Policies/Set-PASMasterPolicy.ps1 new file mode 100644 index 00000000..fc461e5c --- /dev/null +++ b/psPAS/Functions/Policies/Set-PASMasterPolicy.ps1 @@ -0,0 +1,156 @@ +Function Set-PASMasterPolicy { + [CmdletBinding(SupportsShouldProcess)] + param ( +<# + [Parameter( + Mandatory = $true, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $true + )] + [int]$PolicyId, +#> + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Dual control policy." + )] + [bool]$DualControl = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Multi-level approval policy." + )] + [bool]$MultiLevelApproval = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Only managers approval policy." + )] + [bool]$OnlyManagersApproval = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Number of confirmers policy." + )] + [int]$ConfirmersNumber = 0, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Enforce exclusive access policy." + )] + [bool]$EnforceExclusiveAccess = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Enforce one-time password policy." + )] + [bool]$EnforceOneTimePassword = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Transparent connection policy." + )] + [bool]$TransparentConnection = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Allow view password policy." + )] + [bool]$AllowViewPassword = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Require reason policy." + )] + [bool]$RequireReason = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Allow free text policy." + )] + [bool]$AllowFreeText = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Password change days policy." + )] + [int]$PasswordChangeDays = 0, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Password verification days policy." + )] + [int]$PasswordVerificationDays = 0, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Require monitoring and isolation policy." + )] + [bool]$RequireMonitoringAndIsolation = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Record activity policy." + )] + [bool]$RecordActivity = $false, + + [Parameter( + Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = "Retention period policy." + )] + [int]$RetentionPeriod = 0 +) + + Begin{ + Assert-VersionRequirement -RequiredVersion 14.6 + $PolicyId = 1 + } + + Process{ + $URI = "$($psPASSession.BaseURI)/API/Policies/$PolicyId" + + #Get request parameters + $boundParameters = $PSBoundParameters | Get-PASParameter + + $originalMasterPolicy = Get-PASMasterPolicy + + # Flattened object with just the .Value properties + $flattenedMasterPolicy = [PSCustomObject]@{} + + foreach ($prop in $originalMasterPolicy.PSObject.Properties) { + $flattenedMasterPolicy | Add-Member -MemberType NoteProperty -Name $prop.Name -Value $prop.Value.Value + } + + if ($null -ne $originalMasterPolicy) { + Format-PutRequestObject -InputObject $flattenedMasterPolicy -boundParameters $boundParameters + } + + #Create body of request + $body = $boundParameters | ConvertTo-Json + + if ($PSCmdlet.ShouldProcess($PolicyId, 'Update Master Policy')) { + + $result = Invoke-PASRestMethod -Uri $URI -Method PUT -Body $body + + if($null -ne $result) { + $result + } + } + } + + End{} +} \ No newline at end of file diff --git a/psPAS/Functions/Reports/Export-PASReport.ps1 b/psPAS/Functions/Reports/Export-PASReport.ps1 new file mode 100644 index 00000000..2acbee06 --- /dev/null +++ b/psPAS/Functions/Reports/Export-PASReport.ps1 @@ -0,0 +1,116 @@ +# .ExternalHelp psPAS-help.xml +Function Export-PASReport { + [CmdletBinding()] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$Safe, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [Alias('location')] + [string]$Folder, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$FileName, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string]$Type, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false + )] + [ValidateSet('XLSX', 'XLS', 'CSV')] + [string]$ReportFormat, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false + )] + [ValidateNotNullOrEmpty()] + [ValidateScript( { Test-Path -Path $_ -IsValid })] + [string]$path + ) + + Begin { + + Assert-VersionRequirement -RequiredVersion 14.6 + + } + + Process { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/ClassicReports" + + $boundParameters = [ordered]@{ + Safe = $Safe + Folder = $Folder + Name = $FileName + Format = $null + Type = $Type + } + + switch($ReportFormat){ + #Set ContentType based on Report Format + 'XLSX' { + $ContentType = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' + $boundParameters['Format'] = 'excel' + } + 'XLS' { + $ContentType = 'application/vnd.ms-excel' + $boundParameters['Format'] = 'excel' + } + 'CSV' { + $ContentType = 'text/csv' + $boundParameters['Format'] = 'csv' + } + } + + #Create Query String, escaped for inclusion in request URL + $queryString = $boundParameters | ConvertTo-QueryString -NoEscape -Delimiter '^@^' -Base64Encode -URLEncode + + If ($null -ne $queryString) { + + #Build URL from base URL + $URI = "$URI`?data=$queryString" + + } + + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET -ContentType $ContentType + + #if we get a byte array + If ($null -ne $result) { + + switch($ReportFormat){ + #Set ContentType based on Report Format + 'CSV' { + $result | ConvertFrom-Csv | Export-Csv -Path $path -NoTypeInformation + Get-Item -Path $path + break + } + Default { + Out-PASFile -InputObject $result -Path $path + break + } + } + + } + + } + + End {} + +} \ No newline at end of file diff --git a/psPAS/Functions/Reports/Get-PASReport.ps1 b/psPAS/Functions/Reports/Get-PASReport.ps1 new file mode 100644 index 00000000..38f76df2 --- /dev/null +++ b/psPAS/Functions/Reports/Get-PASReport.ps1 @@ -0,0 +1,32 @@ +# .ExternalHelp psPAS-help.xml +Function Get-PASReport { + [CmdletBinding()] + param( ) + + Begin { + + Assert-VersionRequirement -RequiredVersion 14.6 + + } + + Process { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Reports" + + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + If ($null -ne $Result) { + + #Return result + $Result | Select-Object -ExpandProperty reports + #TODO: Add Report type definition for formatting + + } + + } + + End {} + +} \ No newline at end of file diff --git a/psPAS/Functions/Reports/Get-PASReportSchedule.ps1 b/psPAS/Functions/Reports/Get-PASReportSchedule.ps1 new file mode 100644 index 00000000..bb2ae02b --- /dev/null +++ b/psPAS/Functions/Reports/Get-PASReportSchedule.ps1 @@ -0,0 +1,32 @@ +# .ExternalHelp psPAS-help.xml +Function Get-PASReportSchedule { + [CmdletBinding()] + param( ) + + Begin { + + Assert-VersionRequirement -RequiredVersion 14.6 + + } + + Process { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Tasks" + + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + If ($null -ne $Result) { + + #Return result + $Result | Select-Object -ExpandProperty tasks + #TODO: Add Schedule/Tasks type definition for formatting + + } + + } + + End {} + +} \ No newline at end of file diff --git a/psPAS/Functions/Reports/Get-PASUserLicenseReport.ps1 b/psPAS/Functions/Reports/Get-PASUserLicenseReport.ps1 new file mode 100644 index 00000000..99c41414 --- /dev/null +++ b/psPAS/Functions/Reports/Get-PASUserLicenseReport.ps1 @@ -0,0 +1,31 @@ +# .ExternalHelp psPAS-help.xml +Function Get-PASUserLicenseReport { + [CmdletBinding()] + param( ) + + Begin { + + Assert-VersionRequirement -PrivilegeCloud + + } + + Process { + + #Create URL for Request + $URI = "$($psPASSession.ApiURI)/API/licenses/pcloud/" + + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method GET + + If ($null -ne $Result) { + + #Return result + $Result + + } + + } + + End {} + +} \ No newline at end of file diff --git a/psPAS/Functions/Reports/New-PASReportSchedule.ps1 b/psPAS/Functions/Reports/New-PASReportSchedule.ps1 new file mode 100644 index 00000000..9fa7ae41 --- /dev/null +++ b/psPAS/Functions/Reports/New-PASReportSchedule.ps1 @@ -0,0 +1,183 @@ +# .ExternalHelp psPAS-help.xml +Function New-PASReportSchedule { + [CmdletBinding(SupportsShouldProcess)] + param( + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [int]$version, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [string]$type, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [string]$subType, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [string]$name, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [boolean]$keepTaskDefinition, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [datetime]$startTime, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [string]$recurrenceType, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [string]$recurrenceValue, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [string]$daysOfWeek, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [string]$weekNumber, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyCollection()] + [Subscriber[]]$Subscribers, #! Class Examples need testing/documenting + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [AllowEmptyString()] + [boolean]$notifyOnFailure + ) + + Begin { + + Assert-VersionRequirement -RequiredVersion 14.6 + #array for parameter names which appear in the top-tier of the JSON object + $keysToKeep = [Collections.Generic.List[String]]@( + 'version','type', 'subType', 'name', 'keepTaskDefinition', 'Subscribers', 'notifyOnFailure' + ) + $scheduleParams = [Collections.Generic.List[String]]@( + 'startTime', 'recurrenceType', 'recurrenceValue', 'daysOfWeek', 'weekNumber' + ) + + } + + Process { + + #Create URL for Request + $URI = "$($psPASSession.BaseURI)/API/Tasks" + + #Get Parameters for request body + $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToKeep $keysToKeep + + #Determine which parameters belong to the schedule section + switch ($PSBoundParameters.keys) { + + { $scheduleParams -contains $PSItem } { + + #Current parameter relates to schedule section of report object + if (-not($boundParameters.ContainsKey('schedule'))) { + #create the schedule key + $boundParameters.Add('schedule', @{}) + } + + } + + 'startTime' { + + #Transform startTime + $boundParameters['schedule']['startTime'] = $PSBoundParameters['startTime'].ToString("yyyy-MM-ddTHH:mm:ss.fffffffZ") + Continue + + } + + 'recurrenceType' { + + #Transform recurrenceType + $boundParameters['schedule']['recurrence']['type'] = $PSBoundParameters['recurrenceType'] + Continue + + } + + 'recurrenceValue' { + + #Transform recurrenceValue + $boundParameters['schedule']['recurrence']['recurrenceValue'] = $PSBoundParameters['recurrenceValue'] + Continue + + } + + 'daysOfWeek' { + + #Transform daysOfWeek + $boundParameters['schedule']['recurrence']['daysOfWeek'] = $PSBoundParameters['daysOfWeek'] -split ',' | ForEach-Object { [int]$_ } + Continue + + } + + 'weekNumber' { + + #Transform weekNumber + $boundParameters['schedule']['recurrence']['weekNumber'] = $PSBoundParameters['weekNumber'] + Continue + + } + + } + + $Body = $boundParameters | ConvertTo-Json + + if ($PSCmdlet.ShouldProcess($name, 'Create New Report Schedule')) { + #Send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body + } + + If ($null -ne $Result) { + + #Return result + $Result + + } + + } + + End {} + +} \ No newline at end of file diff --git a/psPAS/Functions/Requests/Approve-PASRequest.ps1 b/psPAS/Functions/Requests/Approve-PASRequest.ps1 index 6f7e39b0..65f28e0b 100644 --- a/psPAS/Functions/Requests/Approve-PASRequest.ps1 +++ b/psPAS/Functions/Requests/Approve-PASRequest.ps1 @@ -4,29 +4,70 @@ function Approve-PASRequest { param( [parameter( Mandatory = $true, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $false )] [ValidateNotNullOrEmpty()] - [string]$RequestId, + [string[]]$RequestId, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $false )] [string]$Reason ) BEGIN { + Assert-VersionRequirement -RequiredVersion 9.10 + + # Variable to track if we are doing bulk confirmation + $BulkConfirmation = $false + + $boundInput = $PSBoundParameters['RequestId'] + + if (Test-IsMultiValue -Value $boundInput) { + + #Bulk Confirmations supported from 14.6 + Assert-VersionRequirement -RequiredVersion 14.6 + + $BulkConfirmation = $true + } + }#begin PROCESS { - #Create URL for Request - $URI = "$($psPASSession.BaseURI)/API/IncomingRequests/$($RequestID)/Confirm" + #URL for Request + $URI = "$($psPASSession.BaseURI)/API/IncomingRequests" + + if ($BulkConfirmation) { + + # Branch logic for bulk confirmation + $URI = "$URI/Confirm/Bulk" + + #Create body of request + $Body = @{"BulkItems" = [System.Collections.Generic.List[object]]::new()} + $RequestId | ForEach-Object { + $Body.BulkItems.Add( + @{ + RequestId = $PSItem + Reason = $Reason + } + ) + } + + } Else{ + + # Branch logic for single confirmation + $URI = "$URI/$($boundInput)/Confirm" + + #Create body of request + $Body = $PSBoundParameters | Get-PASParameter -ParametersToRemove RequestId + + } - #Create body of request - $body = $PSBoundParameters | Get-PASParameter -ParametersToRemove RequestId | ConvertTo-Json + #Format body as JSON + $Body = $Body | ConvertTo-Json if ($PSCmdlet.ShouldProcess($RequestId, 'Confirm Request for Account Access')) { diff --git a/psPAS/Functions/Requests/Deny-PASRequest.ps1 b/psPAS/Functions/Requests/Deny-PASRequest.ps1 index 56e1f611..2019f6e0 100644 --- a/psPAS/Functions/Requests/Deny-PASRequest.ps1 +++ b/psPAS/Functions/Requests/Deny-PASRequest.ps1 @@ -7,7 +7,7 @@ function Deny-PASRequest { ValueFromPipelinebyPropertyName = $true )] [ValidateNotNullOrEmpty()] - [string]$RequestId, + [string[]]$RequestId, [parameter( Mandatory = $false, @@ -18,15 +18,55 @@ function Deny-PASRequest { BEGIN { Assert-VersionRequirement -RequiredVersion 9.10 + + # Variable to track if we are doing bulk confirmation + $BulkConfirmation = $false + + $boundInput = $PSBoundParameters['RequestId'] + + if (Test-IsMultiValue -Value $boundInput) { + + #Bulk Confirmations supported from 14.6 + Assert-VersionRequirement -RequiredVersion 14.6 + + $BulkConfirmation = $true + } + }#begin PROCESS { - #Create URL for Request - $URI = "$($psPASSession.BaseURI)/API/IncomingRequests/$($RequestID)/Reject" + #URL for Request + $URI = "$($psPASSession.BaseURI)/API/IncomingRequests" + + if ($BulkConfirmation) { + + # Branch logic for bulk confirmation + $URI = "$URI/Reject/Bulk" + + #Create body of request + $Body = @{"BulkItems" = [System.Collections.Generic.List[object]]::new()} + $RequestId | ForEach-Object { + $Body.BulkItems.Add( + @{ + RequestId = $PSItem + Reason = $Reason + } + ) + } + + } Else{ + + # Branch logic for single confirmation + $URI = "$URI/$($boundInput)/Reject" + + #Create body of request + $Body = $PSBoundParameters | Get-PASParameter -ParametersToRemove RequestId + + } - #Create body of request - $body = $PSBoundParameters | Get-PASParameter -ParametersToRemove RequestId | ConvertTo-Json + #Format body as JSON + $Body = $Body | ConvertTo-Json if ($PSCmdlet.ShouldProcess($RequestId, 'Reject Request for Account Access')) { diff --git a/psPAS/Functions/SafeMembers/Add-PASSafeMember.ps1 b/psPAS/Functions/SafeMembers/Add-PASSafeMember.ps1 index 4e806c6a..f7b11af3 100644 --- a/psPAS/Functions/SafeMembers/Add-PASSafeMember.ps1 +++ b/psPAS/Functions/SafeMembers/Add-PASSafeMember.ps1 @@ -4,135 +4,355 @@ function Add-PASSafeMember { param( [parameter( Mandatory = $true, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' )] [ValidateNotNullOrEmpty()] [string]$SafeName, - [Alias('UserName')] [parameter( Mandatory = $true, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' )] + [Alias('UserName')] [ValidateNotNullOrEmpty()] [ValidateScript( { $_ -notmatch '.*(\?|\&).*' })] [string]$MemberName, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' )] [string]$SearchIn, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' )] [datetime]$MembershipExpirationDate, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('RestrictedRetrieve')] [boolean]$UseAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Retrieve')] [boolean]$RetrieveAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('ListContent')] [boolean]$ListAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Add')] [boolean]$AddAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Update')] [boolean]$UpdateAccountContent, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('UpdateMetadata')] [boolean]$UpdateAccountProperties, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$InitiateCPMAccountManagementOperations, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$SpecifyNextAccountContent, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Rename')] [boolean]$RenameAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Delete')] [boolean]$DeleteAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Unlock')] [boolean]$UnlockAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$ManageSafe, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$ManageSafeMembers, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$BackupSafe, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('ViewAudit')] [boolean]$ViewAuditLog, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('ViewMembers')] [boolean]$ViewSafeMembers, @@ -145,7 +365,6 @@ function Add-PASSafeMember { [ValidateRange(0, 2)] [int]$RequestsAuthorizationLevel, - [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, @@ -162,30 +381,79 @@ function Add-PASSafeMember { [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$AccessWithoutConfirmation, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('AddRenameFolder')] [boolean]$CreateFolders, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$DeleteFolders, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('MoveFilesAndFolders')] [boolean]$MoveAccountsAndFolders, + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' + )] [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, @@ -193,7 +461,6 @@ function Add-PASSafeMember { )] [ValidateNotNullOrEmpty()] [ValidateSet('User', 'Group', 'Role')] - [string]$memberType, [parameter( @@ -201,7 +468,42 @@ function Add-PASSafeMember { ValueFromPipelinebyPropertyName = $false, ParameterSetName = 'Gen1' )] - [switch]$UseGen1API + [switch]$UseGen1API, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'ConnectOnly' + )] + [switch]$ConnectOnly, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'ReadOnly' + )] + [switch]$ReadOnly, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'Approver' + )] + [switch]$Approver, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'AccountsManager' + )] + [switch]$AccountsManager, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'Full' + )] + [switch]$Full ) BEGIN { @@ -218,6 +520,38 @@ function Add-PASSafeMember { #Get Parameters for request body $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove SafeName, UseGen1API + If ($PSCmdlet.ParameterSetName -in 'ReadOnly','ConnectOnly','Approver','AccountsManager','Full') { + + switch ($PSCmdlet.ParameterSetName) { + + 'ConnectOnly' { + Add-PASSafeMember -MemberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true + break + } + + 'ReadOnly' { + Add-PASSafeMember -MemberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true -RetrieveAccounts $true + break + } + + 'Approver' { + Add-PASSafeMember -memberName $memberName -SafeName $SafeName -ListAccounts $true -ViewSafeMembers $true -ManageSafeMembers $true -requestsAuthorizationLevel1 $true + break + } + + 'AccountsManager' { + Add-PASSafeMember -memberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true -RetrieveAccounts $true -AddAccounts $true -UpdateAccountProperties $true -UpdateAccountContent $true -InitiateCPMAccountManagementOperations $true -SpecifyNextAccountContent $true -RenameAccounts $true -DeleteAccounts $true -UnlockAccounts $true -ViewSafeMembers $true -ManageSafeMembers $true -ViewAuditLog $true -AccessWithoutConfirmation $true + break + } + + 'Full' { + Add-PASSafeMember -memberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true -RetrieveAccounts $true -AddAccounts $true -UpdateAccountProperties $true -UpdateAccountContent $true -InitiateCPMAccountManagementOperations $true -SpecifyNextAccountContent $true -RenameAccounts $true -DeleteAccounts $true -UnlockAccounts $true -ManageSafe $true -ViewSafeMembers $true -ManageSafeMembers $true -ViewAuditLog $true -BackupSafe $true -requestsAuthorizationLevel1 $true -AccessWithoutConfirmation $true -MoveAccountsAndFolders $true -CreateFolders $true -DeleteFolders $true + break + } + } + break + } + switch ($PSCmdlet.ParameterSetName) { ( { $PSItem -match '^Gen1' } ) { @@ -253,7 +587,7 @@ function Add-PASSafeMember { } - ( { $PSItem -match '^Gen2' } ) { + ( { $PSItem -match '^Gen2' -or '^ReadOnly' -or '^ConnectOnly' -or '^Approver' -or '^AccountsManager' -or '^Full'} ) { Assert-VersionRequirement -RequiredVersion 12.1 @@ -313,7 +647,7 @@ function Add-PASSafeMember { } - ( { $PSItem -match '^Gen2' } ) { + ( { $PSItem -match '^Gen2' -or '^ReadOnly' -or '^ConnectOnly' -or '^Approver' -or '^AccountsManager' -or '^Full'} ) { $result | Select-Object *, @{Name = 'UserName'; 'Expression' = { $PSItem.MemberName } } | diff --git a/psPAS/Functions/SafeMembers/Set-PASSafeMember.ps1 b/psPAS/Functions/SafeMembers/Set-PASSafeMember.ps1 index 53170346..8d360bda 100644 --- a/psPAS/Functions/SafeMembers/Set-PASSafeMember.ps1 +++ b/psPAS/Functions/SafeMembers/Set-PASSafeMember.ps1 @@ -4,129 +4,318 @@ function Set-PASSafeMember { param( [parameter( Mandatory = $true, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' )] [ValidateNotNullOrEmpty()] [string]$SafeName, - [Alias('UserName')] [parameter( Mandatory = $true, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' + )] + [Alias('UserName')] [ValidateNotNullOrEmpty()] [ValidateScript( { $_ -notmatch '.*(\?|\&).*' })] [string]$MemberName, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ConnectOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'ReadOnly' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Approver' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'AccountsManager' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Full' )] [datetime]$MembershipExpirationDate, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('RestrictedRetrieve')] [boolean]$UseAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Retrieve')] [boolean]$RetrieveAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('ListContent')] [boolean]$ListAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Add')] [boolean]$AddAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Update')] [boolean]$UpdateAccountContent, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('UpdateMetadata')] [boolean]$UpdateAccountProperties, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$InitiateCPMAccountManagementOperations, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$SpecifyNextAccountContent, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Rename')] [boolean]$RenameAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Delete')] [boolean]$DeleteAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('Unlock')] [boolean]$UnlockAccounts, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$ManageSafe, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$ManageSafeMembers, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$BackupSafe, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('ViewAudit')] [boolean]$ViewAuditLog, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('ViewMembers')] [boolean]$ViewSafeMembers, @@ -139,7 +328,6 @@ function Set-PASSafeMember { [ValidateRange(0, 2)] [int]$RequestsAuthorizationLevel, - [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, @@ -156,26 +344,50 @@ function Set-PASSafeMember { [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$AccessWithoutConfirmation, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('AddRenameFolder')] [boolean]$CreateFolders, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [boolean]$DeleteFolders, [parameter( Mandatory = $false, - ValueFromPipelinebyPropertyName = $true + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen1' + )] + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' )] [Alias('MoveFilesAndFolders')] [boolean]$MoveAccountsAndFolders, @@ -185,8 +397,42 @@ function Set-PASSafeMember { ValueFromPipelinebyPropertyName = $false, ParameterSetName = 'Gen1' )] - [switch]$UseGen1API + [switch]$UseGen1API, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'ConnectOnly' + )] + [switch]$ConnectOnly, + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'ReadOnly' + )] + [switch]$ReadOnly, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'Approver' + )] + [switch]$Approver, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'AccountsManager' + )] + [switch]$AccountsManager, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $false, + ParameterSetName = 'Full' + )] + [switch]$Full ) BEGIN { @@ -203,9 +449,41 @@ function Set-PASSafeMember { #Get passed parameters to include in request body $boundParameters = $PSBoundParameters | Get-PASParameter + If ($PSCmdlet.ParameterSetName -in 'ReadOnly','ConnectOnly','Approver','AccountsManager','Full') { + + switch ($PSCmdlet.ParameterSetName) { + + 'ConnectOnly' { + Set-PASSafeMember -MemberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true + break + } + + 'ReadOnly' { + Set-PASSafeMember -MemberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true -RetrieveAccounts $true + break + } + + 'Approver' { + Set-PASSafeMember -memberName $memberName -SafeName $SafeName -ListAccounts $true -ViewSafeMembers $true -ManageSafeMembers $true -requestsAuthorizationLevel1 $true + break + } + + 'AccountsManager' { + Set-PASSafeMember -memberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true -RetrieveAccounts $true -AddAccounts $true -UpdateAccountProperties $true -UpdateAccountContent $true -InitiateCPMAccountManagementOperations $true -SpecifyNextAccountContent $true -RenameAccounts $true -DeleteAccounts $true -UnlockAccounts $true -ViewSafeMembers $true -ManageSafeMembers $true -ViewAuditLog $true -AccessWithoutConfirmation $true + break + } + + 'Full' { + Set-PASSafeMember -memberName $MemberName -SafeName $SafeName -ListAccounts $true -UseAccounts $true -RetrieveAccounts $true -AddAccounts $true -UpdateAccountProperties $true -UpdateAccountContent $true -InitiateCPMAccountManagementOperations $true -SpecifyNextAccountContent $true -RenameAccounts $true -DeleteAccounts $true -UnlockAccounts $true -ManageSafe $true -ViewSafeMembers $true -ManageSafeMembers $true -ViewAuditLog $true -BackupSafe $true -requestsAuthorizationLevel1 $true -AccessWithoutConfirmation $true -MoveAccountsAndFolders $true -CreateFolders $true -DeleteFolders $true + break + } + } + break + } + switch ($PSCmdlet.ParameterSetName) { - 'Gen1' { + ( { $PSItem -match '^Gen1' } ) { #check required version Assert-VersionRequirement -MaximumVersion 12.3 @@ -239,7 +517,7 @@ function Set-PASSafeMember { } - 'Gen2' { + ( { $PSItem -match '^Gen2' -or '^ReadOnly' -or '^ConnectOnly' -or '^Approver' -or '^AccountsManager' -or '^Full'} ) { Assert-VersionRequirement -RequiredVersion 12.2 diff --git a/psPAS/Functions/Safes/Get-PASSafe.ps1 b/psPAS/Functions/Safes/Get-PASSafe.ps1 index ee506676..678fd44e 100644 --- a/psPAS/Functions/Safes/Get-PASSafe.ps1 +++ b/psPAS/Functions/Safes/Get-PASSafe.ps1 @@ -15,9 +15,17 @@ function Get-PASSafe { ValueFromPipelinebyPropertyName = $true, ParameterSetName = 'Gen2' )] - [ValidateSet('asc', 'desc')] + [ValidateSet('safeName', 'managingCPM')] [string]$sort, + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [ValidateSet('asc', 'desc')] + [string]$sortDirection, + [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true, @@ -102,7 +110,14 @@ function Get-PASSafe { PROCESS { - $boundParameters = $PSBoundParameters | Get-PASParameter + $boundParameters = $PSBoundParameters | Get-PASParameter -ParametersToRemove sortDirection + + If($PSBoundParameters.containsKey('sortDirection')){ + + #Append sort direction to sort property for correct query string creation + $boundParameters['sort'] = "$($boundParameters['sort']) $($PSBoundParameters['sortDirection'])" + + } #Create Query String, escaped for inclusion in request URL $queryString = $boundParameters | ConvertTo-QueryString diff --git a/psPAS/Functions/SystemHealth/Get-PASComponentSummary.ps1 b/psPAS/Functions/SystemHealth/Get-PASComponentSummary.ps1 index be3eca42..659e7461 100644 --- a/psPAS/Functions/SystemHealth/Get-PASComponentSummary.ps1 +++ b/psPAS/Functions/SystemHealth/Get-PASComponentSummary.ps1 @@ -21,10 +21,40 @@ Function Get-PASComponentSummary { $result | Select-Object -ExpandProperty Components - $result | Select-Object -ExpandProperty Vaults | Add-ObjectDetail -PropertyToAdd @{ + # Process vaults with conditional property selection + $vaults = $result | Select-Object -ExpandProperty Vaults | Add-ObjectDetail -PropertyToAdd @{ 'ComponentID' = 'EPV' 'ComponentName' = 'EPV' - } | Select-Object ComponentID, ComponentName, Role, IP, IsLoggedOn + } + + # Output Primary vaults without replication fields + $vaults | Where-Object { $_.Role -ne 'DR' } | Select-Object ComponentID, ComponentName, Role, IP, IsLoggedOn + + # Check if version supports replication status fields (14.6+) + $currentVersion = [System.Version]::new($psPASSession.ExternalVersion) + $requiredVersion = [System.Version]::new('14.6.0') + $supportsReplicationStatus = $currentVersion -ge $requiredVersion + + # Output DR vaults with conditional replication fields based on version + if ($supportsReplicationStatus) { + # Version 14.6+: Include replication status fields + $vaults | Where-Object { $_.Role -eq 'DR' } | Select-Object ComponentID, ComponentName, Role, IP, IsLoggedOn, @{ + Name = 'DBReplicationDiffSecs' + Expression = { if ($_.ReplicationStatus) { $_.ReplicationStatus.DBReplicationDiffSecs } else { $null } } + }, @{ + Name = 'IsDBReplicationHealthy' + Expression = { if ($_.ReplicationStatus) { $_.ReplicationStatus.IsDBReplicationHealthy } else { $null } } + }, @{ + Name = 'FileReplicationDiffSecs' + Expression = { if ($_.ReplicationStatus) { $_.ReplicationStatus.FileReplicationDiffSecs } else { $null } } + }, @{ + Name = 'IsFileReplicationHealthy' + Expression = { if ($_.ReplicationStatus) { $_.ReplicationStatus.IsFileReplicationHealthy } else { $null } } + } + } else { + # Version < 14.6: Show basic DR vault information without replication fields + $vaults | Where-Object { $_.Role -eq 'DR' } | Select-Object ComponentID, ComponentName, Role, IP, IsLoggedOn + } } diff --git a/psPAS/Functions/User/Add-PASUserAllowedAuthenticationMethod.ps1 b/psPAS/Functions/User/Add-PASUserAllowedAuthenticationMethod.ps1 new file mode 100644 index 00000000..55c69279 --- /dev/null +++ b/psPAS/Functions/User/Add-PASUserAllowedAuthenticationMethod.ps1 @@ -0,0 +1,48 @@ +# .ExternalHelp psPAS-help.xml +function Add-PASUserAllowedAuthenticationMethod { + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [int[]]$userIds, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string[]]$allowedAuthenticationMethods + ) + + Begin{ + Assert-VersionRequirement -RequiredVersion 14.6 + } + + Process{ + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/Users/AddAllowedAuthenticationMethods/Bulk" + + $boundParameters = $PSBoundParameters | Get-PASParameter + $body = @{'BulkItems' = @($boundParameters)} | ConvertTo-Json -Depth 4 + + if ($PSCmdlet.ShouldProcess($($userIds -join ','), "Set Allowed Authentication Methods: $($allowedAuthenticationMethods -join ',')")) { + + #send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method PATCH -Body $Body + + if ($null -ne $result) { + + $result + + } + + } + + } + + + End{} + +} \ No newline at end of file diff --git a/psPAS/Functions/User/New-PASUser.ps1 b/psPAS/Functions/User/New-PASUser.ps1 index b4e0878d..4a45e324 100644 --- a/psPAS/Functions/User/New-PASUser.ps1 +++ b/psPAS/Functions/User/New-PASUser.ps1 @@ -400,7 +400,16 @@ function New-PASUser { ParameterSetName = 'Gen1' )] [Alias('UseClassicAPI')] - [switch]$UseGen1API + [switch]$UseGen1API, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [ValidateSet('SAML', 'PKI', 'FIDO', 'WINDOWS')] + [AllowEmptyCollection()] + [string[]]$allowedAuthenticationMethods ) BEGIN { }#begin @@ -429,6 +438,12 @@ function New-PASUser { } + If ($PSBoundParameters.Keys -match 'allowedAuthenticationMethods') { + + Assert-VersionRequirement -RequiredVersion 14.4 + + } + #Create URL for request $URI = "$($psPASSession.BaseURI)/api/Users" diff --git a/psPAS/Functions/User/Remove-PASUserAllowedAuthenticationMethod.ps1 b/psPAS/Functions/User/Remove-PASUserAllowedAuthenticationMethod.ps1 new file mode 100644 index 00000000..dff76dd3 --- /dev/null +++ b/psPAS/Functions/User/Remove-PASUserAllowedAuthenticationMethod.ps1 @@ -0,0 +1,45 @@ +# .ExternalHelp psPAS-help.xml +function Remove-PASUserAllowedAuthenticationMethod { + [CmdletBinding(SupportsShouldProcess = $true)] + param( + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [int[]]$userIds, + + [parameter( + Mandatory = $true, + ValueFromPipelinebyPropertyName = $true + )] + [string[]]$allowedAuthenticationMethods + ) + + Begin{ + Assert-VersionRequirement -RequiredVersion 14.6 + } + + Process{ + + #Create URL for request + $URI = "$($psPASSession.BaseURI)/API/Users/RemoveAllowedAuthenticationMethods/Bulk" + $boundParameters = $PSBoundParameters | Get-PASParameter + $body = @{'BulkItems' = @($boundParameters)} | ConvertTo-Json -Depth 4 + + if ($PSCmdlet.ShouldProcess($($userIds -join ','), "Remove Allowed Authentication Methods: $($allowedAuthenticationMethods -join ',')")) { + + #send request to web service + $result = Invoke-PASRestMethod -Uri $URI -Method PATCH -Body $Body + + if ($null -ne $result) { + $result + } + + } + + } + + + End{} + +} \ No newline at end of file diff --git a/psPAS/Functions/User/Set-PASUser.ps1 b/psPAS/Functions/User/Set-PASUser.ps1 index adfea8c9..629d83d9 100644 --- a/psPAS/Functions/User/Set-PASUser.ps1 +++ b/psPAS/Functions/User/Set-PASUser.ps1 @@ -413,7 +413,16 @@ function Set-PASUser { ParameterSetName = 'Gen1' )] [Alias('UseClassicAPI')] - [switch]$UseGen1API + [switch]$UseGen1API, + + [parameter( + Mandatory = $false, + ValueFromPipelinebyPropertyName = $true, + ParameterSetName = 'Gen2' + )] + [ValidateSet('SAML', 'PKI', 'FIDO', 'WINDOWS')] + [AllowEmptyCollection()] + [string[]]$allowedAuthenticationMethods ) BEGIN { @@ -441,6 +450,12 @@ function Set-PASUser { } + If ($PSBoundParameters.Keys -match 'allowedAuthenticationMethods') { + + Assert-VersionRequirement -RequiredVersion 14.4 + + } + #Create URL for request $URI = "$($psPASSession.BaseURI)/api/Users/$id" diff --git a/psPAS/Private/ConvertTo-FilterString.ps1 b/psPAS/Private/ConvertTo-FilterString.ps1 index a58c4deb..f7c1f5d0 100644 --- a/psPAS/Private/ConvertTo-FilterString.ps1 +++ b/psPAS/Private/ConvertTo-FilterString.ps1 @@ -15,6 +15,9 @@ Hashtable containing parameter names and values to include in output .PARAMETER QuoteValue Specify this switch to enclose the value of a key value pair in quotes when converting to a filter string +.PARAMETER ExternalVersion +The API version to determine how to handle quotes + .EXAMPLE $input | ConvertTo-FilterString @@ -55,11 +58,20 @@ Encloses value of the key/value pair in quotes. Mandatory = $false, ValueFromPipeline = $false )] - [switch]$QuoteValue + [switch]$QuoteValue, + + [parameter( + Mandatory = $false, + ValueFromPipeline = $false + )] + [string]$LogicalOperator ) Begin { + # Get version from the session + $ExternalVersion = $script:psPASSession.ExternalVersion + } Process { @@ -89,7 +101,14 @@ Encloses value of the key/value pair in quotes. $value = $($Parameters[$PSItem]) - if ($QuoteValue) { $value = """$value""" } + # Determine operator based on API version + if ($ExternalVersion -and $ExternalVersion -ge [version]'14.6') { + # API 14.6+ uses automatic quoting for values with spaces + if ($QuoteValue -or ($value -match '\s')) { $value = """$value""" } + } else { + # API 14.4 and below only quotes when explicitly requested + if ($QuoteValue) { $value = """$value""" } + } $null = $FilterList.Add("$PSItem eq $value") @@ -100,7 +119,12 @@ Encloses value of the key/value pair in quotes. If ($FilterList.count -gt 0) { - @{'filter' = $FilterList -join ' AND ' } + # Only use LogicalOperator for API 14.6+, default to AND for older versions + if ($ExternalVersion -and $ExternalVersion -ge [version]'14.6') { + @{'filter' = $FilterList -join " $LogicalOperator " } + } else { + @{'filter' = $FilterList -join ' AND ' } + } } } diff --git a/psPAS/Private/ConvertTo-QueryString.ps1 b/psPAS/Private/ConvertTo-QueryString.ps1 index af63d720..62a1256b 100644 --- a/psPAS/Private/ConvertTo-QueryString.ps1 +++ b/psPAS/Private/ConvertTo-QueryString.ps1 @@ -12,6 +12,15 @@ Hashtable containing parameter names and values to include in output string .PARAMETER NoEscape Specify to perform no escaping on the returned string. +.PARAMETER Delimiter +Specify the delimiter to use between key-value pairs in the returned string. + +.PARAMETER Base64Encode +Specify to Base64 encode the returned string. + +.PARAMETER URLEncode +Specify to URL encode the returned string. + .EXAMPLE $input | ConvertTo-QueryString @@ -22,6 +31,9 @@ Formats input as: "Key=Value&Key=Value" #> [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'FilterList', Justification = 'False Positive')] [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'NoEscape', Justification = 'False Positive')] + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'Delimiter', Justification = 'False Positive')] + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'Base64Encode', Justification = 'False Positive')] + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', 'URLEncode', Justification = 'False Positive')] [CmdletBinding()] [OutputType('System.String')] param( @@ -35,7 +47,25 @@ Formats input as: "Key=Value&Key=Value" Mandatory = $false, ValueFromPipeline = $false )] - [switch]$NoEscape + [switch]$NoEscape, + + [parameter( + Mandatory = $false, + ValueFromPipeline = $false + )] + [string]$Delimiter, + + [parameter( + Mandatory = $false, + ValueFromPipeline = $false + )] + [switch]$Base64Encode, + + [parameter( + Mandatory = $false, + ValueFromPipeline = $false + )] + [switch]$URLEncode ) Begin { } @@ -44,7 +74,7 @@ Formats input as: "Key=Value&Key=Value" If ($Parameters) { - $Parameters.Keys | ForEach-Object { + $Parameters.GetEnumerator() | ForEach-Object { $FilterList = [Collections.Generic.List[Object]]@() @@ -53,12 +83,12 @@ Formats input as: "Key=Value&Key=Value" If ($NoEscape) { #Return Key=Value string, unescaped. - $Value = "$PSItem=$($Parameters[$PSItem])" + $Value = "$($PSItem.key)=$($PSItem.value)" } Else { #Return Key=Value string, escaped. - $Value = "$PSItem=$($Parameters[$PSItem] | Get-EscapedString)" + $Value = "$($PSItem.key)=$($PSItem.value | Get-EscapedString)" } @@ -68,7 +98,23 @@ Formats input as: "Key=Value&Key=Value" If ($FilterList.count -gt 0) { - $FilterList -join '&' + If($Delimiter) { + #Custom Delimiter + $FilterList = $FilterList -join $Delimiter + }Else { + #Join multiple Key=Value pairs with '&' + $FilterList = $FilterList -join '&' + } + + If($Base64Encode) { + #Base64 Encode the query string + $FilterList = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($FilterList)) + } + + If($URLEncode) { + #URL Encode the query string + $FilterList = [System.Web.HttpUtility]::UrlEncode($FilterList) + } } } @@ -77,6 +123,8 @@ Formats input as: "Key=Value&Key=Value" } - End { } + End { + $FilterList + } } \ No newline at end of file diff --git a/psPAS/Private/Format-FlattenedThemeObject.ps1 b/psPAS/Private/Format-FlattenedThemeObject.ps1 new file mode 100644 index 00000000..9e5b35c0 --- /dev/null +++ b/psPAS/Private/Format-FlattenedThemeObject.ps1 @@ -0,0 +1,61 @@ +function Format-FlattenedThemeObject { + [CmdletBinding()] + param ( + [Parameter(Mandatory, ValueFromPipeline)] + [ValidateNotNull()] + [PSCustomObject]$InputObject, + + [switch]$AsHashtable + ) + + begin { + + function Add-ThemeProperty { + param ( + [PSCustomObject]$Source, + [hashtable]$Target, + [string]$Suffix = '' + ) + foreach ($prop in $Source.PSObject.Properties) { + $name = if ($Suffix) { "$($prop.Name)_$Suffix" } else { $prop.Name } + $Target[$name] = $prop.Value + } + } + + $flatProps = @{} + + } + + process { + + # Top-level props + $flatProps.name = $InputObject.name + $flatProps.isDraft = $InputObject.isDraft + $flatProps.colorsStyle = $InputObject.colors.colorsStyle + + # Inject nested props + Add-ThemeProperty -Source $InputObject.images.main -Target $flatProps + + $definitionMap = @{ + dark = 'Dark' + bright = 'Bright' + } + foreach ($key in $definitionMap.Keys) { + Add-ThemeProperty -Source $InputObject.colors.definitionByType.$key -Target $flatProps -Suffix $definitionMap[$key] + } + + $colorSections = 'main', 'menu', 'advanced' + foreach ($section in $colorSections) { + Add-ThemeProperty -Source $InputObject.colors.$section -Target $flatProps + } + + + } + End{ + if ($AsHashtable) { + return $flatProps + } else { + return [PSCustomObject]$flatProps + } + } +} \ No newline at end of file diff --git a/psPAS/Private/Format-PASThemeObject.ps1 b/psPAS/Private/Format-PASThemeObject.ps1 new file mode 100644 index 00000000..ceccfa7c --- /dev/null +++ b/psPAS/Private/Format-PASThemeObject.ps1 @@ -0,0 +1,155 @@ +Function Format-PASThemeObject { + <# + .SYNOPSIS + Creates object in the expected format for adding or updating PAS Themes + + .DESCRIPTION + From a hashtable provided as input, nests key/value pairs under expected key. + Returns object structured as required to be converted to json and used as payload to create or update PAS theme. + Designed to be consumed by New-PASTheme & Set-PASTheme. + + .PARAMETER UserProperties + A hashtable containing the key/values to create or update a PAS Theme + + .EXAMPLE + $ParameterValues | Format-PASThemeObject + #> + [CmdletBinding()] + param( + [parameter( + Mandatory = $true, + ValueFromPipeline = $true + )] + [hashtable]$ThemeProperties + ) + + Begin { + $images = [Collections.Generic.List[String]]@('mainBackgroundImage', 'mainLogoDark', 'advancedSmallLogo', 'advancedSymbolLogo') + $colors = [Collections.Generic.List[String]]@('colorsStyle') + $colorDefinitionByType_Dark = [Collections.Generic.List[String]]@('backgroundMain_Dark', 'borderMain_Dark', 'textMain_Dark', 'disableMain_Dark', 'disableTextPrimary_Dark', 'disableBackgroundPrimary_Dark', 'successPrimary_Dark', 'successSecondary_Dark', 'warningPrimary_Dark', 'warningSecondary_Dark', 'infoPrimary_Dark', 'infoSecondary_Dark', 'errorPrimary_Dark', 'errorSecondary_Dark') + $colorDefinitionByType_Bright = [Collections.Generic.List[String]]@('backgroundMain_Bright', 'borderMain_Bright', 'textMain_Bright', 'disableMain_Bright', 'disableTextPrimary_Bright', 'disableBackgroundPrimary_Bright', 'successPrimary_Bright', 'successSecondary_Bright', 'warningPrimary_Bright', 'warningSecondary_Bright', 'infoPrimary_Bright', 'infoSecondary_Bright', 'errorPrimary_Bright', 'errorSecondary_Bright') + $main = [Collections.Generic.List[String]]@('mainColor', 'selectedMain', 'hoverMain', 'defaultButtonTextPrimary') + $menu = [Collections.Generic.List[String]]@('menuLogoBackground', 'menuBackground', 'menuHoverBackground', 'menuActiveBackgroundPrimary','menuActiveBackgroundSecondary', 'menuText', 'menuTextActive', 'menuIcon') + $advanced = [Collections.Generic.List[String]]@('backgroundMain', 'borderMain', 'textMain') + + $theme = [ordered]@{ + name = "" + isDraft = "" + images = [ordered]@{ + main = [ordered]@{ + mainBackgroundImage = "" + mainLogoDark = "" + advancedSmallLogo = "" + advancedSymbolLogo = "" + } + } + colors = [ordered]@{ + colorsStyle = "" + definitionByType = [ordered]@{ + dark = [ordered]@{ + backgroundMain = "" + borderMain = "" + textMain = "" + disableMain = "" + disableTextPrimary = "" + disableBackgroundPrimary = "" + successPrimary = "" + successSecondary = "" + warningPrimary = "" + warningSecondary = "" + infoPrimary = "" + infoSecondary = "" + errorPrimary = "" + errorSecondary = "" + } + bright = [ordered]@{ + backgroundMain = "" + borderMain = "" + textMain = "" + disableMain = "" + disableTextPrimary = "" + disableBackgroundPrimary = "" + successPrimary = "" + successSecondary = "" + warningPrimary = "" + warningSecondary = "" + infoPrimary = "" + infoSecondary = "" + errorPrimary = "" + errorSecondary = "" + } + } + main = [ordered]@{ + mainColor = "" + selectedMain = "" + hoverMain = "" + defaultButtonTextPrimary = "" + } + menu = [ordered]@{ + menuLogoBackground = "" + menuBackground = "" + menuHoverBackground = "" + menuActiveBackgroundPrimary = "" + menuActiveBackgroundSecondary= "" + menuText = "" + menuTextActive = "" + menuIcon = "" + } + advanced = [ordered]@{ + backgroundMain = "" + borderMain = "" + textMain = "" + } + } + } + + + } + + Process { + + #Process each key of the input hashtable + #Populate the output hashtable + switch ($ThemeProperties.keys) { + + { $images -contains $PSItem } { + $theme['images']['main'][$PSitem] = $ThemeProperties[$PSItem] + } + + { $colors -contains $PSItem } { + $theme['colors'][$PSitem] = $ThemeProperties[$PSItem] + } + + { $colorDefinitionByType_Dark -contains $PSItem } { + $theme['colors']['definitionByType']['dark'][$($PSItem -replace '_Dark', '')] = $ThemeProperties[$PSItem] + } + + { $colorDefinitionByType_Bright -contains $PSItem } { + $theme['colors']['definitionByType']['bright'][$($PSItem -replace '_Bright', '')] = $ThemeProperties[$PSItem] + } + + { $main -contains $PSItem } { + $theme['colors']['main'][$PSitem] = $ThemeProperties[$PSItem] + } + + { $menu -contains $PSItem } { + $theme['colors']['menu'][$PSitem] = $ThemeProperties[$PSItem] + } + + { $advanced -contains $PSItem } { + $theme['colors']['advanced'][$PSitem] = $ThemeProperties[$PSItem] + } + + default { + $theme[$PSItem] = $ThemeProperties[$PSItem] + } + + } + + } + + End { + $theme + } + +} \ No newline at end of file diff --git a/psPAS/Private/Format-PutRequestObject.ps1 b/psPAS/Private/Format-PutRequestObject.ps1 index 2050cc33..12525b4d 100644 --- a/psPAS/Private/Format-PutRequestObject.ps1 +++ b/psPAS/Private/Format-PutRequestObject.ps1 @@ -11,7 +11,7 @@ Function Format-PutRequestObject { The object representing current property values of an object to be updated .PARAMETER boundParameters - The current request paramters for the update operation + The current request parameters for the update operation .PARAMETER ParametersToRemove Any parameter names from the input object which should not be included in the update request @@ -64,7 +64,7 @@ Function Format-PutRequestObject { Process { - #ParametersToKeep or ParametersToRemove paramters to pass to Get-PASParameter + #ParametersToKeep or ParametersToRemove parameters to pass to Get-PASParameter $PasParameters = $PSBoundParameters | Get-PASParameter -ParametersToKeep ParametersToKeep, ParametersToRemove #Add properties of inputobject to ExistingProperties hashtable @@ -77,7 +77,7 @@ Function Format-PutRequestObject { #* Keep or remove properties based on the input requirements for the PUT request. $ExistingParameters = $ExistingProperties | Get-PASParameter @PasParameters - #If boundparameters does not include the existing propertyname, i.e. the property is not being udpated in the request: + #If boundparameters does not include the existing property name, i.e. the property is not being updated in the request: # Add the existing property to boundparameters for inclusion in a PUT request $ExistingParameters.Keys | ForEach-Object { If (-not($boundParameters.ContainsKey($PSItem))) { diff --git a/psPAS/Private/Get-NextLink.ps1 b/psPAS/Private/Get-NextLink.ps1 index a833ff13..902ac24f 100644 --- a/psPAS/Private/Get-NextLink.ps1 +++ b/psPAS/Private/Get-NextLink.ps1 @@ -71,7 +71,7 @@ Function Get-NextLink { Process { switch ($InitialResult) { - #SH & PCloud result and nextLink proprty names differ + #SH & PCloud result and nextLink property names differ #*Figure out what properties we are dealing with here { $null -ne $PSItem.value } { $ResultProperty = 'value' diff --git a/psPAS/Private/Get-PASPropertyObject.ps1 b/psPAS/Private/Get-PASPropertyObject.ps1 index 9173dcbb..46bcaf45 100644 --- a/psPAS/Private/Get-PASPropertyObject.ps1 +++ b/psPAS/Private/Get-PASPropertyObject.ps1 @@ -8,7 +8,7 @@ Function Get-PASPropertyObject { This function returns all property values as root level properties of the output object. - Facilitates sending existing property values as parametes for Set-PAS* commands. + Facilitates sending existing property values as parameters for Set-PAS* commands. .PARAMETER InputObject The input object to flatten diff --git a/psPAS/Private/Get-PASSAMLResponse.ps1 b/psPAS/Private/Get-PASSAMLResponse.ps1 index d3558711..f9197c89 100644 --- a/psPAS/Private/Get-PASSAMLResponse.ps1 +++ b/psPAS/Private/Get-PASSAMLResponse.ps1 @@ -34,9 +34,45 @@ https://gist.github.com/infamousjoeg/b44faa299ec3de65bdd1d3b8474b0649 if ($PSCmdlet.ShouldProcess($Uri, 'SAML Auth')) { - $WebResponse = Invoke-WebRequest -Uri $Uri -MaximumRedirection 0 -ErrorAction SilentlyContinue -UseBasicParsing + #If Tls12 Security Protocol is available + if (([Net.SecurityProtocolType].GetEnumNames() -contains 'Tls12') -and - $SAMLResponse = Invoke-WebRequest -Uri $($WebResponse.links.href) -MaximumRedirection 1 -UseDefaultCredentials -UseBasicParsing + #And Tls12 is not already in use + (-not ([System.Net.ServicePointManager]::SecurityProtocol -match 'Tls12'))) { + + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + + } + + $Request = @{} + + #Use TLS 1.2 + if (Test-IsCoreCLR) { + + $Request.Add('SslProtocol', 'TLS12') + + } + $Request['Uri'] = $Uri + $Request['MaximumRedirection'] = 0 + $Request['ErrorAction'] = 'SilentlyContinue' + $Request['UseBasicParsing'] = $true + + $WebResponse = Invoke-WebRequest @Request + + $Request = @{} + + #Use TLS 1.2 + if (Test-IsCoreCLR) { + + $Request.Add('SslProtocol', 'TLS12') + + } + $Request['Uri'] = $($WebResponse.links.href) + $Request['MaximumRedirection'] = 1 + $Request['UseDefaultCredentials'] = $true + $Request['UseBasicParsing'] = $true + + $SAMLResponse = Invoke-WebRequest @Request If ($SAMLResponse.InputFields[0].name -eq 'SAMLResponse') { diff --git a/psPAS/Private/Invoke-PASRestMethod.ps1 b/psPAS/Private/Invoke-PASRestMethod.ps1 index a02bd1f1..0c8e9603 100644 --- a/psPAS/Private/Invoke-PASRestMethod.ps1 +++ b/psPAS/Private/Invoke-PASRestMethod.ps1 @@ -210,9 +210,12 @@ Process { - #Show sanitised request body if in debug mode + #Show URI, Method & sanitised request body if in debug mode If ([System.Management.Automation.ActionPreference]::SilentlyContinue -ne $DebugPreference) { + Write-Debug "[Uri] $URI" + Write-Debug "[Method] $Method" + If (($PSBoundParameters.ContainsKey('Body')) -and (($PSBoundParameters['Body']).GetType().Name -eq 'String')) { Write-Debug "[Body] $(Hide-SecretValue -InputValue $Body)" @@ -339,12 +342,27 @@ #Inner error details are present if ($Response.Details) { - #Join Inner Error Text to Error Message - $ErrorMessage = $ErrorMessage, $(($Response.Details | Select-Object -ExpandProperty ErrorMessage) -join ', ') -join ': ' + if($Response.Details -is [Array]){ + + #array of details is returned for operations which return collections + $detailText = $Response.Details | ForEach-Object { + $obj = $_ + #Join each array element into a single string + $props = $obj | Get-Member -MemberType Properties | Select-Object -ExpandProperty Name + ($props | ForEach-Object { "$_=$($obj.$_)" }) -join '; ' + } + + #Join the array element details to the Error Message + $ErrorMessage = $ErrorMessage, $($detailText -join "`n") -join "`n" - #Join Inner Error Codes to ErrorID - $ErrorID = $ErrorID, $(($Response.Details | Select-Object -ExpandProperty ErrorCode) -join ',') -join ',' + } + else{ + #Join Inner Error Text to Error Message + $ErrorMessage = $ErrorMessage, $(($Response.Details | Select-Object -ExpandProperty ErrorMessage) -join ', ') -join ': ' + #Join Inner Error Codes to ErrorID + $ErrorID = $ErrorID, $(($Response.Details | Select-Object -ExpandProperty ErrorCode) -join ',') -join ',' + } } } catch { diff --git a/psPAS/Private/Out-PASFile.ps1 b/psPAS/Private/Out-PASFile.ps1 index e8469dc1..64a47ef4 100644 --- a/psPAS/Private/Out-PASFile.ps1 +++ b/psPAS/Private/Out-PASFile.ps1 @@ -44,11 +44,19 @@ function Out-PASFile { } - #Get filename from Content-Disposition Header element. - $FileName = ($InputObject.Headers['Content-Disposition'] -split 'filename=')[1] -replace '"' + If(Test-Path -Path $Path -PathType Container){ - #Define output path - $OutputPath = Join-Path $Path $FileName + If($InputObject.Headers.ContainsKey('Content-Disposition')) { + #Get filename from Content-Disposition Header element. + $FileName = ($InputObject.Headers['Content-Disposition'] -split 'filename=')[1] -replace '"' + } + + #Define output path + $OutputPath = Join-Path $Path $FileName + + } Else{ + $OutputPath = $Path #assume full path provided + } if ($PSCmdlet.ShouldProcess($OutputPath, 'Save File')) { diff --git a/psPAS/Private/Test-IsMultiValue.ps1 b/psPAS/Private/Test-IsMultiValue.ps1 new file mode 100644 index 00000000..b06b5633 --- /dev/null +++ b/psPAS/Private/Test-IsMultiValue.ps1 @@ -0,0 +1,45 @@ +function Test-IsMultiValue { + <# + .SYNOPSIS + Tests if the input is a multi-value collection. + + .DESCRIPTION + This function checks if the provided input is a collection with more than one item. + It returns $true for collections like arrays or lists with multiple items, and $false otherwise. + + .PARAMETER Input + The input object to test. + + .EXAMPLE + PS C:\> Test-IsMultiValue -Input @(1, 2, 3) + True + + .EXAMPLE + PS C:\> Test-IsMultiValue -Input "SingleValue" + False + + .EXAMPLE + PS C:\> Test-IsMultiValue -Input $null + False + + .NOTES + Author: Pete Maan + Date: August 2025 + #> + [CmdletBinding()] + param ( + [Parameter(Mandatory)] + [object]$Value + ) + + if ($null -eq $Value) { + return $false + } + + # If it's an array with more than one item, it's multivalued + if ($Value -is [System.Array] -and $Value.Count -gt 1) { + return $true + } + + return $false +} diff --git a/psPAS/en-US/psPAS-help.xml b/psPAS/en-US/psPAS-help.xml index d885ec10..83f6286e 100644 --- a/psPAS/en-US/psPAS-help.xml +++ b/psPAS/en-US/psPAS-help.xml @@ -170,6 +170,20 @@ False + + AllowAccountDuplications + + Whether to allow duplicated accounts to be added to the system. + This parameter is only enforced only if AccountDuplicationEnforcementLevel in the General Configurations is set to Notify or Prevent. + Only Applies to Self Hosted, and requires version 14.6 + + Boolean + + Boolean + + + None + Add-PASAccount @@ -741,6 +755,20 @@ None + + AllowAccountDuplications + + Whether to allow duplicated accounts to be added to the system. + This parameter is only enforced only if AccountDuplicationEnforcementLevel in the General Configurations is set to Notify or Prevent. + Only Applies to Self Hosted, and requires version 14.6 + + Boolean + + Boolean + + + None + @@ -2297,6 +2325,243 @@ Add-PASAccount -address domain -userName ThisUser -platformID UNIXVIASSHCERTIFIC + + + Add-PASDependentAccount + Add + PASDependentAccount + + Adds a dependent account to an existing account + + + + Adds a dependent account to an existing account. The dependent account is created in the same Safe and folder as the master account. + The user performing this task must have the "Add Accounts" permissions on the Safe: + + + + Add-PASDependentAccount + + AccountId + + The account id of the master account + + String + + String + + + None + + + name + + The name of the dependent account + + String + + String + + + None + + + platformId + + Unique identifier of the dependent platform + + String + + String + + + None + + + platformAccountProperties + + Hashtable containing key-value pairs to associate with the dependent account, as defined by the dependent account platform. + + Hashtable + + Hashtable + + + None + + + automaticManagementEnabled + + Whether the account secret is automatically managed by the CPM + + Boolean + + Boolean + + + False + + + manualManagementReason + + The reason for disabling automatic secret management + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + AccountId + + The account id of the master account + + String + + String + + + None + + + name + + The name of the dependent account + + String + + String + + + None + + + platformId + + Unique identifier of the dependent platform + + String + + String + + + None + + + platformAccountProperties + + Hashtable containing key-value pairs to associate with the dependent account, as defined by the dependent account platform. + + Hashtable + + Hashtable + + + None + + + automaticManagementEnabled + + Whether the account secret is automatically managed by the CPM + + Boolean + + Boolean + + + False + + + manualManagementReason + + The reason for disabling automatic secret management + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Add-PASDependentAccount -AccountId 12_34 -name "windows-1.2.3.4-service-test" -platformId 10 -platformAccountProperties @{"address"="1.2.3.4";"servicename"="test"} + + Adds a Dependent Account with the specified property values + + + + + + https://pspas.pspete.dev/commands/Add-PASDependentAccount + https://pspas.pspete.dev/commands/Add-PASDependentAccount + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/add-dependent-account.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/add-dependent-account.htm + + + Add-PASDirectory @@ -4900,7 +5165,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Add-PASDiscoveredLocalAccount -type windows -identifiers @{'username'='administrator'; 'address'='somemachine.pspete.dev'} Adds the specified local account as a discovered local account. @@ -5433,7 +5698,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Add-PASOpenIDConnectProvider -id SomeOIDCProvider -discoveryEndpointUrl https://SomeURLValue -clientId SomeID -clientSecretMethod POST @@ -6136,7 +6401,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Add-PASPersonalAdminAccount -address somedomain -userName someUser -secret $SomePassword Adds Personal Admin Account to private dedicated Safe. @@ -6445,7 +6710,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Add-PASPTAExcludedTarget -cidr 192.168.60.10/24 Adds 192.168.60.10/24 as an excluded target in PTA administration @@ -6637,7 +6902,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Add-PASPTAGlobalCatalog -ldap_certificate $Base64Cert -ldap_server GC.domain.com -ssl $true -ldap_port 3269 -upn user@domain.com -ldapPassword $SecureString Adds Global Catalog to PTA configuration @@ -6753,7 +7018,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Add-PASPTAIncludedTarget -cidr 192.168.60.10/24 Adds 192.168.60.10/24 as an included target in PTA administration @@ -6893,7 +7158,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Add-PASPTAPrivilegedGroup -domain SomeDomain.com -group SomeGroup Adds SomeGroup as to PrivilegedDomainGroupsList in PTA @@ -7033,7 +7298,7 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Add-PASPTAPrivilegedUser -platform WINDOWS -user AdminUser Adds AdminUser to PrivilegedUsersList in PTA @@ -7354,6 +7619,241 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( + + + Add-PASPTASyslog + Add + PASPTASyslog + + Add a SYSLOG configuration to PTA + + + + Add a new SYSLOG configuration to PTA + This API is not officially documented, so this help file may not help 100% + + + + Add-PASPTASyslog + + siem + + A name for the SIEM configuration + + String + + String + + + None + + + format + + CEF or LEEF format + + String + + String + + + None + + + host + + The SYSLOG host + + String + + String + + + None + + + port + + The SYSLOG port + + Int32 + + Int32 + + + 0 + + + protocol + + The SYSLOG protocol + + String + + String + + + None + + + CertificateFile + + The certificate file for SYSLOG connectivity + + String + + String + + + None + + + syslogType + + The SYSLOG type + + String + + String + + + None + + + tcpOctetCounting + + Whether to set TCP Octet Counting + + Boolean + + Boolean + + + False + + + + + + siem + + A name for the SIEM configuration + + String + + String + + + None + + + format + + CEF or LEEF format + + String + + String + + + None + + + host + + The SYSLOG host + + String + + String + + + None + + + port + + The SYSLOG port + + Int32 + + Int32 + + + 0 + + + protocol + + The SYSLOG protocol + + String + + String + + + None + + + CertificateFile + + The certificate file for SYSLOG connectivity + + String + + String + + + None + + + syslogType + + The SYSLOG type + + String + + String + + + None + + + tcpOctetCounting + + Whether to set TCP Octet Counting + + Boolean + + Boolean + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Add-PASPTASyslog -siem SomeSIEM -format CEF -host SOMEHOST.domain.com -port 514 -protocol UDP -syslogType SomeType -tcpOctetCounting $false + + Adds the specified SYSLOG configuration to PTA + + + + + + https://pspas.pspete.dev/commands/Add-PASPTASyslog + https://pspas.pspete.dev/commands/Add-PASPTASyslog + + + Add-PASPublicSSHKey @@ -8307,21 +8807,6 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( False - - RequestsAuthorizationLevel - - Integer value defining level assigned to RequestsAuthorizationLevel for safe member. - Valid Values: 0, 1 or 2 - Get-PASSafeMember (Gen1) may not return details of this permission - Deprecated from version 12.3 - - Int32 - - Int32 - - - 0 - AccessWithoutConfirmation @@ -8373,18 +8858,45 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( False - - UseGen1API + + requestsAuthorizationLevel1 - Force use of Gen1 API. - Should be specified for versions earlier than 12.1 - Deprecated from version 12.3 + Request Authorization Level 1 + Minimum required version 12.1 + Boolean - SwitchParameter + Boolean - False + None + + + requestsAuthorizationLevel2 + + Request Authorization Level 2 + Minimum required version 12.1 + + Boolean + + Boolean + + + None + + + memberType + + The member type. + Accepts Values: User, Group, Role + Minimum required version 12.6 + + String + + String + + + None @@ -8648,6 +9160,21 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( False + + RequestsAuthorizationLevel + + Integer value defining level assigned to RequestsAuthorizationLevel for safe member. + Valid Values: 0, 1 or 2 + Get-PASSafeMember (Gen1) may not return details of this permission + Deprecated from version 12.3 + + Int32 + + Int32 + + + 0 + AccessWithoutConfirmation @@ -8699,28 +9226,380 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( False + + UseGen1API + + Force use of Gen1 API. + Should be specified for versions earlier than 12.1 + Deprecated from version 12.3 + + + SwitchParameter + + + False + + + + Add-PASSafeMember + + SafeName + + The name of the safe to add the member to + + String + + String + + + None + + + MemberName + + Vault or Domain User, or Group, to add as member. + Must not contain '&' (ampersand). + + String + + String + + + None + - requestsAuthorizationLevel1 + SearchIn - Request Authorization Level 1 - Minimum required version 12.1 + The Vault or Domain, defined in the vault, + in which to search for the member to add to the safe. - Boolean + String - Boolean + String None - requestsAuthorizationLevel2 + MembershipExpirationDate - Request Authorization Level 2 - Minimum required version 12.1 + Defines when the user's Safe membership expires. - Boolean + DateTime - Boolean + DateTime + + + None + + + memberType + + The member type. + Accepts Values: User, Group, Role + Minimum required version 12.6 + + String + + String + + + None + + + Full + + Adds Full permissions for user on safe + + + SwitchParameter + + + False + + + + Add-PASSafeMember + + SafeName + + The name of the safe to add the member to + + String + + String + + + None + + + MemberName + + Vault or Domain User, or Group, to add as member. + Must not contain '&' (ampersand). + + String + + String + + + None + + + SearchIn + + The Vault or Domain, defined in the vault, + in which to search for the member to add to the safe. + + String + + String + + + None + + + MembershipExpirationDate + + Defines when the user's Safe membership expires. + + DateTime + + DateTime + + + None + + + memberType + + The member type. + Accepts Values: User, Group, Role + Minimum required version 12.6 + + String + + String + + + None + + + AccountsManager + + Adds Account Manager permissions for user on safe + + + SwitchParameter + + + False + + + + Add-PASSafeMember + + SafeName + + The name of the safe to add the member to + + String + + String + + + None + + + MemberName + + Vault or Domain User, or Group, to add as member. + Must not contain '&' (ampersand). + + String + + String + + + None + + + SearchIn + + The Vault or Domain, defined in the vault, + in which to search for the member to add to the safe. + + String + + String + + + None + + + MembershipExpirationDate + + Defines when the user's Safe membership expires. + + DateTime + + DateTime + + + None + + + memberType + + The member type. + Accepts Values: User, Group, Role + Minimum required version 12.6 + + String + + String + + + None + + + Approver + + Adds Approver permissions for user on safe + + + SwitchParameter + + + False + + + + Add-PASSafeMember + + SafeName + + The name of the safe to add the member to + + String + + String + + + None + + + MemberName + + Vault or Domain User, or Group, to add as member. + Must not contain '&' (ampersand). + + String + + String + + + None + + + SearchIn + + The Vault or Domain, defined in the vault, + in which to search for the member to add to the safe. + + String + + String + + + None + + + MembershipExpirationDate + + Defines when the user's Safe membership expires. + + DateTime + + DateTime + + + None + + + memberType + + The member type. + Accepts Values: User, Group, Role + Minimum required version 12.6 + + String + + String + + + None + + + ReadOnly + + Adds Read Only permissions for user on safe + + + SwitchParameter + + + False + + + + Add-PASSafeMember + + SafeName + + The name of the safe to add the member to + + String + + String + + + None + + + MemberName + + Vault or Domain User, or Group, to add as member. + Must not contain '&' (ampersand). + + String + + String + + + None + + + SearchIn + + The Vault or Domain, defined in the vault, + in which to search for the member to add to the safe. + + String + + String + + + None + + + MembershipExpirationDate + + Defines when the user's Safe membership expires. + + DateTime + + DateTime None @@ -8739,6 +9618,17 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( None + + ConnectOnly + + Adds Connect Only permissions for user on safe + + + SwitchParameter + + + False + @@ -9121,6 +10011,66 @@ Add-PASDiscoveredAccount -UserName ServiceUser -Address 1.2.3.4 -discoveryDate ( None + + AccountsManager + + Adds Account Manager permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + Approver + + Adds Approver permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + ConnectOnly + + Adds Connect Only permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + Full + + Adds Full permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + ReadOnly + + Adds Read Only permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + @@ -9195,37 +10145,176 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - Approve-PASRequest - Approve - PASRequest + Add-PASUserAllowedAuthenticationMethod + Add + PASUserAllowedAuthenticationMethod - Confirm a single request + Adds allowed authentication methods to multiple Vault users. - Enables a request confirmer to confirm a single request, identified by its requestID. - Officially supported from version 9.10. - Reports received that function works in 9.9 also. + Adds new authentication methods to a list of accounts in a single request. - Approve-PASRequest + Add-PASUserAllowedAuthenticationMethod - RequestId + userIds - The ID of the request to confirm + A list of user IDs to add the allowed authentication methods to - String + Int32[] - String + Int32[] None - - Reason + + allowedAuthenticationMethods - The reason why the request is approved + A list of the non-Vault authentication methods (specified by ID) that the users can use to log on. + + String[] + + String[] + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + userIds + + A list of user IDs to add the allowed authentication methods to + + Int32[] + + Int32[] + + + None + + + allowedAuthenticationMethods + + A list of the non-Vault authentication methods (specified by ID) that the users can use to log on. + + String[] + + String[] + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Add-PASUserAllowedAuthenticationMethod -userIds 36,37 -allowedAuthenticationMethods SAML, RADIUS + + Adds specified authentication methods to specified users + + + + + + https://pspas.pspete.dev/commands/Add-PASUserAllowedAuthenticationMethod + https://pspas.pspete.dev/commands/Add-PASUserAllowedAuthenticationMethod + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-add-allowed-auth.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-add-allowed-auth.htm + + + + + + Approve-PASRequest + Approve + PASRequest + + Confirm a single request + + + + Enables a request confirmer to confirm a single request, identified by its requestID. + Bulk Confirmation of requests is supported from Version 14.6 + + + + Approve-PASRequest + + RequestId + + The ID(s) of the request(s) to confirm Specify multiple requestIDs to confirm in bulk using a single request (Requires version 14.6) + + String[] + + String[] + + + None + + + Reason + + The reason why the request is approved String @@ -9259,19 +10348,19 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - + RequestId - The ID of the request to confirm + The ID(s) of the request(s) to confirm Specify multiple requestIDs to confirm in bulk using a single request (Requires version 14.6) - String + String[] - String + String[] None - + Reason The reason why the request is approved @@ -9313,6 +10402,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn Minimum CyberArk Version 9.10 + Bulk Confirmation requires version 14.6 @@ -9333,6 +10423,10 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ConfirmRequest.htm https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ConfirmRequest.htm + + https://docs.cyberark.com/pam-self-hosted/14.6/en/content/webservices/bulkconfirmrequest.htm + https://docs.cyberark.com/pam-self-hosted/14.6/en/content/webservices/bulkconfirmrequest.htm + @@ -9410,7 +10504,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Clear-PASDiscoveredAccountList Deletes all discovered accounts from the Pending Accounts list. @@ -9511,7 +10605,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Clear-PASDiscoveredLocalAccount Initiates Delete All discovered local accounts action. @@ -9657,7 +10751,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Clear-PASLinkedAccount -AccountID 12_34 -extraPasswordIndex 3 Clears extraPass3 from account with ID 12_34 @@ -9704,7 +10798,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Clear-PASPrivateSSHKey Delete all MFA caching SSH keys @@ -10454,9 +11548,9 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - Enables a request confirmer to reject a single request, identified by its requestID. + Enables a request confirmer to reject requests identified by their requestID. Officially supported from version 9.10. - Reports received that function works in 9.9 also. + Bulk rejection of requests using a single command invocation is supported from version 14.6 @@ -10464,11 +11558,11 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn RequestId - The ID of the request to confirm + The ID of the request(s) to reject - String + String[] - String + String[] None @@ -10476,7 +11570,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn Reason - The reason why the request is approved + The reason why the request is rejected String @@ -10513,11 +11607,11 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn RequestId - The ID of the request to confirm + The ID of the request(s) to reject - String + String[] - String + String[] None @@ -10525,7 +11619,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn Reason - The reason why the request is approved + The reason why the request is rejected String @@ -10574,6 +11668,13 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn Denies request <ID> + + -------------------------- EXAMPLE 2 -------------------------- + Deny-PASRequest -RequestID SomeSafe1_1, SomeSafe1_2, SomeSafe1_3 -Reason " Some Reason" + + Denies requests SomeSafe1_1, SomeSafe1_2 & SomeSafe1_3 + + @@ -10584,6 +11685,10 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RejectRequest.htm https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RejectRequest.htm + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulkrejectrequest.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulkrejectrequest.htm + @@ -11070,7 +12175,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Disable-PASUser -id 1234 Disables the vault user with id 1234 @@ -11447,30 +12552,30 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - Enable-PASUser + Enable-PASTheme Enable - PASUser + PASTheme - Enables a specific vault user. + Activate Theme - Reenables a disabled vault user + Sets a specific theme. It can be the default one or custom themes - Enable-PASUser - - id + Enable-PASTheme + + ThemesNames - The unique numerical id of the user + The Name of the theme to activate - Int32 + String[] - Int32 + String[] - 0 + None WhatIf @@ -11497,17 +12602,17 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - - id + + ThemesNames - The unique numerical id of the user + The Name of the theme to activate - Int32 + String[] - Int32 + String[] - 0 + None WhatIf @@ -11543,67 +12648,50 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- - Enable-PASUser -id 1234 + -------------------------- EXAMPLE 1 -------------------------- + Enable-PASTheme -ThemesNames "Default Dark" - Enables the vault user with id 1234 + Sets the theme to the default dark theme - Online Version: - https://pspas.pspete.dev/commands/Enable-PASPlatform + https://pspas.pspete.dev/commands/Enable-PASTheme + https://pspas.pspete.dev/commands/Enable-PASTheme - https://pspas.pspete.dev/commands/Enable-PASUser - https://pspas.pspete.dev/commands/Enable-PASUser - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Enable-user.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Enable-user.htm + https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-activate.htm + https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-activate.htm - Export-PASPlatform - Export - PASPlatform + Enable-PASUser + Enable + PASUser - Export a platform + Enables a specific vault user. - Export a platform to a zip file in order to import it to a different Vault environment. - Vault Admin group membership required. + Reenables a disabled vault user - Export-PASPlatform + Enable-PASUser - PlatformID - - The name of the platform. - - String - - String - - - None - - - path + id - The folder to export the platform configuration to. + The unique numerical id of the user - String + Int32 - String + Int32 - None + 0 WhatIf @@ -11631,28 +12719,161 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - PlatformID - - The name of the platform. - - String - - String - - - None - - - path + id - The folder to export the platform configuration to. + The unique numerical id of the user - String + Int32 - String + Int32 - None + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Enable-PASUser -id 1234 + + Enables the vault user with id 1234 + + + + + + Online Version: + https://pspas.pspete.dev/commands/Enable-PASPlatform + + + https://pspas.pspete.dev/commands/Enable-PASUser + https://pspas.pspete.dev/commands/Enable-PASUser + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Enable-user.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Enable-user.htm + + + + + + Export-PASPlatform + Export + PASPlatform + + Export a platform + + + + Export a platform to a zip file in order to import it to a different Vault environment. + Vault Admin group membership required. + + + + Export-PASPlatform + + PlatformID + + The name of the platform. + + String + + String + + + None + + + path + + The folder to export the platform configuration to. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + PlatformID + + The name of the platform. + + String + + String + + + None + + + path + + The folder to export the platform configuration to. + + String + + String + + + None WhatIf @@ -11800,6 +13021,317 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn + + + Export-PASReport + Export + PASReport + + Exports a report to an Excel or CSV + + + + Exports a report to an Excel or CSV + + + + Export-PASReport + + ReportFormat + + The format to export the report in - XLSX + - XLS + - CSV + + String + + String + + + None + + + path + + The path to save the report to + For CSV reports, the path must include the required filename. + + String + + String + + + None + + + FileName + + The name of the report file to export from the Report Safe + + String + + String + + + None + + + Folder + + The folder in the Report Safe the report is stored in + + String + + String + + + None + + + Safe + + The Safe the report is stored in + + String + + String + + + None + + + Type + + The Type name of the report to be exported + + String + + String + + + None + + + + + + ReportFormat + + The format to export the report in - XLSX + - XLS + - CSV + + String + + String + + + None + + + path + + The path to save the report to + For CSV reports, the path must include the required filename. + + String + + String + + + None + + + FileName + + The name of the report file to export from the Report Safe + + String + + String + + + None + + + Folder + + The folder in the Report Safe the report is stored in + + String + + String + + + None + + + Safe + + The Safe the report is stored in + + String + + String + + + None + + + Type + + The Type name of the report to be exported + + String + + String + + + None + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Export-PASReport -Safe 'PVWAReports' -Folder 'Root\33' ` + -FileName 'InventoryReports.InventoryReportUI_2025-09-07_180314.094.xml' ` + -Type 'InventoryReports.InventoryReportUI' -ReportFormat XLSX -path C:\Temp\ + + Exports a report in XLSX format + + + + -------------------------- Example 2 -------------------------- + PS C:\> Export-PASReport -Safe 'PVWAReports' -Folder 'Root\33' ` + -FileName 'InventoryReports.InventoryReportUI_2025-09-07_180314.094.xml' ` + -Type 'InventoryReports.InventoryReportUI' -ReportFormat XLS -path C:\Temp\ + + Exports a report in XLS format + + + + -------------------------- Example 3 -------------------------- + PS C:\> Export-PASReport -Safe 'PVWAReports' -Folder 'Root\33' ` + -FileName 'InventoryReports.InventoryReportUI_2025-09-07_180314.094.xml' ` + -Type 'InventoryReports.InventoryReportUI' -ReportFormat CSV -path C:\Temp\Report.csv + + Exports a report in CSV format + + + + + + https://pspas.pspete.dev/commands/Add-PASUserAllowedAuthenticationMethod + https://pspas.pspete.dev/commands/Export-PASReport + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/download-report.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/download-report.htm + + + + + + Export-PASThemeImage + Export + PASThemeImage + + Retrieves a specific image. + + + + Retrieves a specific image. + Requires Vault Admin Privileges + + + + Export-PASThemeImage + + imageName + + The name of the image to retrieve + + String + + String + + + None + + + Path + + The folder to export the image to. + + String + + String + + + None + + + + + + imageName + + The name of the image to retrieve + + String + + String + + + None + + + Path + + The folder to export the image to. + + String + + String + + + None + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Export-PASThemeImage -imageName SomeImage -Path C:\SomeFolder + + Retrieves the theme image to the specified location + + + + + + https://pspas.pspete.dev/commands/Export-PASThemeImage + https://pspas.pspete.dev/commands/Export-PASThemeImage + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-ret-image.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-ret-image.htm + + + Find-PASSafe @@ -12061,6 +13593,19 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn None + + LogicalOperator + + Specify either the 'OR' or 'AND' logical operator to apply against provided search parameters. + Default mode of operation is 'AND' + + String + + String + + + None + Get-PASAccount @@ -12253,6 +13798,19 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn None + + LogicalOperator + + Specify either the 'OR' or 'AND' logical operator to apply against provided search parameters. + Default mode of operation is 'AND' + + String + + String + + + None + @@ -12624,7 +14182,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Get-PASAccountDetail -id 123_45 Displays extended details of account with id 123_45 @@ -13323,14 +14881,14 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Get-PASAccountPasswordVersion -AccountID 32_1 Get password versions for account with ID 32_1 - -------------------------- Example 2 -------------------------- + -------------------------- EXAMPLE 2 -------------------------- PS C:\> Get-PASAccountPasswordVersion -AccountID 32_1 -showTemporary $true Get password versions, including temporary versions for account with ID 32_1 @@ -13348,6 +14906,52 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn + + + Get-PASAccountSearchProperty + Get + PASAccountSearchProperty + + Return a list of available search properties + + + + Returns a list of all the properties that are included in the search filter when searching for an account. + The list is created from the list of parameters in Options > Search Properties + + + + Get-PASAccountSearchProperty + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASAccountSearchProperty + + Returns valid search properties and any valid operators which can be used + + + + + + https://pspas.pspete.dev/commands/Get-PASAccountSearchProperty + https://pspas.pspete.dev/commands/Get-PASAccountSearchProperty + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/get-advanced-search-properties.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/get-advanced-search-properties.htm + + + Get-PASAccountSSHKey @@ -13992,7 +15596,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASBYOKConfig Get the BYOK status @@ -14185,6 +15789,441 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn + + + Get-PASDependentAccount + Get + PASDependentAccount + + Returns details of dependent accounts. + + + + Returns details of dependent accounts. + Can return all dependent accounts, specific dependent accounts, or details fo dependent accounts associated with a specific master account + + + + Get-PASDependentAccount + + id + + The account ID of the master account + + String + + String + + + None + + + dependentAccountId + + The unique ID of the dependent account + + String + + String + + + None + + + extendedDetails + + Whether to retrieve Linked Accounts data or not + + Boolean + + Boolean + + + False + + + TimeoutSec + + Timeout in seconds for the request + + Int32 + + Int32 + + + 0 + + + + Get-PASDependentAccount + + id + + The account ID of the master account + + String + + String + + + None + + + search + + A list of keywords to search for in accounts, separated by a space. + + String + + String + + + None + + + modificationTime + + Date after which the dependent account was modified. + + DateTime + + DateTime + + + None + + + platformId + + Unique identifier of the dependent platform. + + String + + String + + + None + + + failed + + Get only failed dependent accounts. + + Boolean + + Boolean + + + False + + + TimeoutSec + + Timeout in seconds for the request + + Int32 + + Int32 + + + 0 + + + + Get-PASDependentAccount + + search + + A list of keywords to search for in accounts, separated by a space. + + String + + String + + + None + + + MasterAccountId + + The parent account ID of the dependent accounts to return. + + String + + String + + + None + + + modificationTime + + Date after which the dependent account was modified. + + DateTime + + DateTime + + + None + + + platformId + + Unique identifier of the dependent platform. + + String + + String + + + None + + + SafeName + + The Safe name of the dependent account. + + String + + String + + + None + + + includeDeleted + + Whether to include deleted accounts in the results or not. + + Boolean + + Boolean + + + False + + + limit + + The maximum number of dependent accounts to return in each page of results + + Int32 + + Int32 + + + 0 + + + TimeoutSec + + Timeout in seconds for the request + + Int32 + + Int32 + + + 0 + + + + + + id + + The account ID of the master account + + String + + String + + + None + + + dependentAccountId + + The unique ID of the dependent account + + String + + String + + + None + + + search + + A list of keywords to search for in accounts, separated by a space. + + String + + String + + + None + + + MasterAccountId + + The parent account ID of the dependent accounts to return. + + String + + String + + + None + + + modificationTime + + Date after which the dependent account was modified. + + DateTime + + DateTime + + + None + + + platformId + + Unique identifier of the dependent platform. + + String + + String + + + None + + + SafeName + + The Safe name of the dependent account. + + String + + String + + + None + + + includeDeleted + + Whether to include deleted accounts in the results or not. + + Boolean + + Boolean + + + False + + + failed + + Get only failed dependent accounts. + + Boolean + + Boolean + + + False + + + extendedDetails + + Whether to retrieve Linked Accounts data or not + + Boolean + + Boolean + + + False + + + limit + + The maximum number of dependent accounts to return in each page of results + + Int32 + + Int32 + + + 0 + + + TimeoutSec + + Timeout in seconds for the request + + Int32 + + Int32 + + + 0 + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASDependentAccount + + Returns all Dependent Accounts + + + + -------------------------- Example 2 -------------------------- + PS C:\> Get-PASDependentAccount -id 12_34 + + Returns all Dependent Accounts of Account with id 12_34 + + + + -------------------------- Example 3 -------------------------- + PS C:\> Get-PASDependentAccount -id 12_34 -dependentAccountId 12_78 + + Returns Dependent Account with id of 12_78 of Account with id 12_34 + + + + + + https://pspas.pspete.dev/commands/Get-PASDependentAccount + https://pspas.pspete.dev/commands/Get-PASDependentAccount + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts.htm + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts-specific.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-all-dependent-accounts-specific.htm + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-dependent-account-details.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-dependent-account-details.htm + + + Get-PASDirectory @@ -14919,14 +16958,14 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASDiscoveredLocalAccount Get all discovered local accounts - -------------------------- Example 2 -------------------------- + -------------------------- EXAMPLE 2 -------------------------- Get-PASDiscoveredLocalAccount -id SomeID Get specific discovered local account @@ -15007,7 +17046,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASDiscoveredLocalAccountActivity -id SomeId Get discovery rule activities for specified discovered account @@ -15320,7 +17359,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASIPAllowList List the current IP Allow List configuration @@ -15391,7 +17430,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASLinkedAccount -id 66_6 Gets linked account details associated with account with ID 66_6 @@ -15458,7 +17497,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASLinkedGroup -id 66_6 Gets linked group details associated with account with ID 66_6 @@ -15517,6 +17556,69 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn + + + Get-PASMasterPolicy + Get + PASMasterPolicy + + Retrieves Master Policy details + + + + Retrieves Master Policy details + + + + Get-PASMasterPolicy + + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASMasterPolicy + + Outputs all Master Policy details + + + + + + https://pspas.pspete.dev/commands/Get-PASMasterPolicy + https://pspas.pspete.dev/commands/Get-PASMasterPolicy + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-policy-by-id.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-policy-by-id.htm + + + Get-PASOnboardingRule @@ -15653,14 +17755,14 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Get-PASOpenIDConnectProvider Returns details of all configured OIDC Providers. - -------------------------- Example 2 -------------------------- + -------------------------- EXAMPLE 2 -------------------------- PS C:\> Get-PASOpenIDConnectProvider -id SomeOIDCProvider Returns details of OIDC Provider with ID SomeOIDCProvider @@ -16411,7 +18513,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> Get-PASPlatformSummary Returns list and count of each current platform system types. @@ -17579,7 +19681,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASPTAExcludedTarget Returns all configured excluded targets @@ -17624,7 +19726,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASPTAGlobalCatalog Returns Global Catalog configuration details from PTA @@ -17669,7 +19771,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASPTAIncludedTarget Returns all configured included targets from PTA configuration @@ -17714,7 +19816,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASPTAPrivilegedGroup Return PrivilegedDomainGroupsList from PTA @@ -17784,7 +19886,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASPTAPrivilegedUser Return PrivilegedUsersList PTA security configuration @@ -18034,7 +20136,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASPTARiskEvent -type RISK_UNCONSTRAINED_DELEGATION -status OPEN Get all open risk events related to unconstrained delegation. @@ -18080,7 +20182,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASPTARiskEventSummary Output PTA risk events summary @@ -18143,6 +20245,76 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn + + + Get-PASPTASecurityConfigurationCategory + Get + PASPTASecurityConfigurationCategory + + Returns PTA security configuration categories + + + + Returns PTA security configuration categories + + + + Get-PASPTASecurityConfigurationCategory + + categoryKey + + The PTA category to return information on + + String + + String + + + None + + + + + + categoryKey + + The PTA category to return information on + + String + + String + + + None + + + + + + + Minimum Version CyberArk 14.2 + + + + + -------------------------- EXAMPLE 1 -------------------------- + Get-PASPTASecurityConfigurationCategory + + Returns all PTA security configuration categories + + + + + + https://pspas.pspete.dev/commands/Get-PASPTASecurityConfigurationCategory + https://pspas.pspete.dev/commands/Get-PASPTASecurityConfigurationCategory + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getsecuritycategories.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getsecuritycategories.htm + + + Get-PASPublicSSHKey @@ -18219,6 +20391,96 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn + + + Get-PASReport + Get + PASReport + + Returns a list of available reports + + + + Returns a list of reports available to the authenticated user + + + + Get-PASReport + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASReport + + Returns a list of all available reports + + + + + + https://pspas.pspete.dev/commands/Get-PASReport + https://pspas.pspete.dev/commands/Get-PASReport + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-reports.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-reports.htm + + + + + + Get-PASReportSchedule + Get + PASReportSchedule + + Returns details of available report schedules + + + + Returns all available report schedules for the user + + + + Get-PASReportSchedule + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASReportSchedule + + Returns all report schedules for the user + + + + + + https://pspas.pspete.dev/commands/Get-PASReportSchedule + https://pspas.pspete.dev/commands/Get-PASReportSchedule + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-tasks.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/get-tasks.htm + + + Get-PASRequest @@ -18561,7 +20823,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn sort - Sorts according to the safeName property in ascending order (default) or descending order. + Sorts output according to the safeName or ManagingCPM properties. Minimum required version 12.0 String @@ -18597,6 +20859,18 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn 0 + + sortDirection + + Sort according to the property specified for the sort parameter in ascending order (default) or descending order. + + String + + String + + + None + Get-PASSafe @@ -18799,7 +21073,7 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn sort - Sorts according to the safeName property in ascending order (default) or descending order. + Sorts output according to the safeName or ManagingCPM properties. Minimum required version 12.0 String @@ -18902,6 +21176,18 @@ PS > $Role | Add-PASSafeMember -SafeName NewSafe -MemberName User23 -SearchIn False + + sortDirection + + Sort according to the property specified for the sort parameter in ascending order (default) or descending order. + + String + + String + + + None + @@ -19794,6 +22080,196 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess + + + Get-PASStoredPlatform + Get + PASStoredPlatform + + Returns the details of the platform imported and stored in memory + + + + Returns the details of the platform stored in memory, and a list of the existing conflicted platforms that can be updated using these platform details. + + + + Get-PASStoredPlatform + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASStoredPlatform + + Output the detail of the platform stored in memory + + + + + + https://pspas.pspete.dev/commands/Get-PASStoredPlatform + https://pspas.pspete.dev/commands/Get-PASStoredPlatform + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getstoredplatformdetails.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/getstoredplatformdetails.htm + + + + + + Get-PASTheme + Get + PASTheme + + Return Custom Theme Details + + + + Returns a list of all available custom themes, a specific theme, or the current active theme. + Requires Membership of the Vault Admin group. + + + + Get-PASTheme + + ThemeName + + The name of the theme to return details of + + String + + String + + + None + + + + Get-PASTheme + + Active + + Specify to return the details of the currently active theme + + + SwitchParameter + + + False + + + + Get-PASTheme + + FindAll + + Specify to return the details of all available themes + + + SwitchParameter + + + False + + + + + + ThemeName + + The name of the theme to return details of + + String + + String + + + None + + + Active + + Specify to return the details of the currently active theme + + SwitchParameter + + SwitchParameter + + + False + + + FindAll + + Specify to return the details of all available themes + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASTheme + + Return all available custom themes + + + + -------------------------- Example 2 -------------------------- + PS C:\> Get-PASTheme -ThemeName SomeTheme + + Return details of the specified theme + + + + -------------------------- Example 3 -------------------------- + PS C:\> Get-PASTheme -Active + + Return details fo the active theme + + + + + + https://pspas.pspete.dev/commands/Get-PASTheme + https://pspas.pspete.dev/commands/Get-PASTheme + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-list.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-list.htm + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-theme.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-theme.htm + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-current.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-ret-current.htm + + + Get-PASUser @@ -20265,6 +22741,60 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess + + + Get-PASUserLicenseReport + Get + PASUserLicenseReport + + Returns information about usage of the Privilege Cloud user licenses defined in your system + + + + Returns information about usage of the Privilege Cloud user licenses + A license is in use in one of the following scenarios: - A user is connected using a license + - A user is added to a Safe using a license + + User license types - Privileged Basic User + - Privileged Standard Lite User + - Privileged Standard User + - Privileged External User + - Credential Providers (CPs/CCPs) + - Total Applications + + + + Get-PASUserLicenseReport + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Get-PASUserLicenseReport + + Returns information about usage of the Privilege Cloud user licenses + + + + + + https://pspas.pspete.dev/commands/Get-PASUserLicenseReport + https://pspas.pspete.dev/commands/Get-PASUserLicenseReport + + + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/content/privilegecloudapis/privcloud-user-licenses-report.htm + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/content/privilegecloudapis/privcloud-user-licenses-report.htm + + + Get-PASUserLoginInfo @@ -20335,7 +22865,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- Get-PASUserTypeInfo Output information about available user types @@ -20519,6 +23049,115 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess False + + Import-PASPlatform + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + Description + + A description value for the platform + + String + + String + + + None + + + PlatformId + + Set a PlatformId for the imported platform + + String + + String + + + None + + + PlatformName + + Set a name for the imported platform + + String + + String + + + None + + + + Import-PASPlatform + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + Force + + Specify to force update of an existing platform, replacing it with the imported platform + + + SwitchParameter + + + False + + + PlatformId + + Set a PlatformId for the imported platform + + String + + String + + + None + + @@ -20557,6 +23196,54 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess False + + Description + + A description value for the platform + + String + + String + + + None + + + Force + + Specify to force update of an existing platform, replacing it with the imported platform + + SwitchParameter + + SwitchParameter + + + False + + + PlatformId + + Set a PlatformId for the imported platform + + String + + String + + + None + + + PlatformName + + Set a name for the imported platform + + String + + String + + + None + @@ -20573,6 +23260,20 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess Imports CustomApp.zip Platform package + + -------------------------- EXAMPLE 2 -------------------------- + Import-PASPlatform -PlatformId CustomAppV2 -PlatformName CustomApp-V2 -Description "Platform for Custom App Version 2" + + Imports Platform side by side with existing Platform + + + + -------------------------- EXAMPLE 3 -------------------------- + Import-PASPlatform -PlatformId CustomApp -Force + + Updates existing Platform with new package + + @@ -20583,6 +23284,155 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ImportPlatform.htm https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/ImportPlatform.htm + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/updateplatformwithstoredplatform.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/updateplatformwithstoredplatform.htm + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/importstoredplatformpatch.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/importstoredplatformpatch.htm + + + + + + Import-PASThemeImage + Import + PASThemeImage + + Adds an image used by a theme + + + + Adds an image used by a theme to the system. + Requires Vault Admin Privileges + + + + Import-PASThemeImage + + Name + + The name of the image + + String + + String + + + None + + + ImageFile + + The image file to add + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + Name + + The name of the image + + String + + String + + + None + + + ImageFile + + The image file to add + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Import-PASThemeImage -Name SomeImage -ImageFile SomeImageFile.png + + Adds SomeImageFile.png to the system for use in a theme + + + + + + https://pspas.pspete.dev/commands/Import-PASThemeImage + https://pspas.pspete.dev/commands/Import-PASThemeImage + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-add-image.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-images-add-image.htm + @@ -21751,6 +24601,103 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess False + + New-PASAccountObject + + name + + The name of the account. + + String + + String + + + None + + + platformID + + The CyberArk platform to assign to the account + + String + + String + + + None + + + platformAccountProperties + + key-value pairs to associate with the account, as defined by the account platform. + These properties are validated against the mandatory and optional properties of the specified platform's definition. + + Hashtable + + Hashtable + + + None + + + automaticManagementEnabled + + Whether CPM Password Management should be enabled + + Boolean + + Boolean + + + False + + + manualManagementReason + + A reason for disabling CPM Password Management + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + DependentAccount + + Specify to format the account object for dependent account operations + + + SwitchParameter + + + False + + @@ -21958,6 +24905,18 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess False + + DependentAccount + + Specify to format the account object for dependent account operations + + SwitchParameter + + SwitchParameter + + + False + @@ -21974,6 +24933,13 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess Returns hashtable structured to be used as input for add account operations + + -------------------------- EXAMPLE 2 -------------------------- + New-PASAccountObject -name SomeName -platformAccountProperties @{"Some"="Prop"} -DependentAccountObject + + Returns hashtable structured to be used as input for dependent account operations + + @@ -22081,7 +25047,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> New-PASAccountPassword -AccountID 12_3 Generates a new password for account with ID 12_3. @@ -22301,6 +25267,19 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess None + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Requires 14.4 + + String[] + + String[] + + + None + @@ -22480,6 +25459,19 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess None + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Requires 14.4 + + String[] + + String[] + + + None + @@ -23438,28 +26430,28 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- PS C:\> New-PASPrivateSSHKey Generates an MFA caching SSH key for you, to be used connecting to targets via PSM for SSH. - -------------------------- Example 2 -------------------------- + -------------------------- EXAMPLE 2 -------------------------- PS C:\> New-PASPrivateSSHKey -formats OpenSSH, PEM, PPK Generates an MFA caching SSH key in OpenSSH, PEM & PPK formats. - -------------------------- Example 3 -------------------------- + -------------------------- EXAMPLE 3 -------------------------- PS C:\> New-PASPrivateSSHKey -UserID 646 Generates an MFA caching SSH key for user with id 646. - -------------------------- Example 4 -------------------------- + -------------------------- EXAMPLE 4 -------------------------- PS C:\> New-PASPrivateSSHKey -keyPassword $cred.Password -UserID 646 Generates an MFA caching SSH key for user with id 646, protected by a passphrase @@ -24202,6 +27194,404 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess + + + New-PASReportSchedule + New + PASReportSchedule + + Creates a new schedule for reports + + + + Creates a new schedule for reports + A `[Subscriber]` Class has been created to assist witho formatting of data for this request, see the example below + + + + New-PASReportSchedule + + version + + Task definition version + + Int32 + + Int32 + + + 0 + + + weekNumber + + Week number for monthly recurrence. + + String + + String + + + None + + + Subscribers + + Create definition for one or more subscribers using the `[Subscriber]` Class. + `[Subscriber]::AddSubscriber()` interactively prompts for required details. + + Subscriber[] + + Subscriber[] + + + None + + + notifyOnFailure + + Notify the task creator if execution fails. + + Boolean + + Boolean + + + False + + + type + + Task type. + + String + + String + + + None + + + subType + + Task subtype. + + String + + String + + + None + + + name + + Task name. + + String + + String + + + None + + + keepTaskDefinition + + Keep task definition after execution. + + Boolean + + Boolean + + + False + + + startTime + + Scheduled start time. + + DateTime + + DateTime + + + None + + + recurrenceType + + Recurrence type. + + String + + String + + + None + + + recurrenceValue + + Frequency multiplier (e.g. every 2 weeks). + + String + + String + + + None + + + daysOfWeek + + Days of the week to trigger the task. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + + + version + + Task definition version + + Int32 + + Int32 + + + 0 + + + type + + Task type. + + String + + String + + + None + + + subType + + Task subtype. + + String + + String + + + None + + + name + + Task name. + + String + + String + + + None + + + keepTaskDefinition + + Keep task definition after execution. + + Boolean + + Boolean + + + False + + + startTime + + Scheduled start time. + + DateTime + + DateTime + + + None + + + recurrenceType + + Recurrence type. + + String + + String + + + None + + + recurrenceValue + + Frequency multiplier (e.g. every 2 weeks). + + String + + String + + + None + + + daysOfWeek + + Days of the week to trigger the task. + + String + + String + + + None + + + weekNumber + + Week number for monthly recurrence. + + String + + String + + + None + + + Subscribers + + Create definition for one or more subscribers using the `[Subscriber]` Class. + `[Subscriber]::AddSubscriber()` interactively prompts for required details. + + Subscriber[] + + Subscriber[] + + + None + + + notifyOnFailure + + Notify the task creator if execution fails. + + Boolean + + Boolean + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> $Subscriber = [Subscriber]::AddSubscriber() +Enter subscriber name: pspete +Enter subscriber type: User +Notify on success? (true/false): true +Add LDAP info? (yes/no): yes +Enter LDAP directory name: PSPETE.DEV +Enter full DN: + + > $Subscriber + +name type notifyOnSuccess ldapInfo +---- ---- --------------- -------- +pspete User True LdapInfo + +PS C:\> New-PASReportSchedule -version 1 -type 'Report' -subType 'CyberArk.Reports.LicenseCapacityReport.LicenseCapacityReportUI' ` +-name 'Some Report' -keepTaskDefinition $true -Subscribers $Subscriber -notifyOnFailure $True$ + + Adds a new report schedule + + + + + + https://pspas.pspete.dev/commands/New-PASReportSchedule + https://pspas.pspete.dev/commands/New-PASReportSchedule + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/create-task.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/create-task.htm + + + New-PASRequest @@ -25871,7 +29261,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess - -------------------------- Example 1 -------------------------- + -------------------------- EXAMPLE 1 -------------------------- New-PASRequest -AccountId 123_4 -TicketingSystemName SomeITSM -TicketID 4321 -FromDate (Get-date) -ToDate $((Get-Date).AddHours(4)) -PSMRemoteMachine SomeServer Returns hashtable structured to be used as input for account access request operations @@ -26174,8 +29564,8 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess IdentityTenantURL Specify the URL value of the CyberArk Identity Portal to authenticate against. - E.G.: - https://<identity-tenant-id>.id.cyberark.cloud - - https://<identity-tenant-id>.my.idaptive.app + E.G.: - https://identity-tenant-id.id.cyberark.cloud + - https://identity-tenant-id.my.idaptive.app String @@ -26188,7 +29578,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess PrivilegeCloudURL Specify the URL value used to access the CyberArk Privilege Cloud API. - E.G.: - https://<subdomain>.privilegecloud.cyberark.cloud + E.G.: - https://subdomain.privilegecloud.cyberark.cloud String @@ -26444,8 +29834,8 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess IdentityTenantURL Specify the URL value of the CyberArk Identity Portal to authenticate against. - E.G.: - https://<identity-tenant-id>.id.cyberark.cloud - - https://<identity-tenant-id>.my.idaptive.app + E.G.: - https://identity-tenant-id.id.cyberark.cloud + - https://identity-tenant-id.my.idaptive.app String @@ -26458,7 +29848,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess PrivilegeCloudURL Specify the URL value used to access the CyberArk Privilege Cloud API. - E.G.: - https://<subdomain>.privilegecloud.cyberark.cloud + E.G.: - https://subdomain.privilegecloud.cyberark.cloud String @@ -28011,8 +31401,8 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess IdentityTenantURL Specify the URL value of the CyberArk Identity Portal to authenticate against. - E.G.: - https://<identity-tenant-id>.id.cyberark.cloud - - https://<identity-tenant-id>.my.idaptive.app + E.G.: - https://identity-tenant-id.id.cyberark.cloud + - https://identity-tenant-id.my.idaptive.app String @@ -28025,7 +31415,7 @@ Invoke-RestMethod -Method GET -Uri "$session.BaseURI/SomePath" -WebSession $sess PrivilegeCloudURL Specify the URL value used to access the CyberArk Privilege Cloud API. - E.G.: - https://<subdomain>.privilegecloud.cyberark.cloud + E.G.: - https://subdomain.privilegecloud.cyberark.cloud String @@ -28294,7 +31684,7 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert - -------------------------- Example 28 -------------------------- + -------------------------- EXAMPLE 28 -------------------------- New-PASSession -IdentityTenantURL https://SomeTenantName.id.cyberark.cloud -PrivilegeCloudURL 'https://XYZ789.privilegecloud.cyberark.cloud' -Credential $Cred -IdentityUser Authenticates to Identity Shared Services using an Identity User and provides authenticated session to associated Privileged Cloud environment. @@ -28303,7 +31693,7 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert - -------------------------- Example 29 -------------------------- + -------------------------- EXAMPLE 29 -------------------------- New-PASSession -TenantSubdomain YourTenantName -Credential $Cred -IdentityUser Authenticates to Identity Shared Services using an Identity User and provides authenticated session to associated Privileged Cloud environment. @@ -28313,7 +31703,7 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert - -------------------------- Example 30 -------------------------- + -------------------------- EXAMPLE 30 -------------------------- New-PASSession -IdentityTenantURL https://SomeTenantName.id.cyberark.cloud -Credential $Cred -PrivilegeCloudURL https://SomeName.privilegecloud.cyberark.cloud -IdentityUser Authenticates to Identity Shared Services using an Identity User and provides authenticated session to specified Privileged Cloud environment. @@ -28355,24 +31745,24 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert - New-PASUser + New-PASTheme New - PASUser + PASTheme - Creates a new vault user + Creates a custom theme - Adds a new user to the vault - Default operation using the Gen2 API requires minimum version of 10.9 + Creates a new custom theme. + Requires membership of Vault Admins group - New-PASUser - - UserName + New-PASTheme + + name - The name of the user to create in the vault + Theme name String @@ -28381,24 +31771,22 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - InitialPassword + + textMain_Dark - The password to set on the account, as a Secure String - Must meet the password complexity requirements + Dark mode main text color - SecureString + String - SecureString + String None - - userType + + disableMain_Dark - The user type - Minimum required version 10.9 + Dark mode main disable color String @@ -28407,67 +31795,106 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - unAuthorizedInterfaces + + disableTextPrimary_Dark - The CyberArk interfaces that this user is not authorized to use. - Minimum required version 10.9 + Dark mode primary disable text color - String[] + String - String[] + String None - - enableUser + + disableBackgroundPrimary_Dark - Whether the user will be enabled upon creation. - Minimum required version 10.9 + Dark mode primary disable background color - Boolean + String - Boolean + String - False + None - - authenticationMethod + + successPrimary_Dark - The authentication method that the user will use to log on. - Valid Values: - "AuthTypePass", for CyberArk Authentication (default) - - "AuthTypeLDAP", for LDAP authentication - - "AuthTypeRADIUS", for RADIUS authentication - - Minimum required version 10.9 + Dark mode primary success color - String[] + String - String[] + String None - - ChangePassOnNextLogon + + successSecondary_Dark - Whether or not user will be forced to change password on first logon - Minimum required version 10.9 + Dark mode secondary success color - Boolean + String - Boolean + String - False + None - - passwordNeverExpires + + warningPrimary_Dark - Whether or not the user's password will expire - Minimum required version 10.9 + Dark mode primary warning color + + String + + String + + + None + + + warningSecondary_Dark + + Dark mode secondary warning color + + String + + String + + + None + + + infoPrimary_Dark + + Dark mode primary info color + + String + + String + + + None + + + infoSecondary_Dark + + Dark mode secondary info color + + String + + String + + + None + + + isDraft + + Whether the theme is marked as draft Boolean @@ -28476,11 +31903,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert False - - distinguishedName + + errorPrimary_Dark - The distinguished name of the user. - Minimum required version 10.9 + Dark mode primary error color String @@ -28489,49 +31915,34 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - vaultAuthorization + + errorSecondary_Dark - The user permissions in the vault. - To grant authorization to a user, the same authorization must be held by the account logged on to the API. - Valid values: - AddSafes - - AuditUsers - - AddUpdateUsers - - ResetUsersPasswords - - ActivateUsers - - AddNetworkAreas - - ManageDirectoryMapping - - ManageServerFileCategories - - BackupAllSafes - - RestoreAllSafes - - Minimum required version 10.9 + Dark mode secondary error color - String[] + String - String[] + String None - - ExpiryDate + + backgroundMain_Bright - Expiry Date to set on account. - Default is Never + Light mode main background color - DateTime + String - DateTime + String None - - Location + + borderMain_Bright - The Vault Location where the user will be created - Default location is "Root" + Light mode main border color String @@ -28540,11 +31951,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workStreet + + textMain_Bright - Business Address detail for the user - Minimum required version 10.9 + Light mode main text color String @@ -28553,11 +31963,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workCity + + disableMain_Bright - Business Address detail for the user - Minimum required version 10.9 + Light mode main disable color String @@ -28566,11 +31975,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workState + + disableTextPrimary_Bright - Business Address detail for the user - Minimum required version 10.9 + Light mode primary disable text color String @@ -28579,11 +31987,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workZip + + disableBackgroundPrimary_Bright - Business Address detail for the user - Minimum required version 10.9 + Light mode primary disable background color String @@ -28592,11 +31999,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workCountry + + successPrimary_Bright - Business Address detail for the user - Minimum required version 10.9 + Light mode primary success color String @@ -28605,11 +32011,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - homePage + + successSecondary_Bright - The user's email address - Minimum required version 10.9 + Light mode secondary success color String @@ -28618,11 +32023,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - homeEmail + + mainBackgroundImage - The user's email address - Minimum required version 10.9 + the main background image String @@ -28631,11 +32035,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - businessEmail + + warningPrimary_Bright - The user's email address - Minimum required version 10.9 + Light mode primary warning color String @@ -28644,11 +32047,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - otherEmail + + warningSecondary_Bright - The user's email address - Minimum required version 10.9 + Light mode secondary warning color String @@ -28657,11 +32059,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - homeNumber + + infoPrimary_Bright - The user's phone number - Minimum required version 10.9 + Light mode primary info color String @@ -28670,11 +32071,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - businessNumber + + infoSecondary_Bright - The user's phone number - Minimum required version 10.9 + Light mode secondary info color String @@ -28683,11 +32083,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - cellularNumber + + errorPrimary_Bright - The user's phone number - Minimum required version 10.9 + Light mode primary error color String @@ -28696,11 +32095,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - faxNumber + + errorSecondary_Bright - The user's phone number - Minimum required version 10.9 + Light mode secondary error color String @@ -28709,11 +32107,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - pagerNumber + + mainColor - The user's phone number - Minimum required version 10.9 + The primary color of the theme String @@ -28722,11 +32119,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - description + + selectedMain - Description Text - Minimum required version 10.9 + The color used for elements in their selected state String @@ -28735,10 +32131,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - FirstName + + hoverMain - The user's first name + The color used for elements in their hover state String @@ -28747,11 +32143,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - MiddleName + + defaultButtonTextPrimary - The User's Middle Name - Minimum required version 10.9 + The default text color used on buttons String @@ -28760,10 +32155,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - LastName + + mainLogoDark - The user's last name + the main logo in darker colors String @@ -28772,11 +32167,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - street + + menuLogoBackground - Address detail for the user - Minimum required version 10.9 + The background color of the menu logo String @@ -28785,11 +32179,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - city + + menuBackground - Address detail for the user - Minimum required version 10.9 + The background color of the menu String @@ -28798,11 +32191,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - state + + menuHoverBackground - Address detail for the user - Minimum required version 10.9 + The background color of the menu items on hover String @@ -28811,11 +32203,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - zip + + menuActiveBackgroundPrimary - Address detail for the user - Minimum required version 10.9 + The primary background color of the menu items when active String @@ -28824,11 +32215,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - country + + menuActiveBackgroundSecondary - Address detail for the user - Minimum required version 10.9 + The secondary background color of the menu items when active String @@ -28837,11 +32227,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - title + + menuText - Personal detail for the user - Minimum required version 10.9 + The text color of the menu items String @@ -28850,11 +32239,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - organization + + menuTextActive - Personal detail for the user - Minimum required version 10.9 + The text color of the menu items when active String @@ -28863,11 +32251,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - department + + menuIcon - Personal detail for the user - Minimum required version 10.9 + The color of the menu icons String @@ -28876,11 +32263,94 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - profession + + backgroundMain - Personal detail for the user - Minimum required version 10.9 + The main background color + + String + + String + + + None + + + borderMain + + The main border color + + String + + String + + + None + + + advancedSmallLogo + + the advanced small logo + + String + + String + + + None + + + textMain + + The main text color + + String + + String + + + None + + + advancedSymbolLogo + + the advanced symbol logo + + String + + String + + + None + + + colorsStyle + + Type of the theme (dark or bright) + + String + + String + + + None + + + backgroundMain_Dark + + Dark mode main background color + + String + + String + + + None + + + borderMain_Dark + + Dark mode main border color String @@ -28911,218 +32381,13 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert False - - loginFromHour - - The start of the timeframe the user account is permitted to authenticate. - Provide an hour of the day in 24-hour format (0-23) - Minimum required version 13.2 - - Int32 - - Int32 - - - None - - - loginToHour - - The end of the timeframe the user account is permitted to authenticate. - Provide an hour of the day in 24-hour format (0-23) - Minimum required version 13.2 - - Int32 - - Int32 - - - None - - - userActivityLogRetentionDays - - The number of days that a user's account activity records are stored before being deleted. These activity records includes logon, logoff, and user management. - If this parameter is set to zero, user activities in the Vault will not be written in the audit log. - Default value: 90 days - Minimum required version 13.2 - - Int32 - - Int32 - - - None - - - - New-PASUser - - UserName - - The name of the user to create in the vault - - String - - String - - - None - - - InitialPassword - - The password to set on the account, as a Secure String - Must meet the password complexity requirements - - SecureString - - SecureString - - - None - - - Email - - The user's email address - - String - - String - - - None - - - ChangePasswordOnTheNextLogon - - Whether or not user will be forced to change password on first logon - - Boolean - - Boolean - - - False - - - ExpiryDate - - Expiry Date to set on account. - Default is Never - - DateTime - - DateTime - - - None - - - UserTypeName - - The Type of User to create. - EPVUser type will be created by default. - - String - - String - - - None - - - Disabled - - Whether or not the user will be created as a disabled user - Default is Enabled - - Boolean - - Boolean - - - False - - - Location - - The Vault Location where the user will be created - Default location is "Root" - - String - - String - - - None - - - FirstName - - The user's first name - - String - - String - - - None - - - LastName - - The user's last name - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - UseGen1API - - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 10.9 - - - SwitchParameter - - - False - - - UserName + + name - The name of the user to create in the vault + Theme name String @@ -29131,24 +32396,34 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - InitialPassword + + isDraft - The password to set on the account, as a Secure String - Must meet the password complexity requirements + Whether the theme is marked as draft - SecureString + Boolean - SecureString + Boolean + + + False + + + mainBackgroundImage + + the main background image + + String + + String None - - userType + + mainLogoDark - The user type - Minimum required version 10.9 + the main logo in darker colors String @@ -29157,53 +32432,46 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - unAuthorizedInterfaces + + advancedSmallLogo - The CyberArk interfaces that this user is not authorized to use. - Minimum required version 10.9 + the advanced small logo - String[] + String - String[] + String None - - enableUser + + advancedSymbolLogo - Whether the user will be enabled upon creation. - Minimum required version 10.9 + the advanced symbol logo - Boolean + String - Boolean + String - False + None - - authenticationMethod + + colorsStyle - The authentication method that the user will use to log on. - Valid Values: - "AuthTypePass", for CyberArk Authentication (default) - - "AuthTypeLDAP", for LDAP authentication - - "AuthTypeRADIUS", for RADIUS authentication - - Minimum required version 10.9 + Type of the theme (dark or bright) - String[] + String - String[] + String None - - Email + + backgroundMain_Dark - The user's email address + Dark mode main background color String @@ -29212,49 +32480,46 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - ChangePassOnNextLogon + + borderMain_Dark - Whether or not user will be forced to change password on first logon - Minimum required version 10.9 + Dark mode main border color - Boolean + String - Boolean + String - False + None - - ChangePasswordOnTheNextLogon + + textMain_Dark - Whether or not user will be forced to change password on first logon + Dark mode main text color - Boolean + String - Boolean + String - False + None - - passwordNeverExpires + + disableMain_Dark - Whether or not the user's password will expire - Minimum required version 10.9 + Dark mode main disable color - Boolean + String - Boolean + String - False + None - - distinguishedName + + disableTextPrimary_Dark - The distinguished name of the user. - Minimum required version 10.9 + Dark mode primary disable text color String @@ -29263,49 +32528,34 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - vaultAuthorization + + disableBackgroundPrimary_Dark - The user permissions in the vault. - To grant authorization to a user, the same authorization must be held by the account logged on to the API. - Valid values: - AddSafes - - AuditUsers - - AddUpdateUsers - - ResetUsersPasswords - - ActivateUsers - - AddNetworkAreas - - ManageDirectoryMapping - - ManageServerFileCategories - - BackupAllSafes - - RestoreAllSafes - - Minimum required version 10.9 + Dark mode primary disable background color - String[] + String - String[] + String None - - ExpiryDate + + successPrimary_Dark - Expiry Date to set on account. - Default is Never + Dark mode primary success color - DateTime + String - DateTime + String None - - UserTypeName + + successSecondary_Dark - The Type of User to create. - EPVUser type will be created by default. + Dark mode secondary success color String @@ -29314,24 +32564,22 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - Disabled + + warningPrimary_Dark - Whether or not the user will be created as a disabled user - Default is Enabled + Dark mode primary warning color - Boolean + String - Boolean + String - False + None - - Location + + warningSecondary_Dark - The Vault Location where the user will be created - Default location is "Root" + Dark mode secondary warning color String @@ -29340,11 +32588,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workStreet + + infoPrimary_Dark - Business Address detail for the user - Minimum required version 10.9 + Dark mode primary info color String @@ -29353,11 +32600,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workCity + + infoSecondary_Dark - Business Address detail for the user - Minimum required version 10.9 + Dark mode secondary info color String @@ -29366,11 +32612,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workState + + errorPrimary_Dark - Business Address detail for the user - Minimum required version 10.9 + Dark mode primary error color String @@ -29379,11 +32624,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workZip + + errorSecondary_Dark - Business Address detail for the user - Minimum required version 10.9 + Dark mode secondary error color String @@ -29392,11 +32636,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - workCountry + + backgroundMain_Bright - Business Address detail for the user - Minimum required version 10.9 + Light mode main background color String @@ -29405,11 +32648,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - homePage + + borderMain_Bright - The user's email address - Minimum required version 10.9 + Light mode main border color String @@ -29418,11 +32660,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - homeEmail + + textMain_Bright - The user's email address - Minimum required version 10.9 + Light mode main text color String @@ -29431,11 +32672,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - businessEmail + + disableMain_Bright - The user's email address - Minimum required version 10.9 + Light mode main disable color String @@ -29444,11 +32684,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - otherEmail + + disableTextPrimary_Bright - The user's email address - Minimum required version 10.9 + Light mode primary disable text color String @@ -29457,11 +32696,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - homeNumber + + disableBackgroundPrimary_Bright - The user's phone number - Minimum required version 10.9 + Light mode primary disable background color String @@ -29470,11 +32708,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - businessNumber + + successPrimary_Bright - The user's phone number - Minimum required version 10.9 + Light mode primary success color String @@ -29483,11 +32720,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - cellularNumber + + successSecondary_Bright - The user's phone number - Minimum required version 10.9 + Light mode secondary success color String @@ -29496,11 +32732,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - faxNumber + + warningPrimary_Bright - The user's phone number - Minimum required version 10.9 + Light mode primary warning color String @@ -29509,11 +32744,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - pagerNumber + + warningSecondary_Bright - The user's phone number - Minimum required version 10.9 + Light mode secondary warning color String @@ -29522,11 +32756,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - description + + infoPrimary_Bright - Description Text - Minimum required version 10.9 + Light mode primary info color String @@ -29535,10 +32768,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - FirstName + + infoSecondary_Bright - The user's first name + Light mode secondary info color String @@ -29547,11 +32780,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - MiddleName + + errorPrimary_Bright - The User's Middle Name - Minimum required version 10.9 + Light mode primary error color String @@ -29560,10 +32792,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - LastName + + errorSecondary_Bright - The user's last name + Light mode secondary error color String @@ -29572,11 +32804,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - street + + mainColor - Address detail for the user - Minimum required version 10.9 + The primary color of the theme String @@ -29585,11 +32816,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - city + + selectedMain - Address detail for the user - Minimum required version 10.9 + The color used for elements in their selected state String @@ -29598,11 +32828,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - state + + hoverMain - Address detail for the user - Minimum required version 10.9 + The color used for elements in their hover state String @@ -29611,11 +32840,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - zip + + defaultButtonTextPrimary - Address detail for the user - Minimum required version 10.9 + The default text color used on buttons String @@ -29624,11 +32852,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - country + + menuLogoBackground - Address detail for the user - Minimum required version 10.9 + The background color of the menu logo String @@ -29637,11 +32864,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - title + + menuBackground - Personal detail for the user - Minimum required version 10.9 + The background color of the menu String @@ -29650,11 +32876,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - organization + + menuHoverBackground - Personal detail for the user - Minimum required version 10.9 + The background color of the menu items on hover String @@ -29663,11 +32888,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - department + + menuActiveBackgroundPrimary - Personal detail for the user - Minimum required version 10.9 + The primary background color of the menu items when active String @@ -29676,11 +32900,10 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - profession + + menuActiveBackgroundSecondary - Personal detail for the user - Minimum required version 10.9 + The secondary background color of the menu items when active String @@ -29689,89 +32912,105 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - WhatIf + + menuText - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The text color of the menu items - SwitchParameter + String - SwitchParameter + String - False + None - - Confirm + + menuTextActive - Prompts you for confirmation before running the cmdlet. + The text color of the menu items when active - SwitchParameter + String - SwitchParameter + String - False + None - - UseGen1API + + menuIcon - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 10.9 + The color of the menu icons - SwitchParameter + String - SwitchParameter + String - False + None - - loginFromHour + + backgroundMain - The start of the timeframe the user account is permitted to authenticate. - Provide an hour of the day in 24-hour format (0-23) - Minimum required version 13.2 + The main background color - Int32 + String - Int32 + String None - - loginToHour + + borderMain - The end of the timeframe the user account is permitted to authenticate. - Provide an hour of the day in 24-hour format (0-23) - Minimum required version 13.2 + The main border color - Int32 + String - Int32 + String None - - userActivityLogRetentionDays + + textMain - The number of days that a user's account activity records are stored before being deleted. These activity records includes logon, logoff, and user management. - If this parameter is set to zero, user activities in the Vault will not be written in the audit log. - Default value: 90 days - Minimum required version 13.2 + The main text color - Int32 + String - Int32 + String None - - - + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + @@ -29779,59 +33018,88 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert - -------------------------- EXAMPLE 1 -------------------------- - New-PASUser -UserName NewUser -InitialPassword $securePWD -UseGen1API - - Creates a Vault user named NewUser, with password set to securestring value from $securePWD, using the Gen1 API - - - - -------------------------- EXAMPLE 2 -------------------------- - New-PASUser -UserName NewUser -InitialPassword $securePWD - - Creates a Vault user named NewUser, with password set to securestring value from $securePWD - Minimum required version 10.9 - - - - -------------------------- EXAMPLE 3 -------------------------- - New-PASUser -UserName NewUser -InitialPassword $securePWD -unAuthorizedInterfaces "PACLI" -vaultAuthorization ManageDirectoryMapping - - Creates a Vault user as per the provided parameter values - Minimum required version 10.9 + -------------------------- Example 1 -------------------------- + PS C:\> New-PASTheme -name "Barbie Pink" -isDraft $false ` + -colorsStyle "Bright" ` + -backgroundMain_Dark "#2A002E" ` + -borderMain_Dark "#FF1493" ` + -textMain_Dark "#FFC0CB" ` + -disableMain_Dark "#4B004F" ` + -disableTextPrimary_Dark "#A0527D" ` + -disableBackgroundPrimary_Dark "#3B003F" ` + -successPrimary_Dark "#FF69B4" ` + -successSecondary_Dark "#FF1493" ` + -warningPrimary_Dark "#FF85A2" ` + -warningSecondary_Dark "#5A003F" ` + -infoPrimary_Dark "#DA70D6" ` + -infoSecondary_Dark "#BA55D3" ` + -errorPrimary_Dark "#FF3366" ` + -errorSecondary_Dark "#8B008B" ` + -backgroundMain_Bright "#FFF0F5" ` + -borderMain_Bright "#FFB6C1" ` + -textMain_Bright "#C71585" ` + -disableMain_Bright "#F8D8E2" ` + -disableTextPrimary_Bright "#D87093" ` + -disableBackgroundPrimary_Bright "#FFE4E1" ` + -successPrimary_Bright "#FF69B4" ` + -successSecondary_Bright "#FFB6C1" ` + -warningPrimary_Bright "#FF85A2" ` + -warningSecondary_Bright "#FFDDEE" ` + -infoPrimary_Bright "#DA70D6" ` + -infoSecondary_Bright "#E6A8D7" ` + -errorPrimary_Bright "#C71585" ` + -errorSecondary_Bright "#FF99AA" ` + -mainColor "#FF69B4" ` + -selectedMain "#FF1493" ` + -hoverMain "#FFC0CB" ` + -defaultButtonTextPrimary "#FFFFFF" ` + -menuLogoBackground "#FF69B4" ` + -menuBackground "#FFF0F5" ` + -menuHoverBackground "#FFDDEE" ` + -menuActiveBackgroundPrimary "#FF1493" ` + -menuActiveBackgroundSecondary "#FFB6C1" ` + -menuText "#C71585" ` + -menuTextActive "#FFFFFF" ` + -menuIcon "#FF69B4" ` + -backgroundMain "#FFF5FA" ` + -borderMain "#FFB6C1" ` + -textMain "#C71585" + + Creates a new "Barbie Pink" custom theme. - https://pspas.pspete.dev/commands/New-PASUser - https://pspas.pspete.dev/commands/New-PASUser + https://pspas.pspete.dev/commands/New-PASTheme + https://pspas.pspete.dev/commands/New-PASTheme - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/API-AddUser-v10.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/API-AddUser-v10.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-create.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-create.htm - Publish-PASDiscoveredAccount - Publish - PASDiscoveredAccount + New-PASUser + New + PASUser - Onboard a discovered account + Creates a new vault user - Onboard a discovered account to a target platform into a target safe. Optionally set the account to be reconciled, and/or with a default password. + Adds a new user to the vault + Default operation using the Gen2 API requires minimum version of 10.9 - Publish-PASDiscoveredAccount - - id + New-PASUser + + UserName - Discovered account ID + The name of the user to create in the vault String @@ -29840,22 +33108,24 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - PlatformID + + InitialPassword - Target platform ID + The password to set on the account, as a Secure String + Must meet the password complexity requirements - String + SecureString - String + SecureString None - - safeName + + userType - Target safe name + The user type + Minimum required version 10.9 String @@ -29864,10 +33134,24 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert None - - shouldReconcileAccount + + unAuthorizedInterfaces - Specify if the account should be reconciled + The CyberArk interfaces that this user is not authorized to use. + Minimum required version 10.9 + + String[] + + String[] + + + None + + + enableUser + + Whether the user will be enabled upon creation. + Minimum required version 10.9 Boolean @@ -29876,178 +33160,54 @@ New-PASSession -BaseURI $url -type PKIPN -Certificate $Cert False - - defaultPassword + + authenticationMethod - The default password value + The authentication method that the user will use to log on. + Valid Values: - "AuthTypePass", for CyberArk Authentication (default) + - "AuthTypeLDAP", for LDAP authentication + - "AuthTypeRADIUS", for RADIUS authentication + + Minimum required version 10.9 - SecureString + String[] - SecureString + String[] None - - WhatIf + + ChangePassOnNextLogon - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Whether or not user will be forced to change password on first logon + Minimum required version 10.9 + Boolean - SwitchParameter + Boolean False - - Confirm + + passwordNeverExpires - Prompts you for confirmation before running the cmdlet. + Whether or not the user's password will expire + Minimum required version 10.9 + Boolean - SwitchParameter + Boolean False - - - - - id - - Discovered account ID - - String - - String - - - None - - - PlatformID - - Target platform ID - - String - - String - - - None - - - safeName - - Target safe name - - String - - String - - - None - - - shouldReconcileAccount - - Specify if the account should be reconciled - - Boolean - - Boolean - - - False - - - defaultPassword - - The default password value - - SecureString - - SecureString - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - $password = Read-Host -AsSecureString -Prompt "defaultPassword value" -Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe -defaultPassword $password - - Onboard discovered account with id 66_6 to `SomeSafe` with the provided default password - - - - - - https://pspas.pspete.dev/commands/Publish-PASDiscoveredAccount - https://pspas.pspete.dev/commands/Publish-PASDiscoveredAccount - - - - - - Publish-PASDiscoveredLocalAccount - Publish - PASDiscoveredLocalAccount - - Onboard a discovered local account - - - - Onboards accounts from the list of discovered accounts for local endpoints. The account is moved from the list of discovered accounts to the system's active accounts. - Applies to the accounts that are discovered by the EPM scanning of endpoints, including loosely connected devices: - Windows loosely connected devices - - Mac loosely connected devices - - Linux loosely connected devices - - Requires one of the following roles: - Privilege Cloud Administrator - - Privilege Cloud Administrator Basic - - Privilege Cloud Administrator Lite - - - - Publish-PASDiscoveredLocalAccount - - id + + distinguishedName - The unique identifier of the discovered account. + The distinguished name of the user. + Minimum required version 10.9 String @@ -30056,10 +33216,49 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - safeName + + vaultAuthorization - The safe to apply to the account + The user permissions in the vault. + To grant authorization to a user, the same authorization must be held by the account logged on to the API. + Valid values: - AddSafes + - AuditUsers + - AddUpdateUsers + - ResetUsersPasswords + - ActivateUsers + - AddNetworkAreas + - ManageDirectoryMapping + - ManageServerFileCategories + - BackupAllSafes + - RestoreAllSafes + + Minimum required version 10.9 + + String[] + + String[] + + + None + + + ExpiryDate + + Expiry Date to set on account. + Default is Never + + DateTime + + DateTime + + + None + + + Location + + The Vault Location where the user will be created + Default location is "Root" String @@ -30068,10 +33267,11 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - platformID + + workStreet - The platform to apply to the account. + Business Address detail for the user + Minimum required version 10.9 String @@ -30080,212 +33280,76 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - additionalProperties + + workCity - Additional properties that will be applied to the account and are not taken from the identifiers or customProperties of the discovered account. + Business Address detail for the user + Minimum required version 10.9 - Hashtable + String - Hashtable + String None - - secret + + workState - The account's initial secret value. + Business Address detail for the user + Minimum required version 10.9 - SecureString + String - SecureString + String None - - resetSecret + + workZip - Whether the account should be immediately rotated (reconcile or change depending on the type). + Business Address detail for the user + Minimum required version 10.9 - Boolean + String - Boolean + String - False + None - - WhatIf + + workCountry - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Business Address detail for the user + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - Confirm + + homePage - Prompts you for confirmation before running the cmdlet. + The user's email address + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - - - - id - - The unique identifier of the discovered account. - - String - - String - - - None - - - safeName - - The safe to apply to the account - - String - - String - - - None - - - platformID - - The platform to apply to the account. - - String - - String - - - None - - - additionalProperties - - Additional properties that will be applied to the account and are not taken from the identifiers or customProperties of the discovered account. - - Hashtable - - Hashtable - - - None - - - secret - - The account's initial secret value. - - SecureString - - SecureString - - - None - - - resetSecret - - Whether the account should be immediately rotated (reconcile or change depending on the type). - - Boolean - - Boolean - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - Publish-PASDiscoveredLocalAccount -id SomeID -safeName SomeSafe -platformID SomePlatform - - Onboards the specified discovered local account. - - - - - - https://pspas.pspete.dev/commands/Publish-PASDiscoveredLocalAccount - https://pspas.pspete.dev/commands/Publish-PASDiscoveredLocalAccount - - - https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Onboard.htm - https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Onboard.htm - - - - - - Remove-PASAccount - Remove - PASAccount - - Deletes an account - - - - Deletes a specific account in the Vault. - The user who runs this web service requires the "Delete Accounts" permission. - - - - Remove-PASAccount - - AccountID + + homeEmail - The unique ID of the account to delete. - This is retrieved by the Get-PASAccount function. + The user's email address + Minimum required version 10.9 String @@ -30294,141 +33358,50 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + businessEmail - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The user's email address + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - Confirm + + otherEmail - Prompts you for confirmation before running the cmdlet. + The user's email address + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - UseGen1API + + homeNumber - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 10.4 + The user's phone number + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - - - - AccountID - - The unique ID of the account to delete. - This is retrieved by the Get-PASAccount function. - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - UseGen1API - - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 10.4 - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASAccount -AccountID 19_1 - - Deletes the account with AccountID of 19_1 - - - - - - https://pspas.pspete.dev/commands/Remove-PASAccount - https://pspas.pspete.dev/commands/Remove-PASAccount - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account.htm - - - - - - Remove-PASAccountACL - Remove - PASAccountACL - - Deletes privileged commands rule from an account - - - - Deletes privileged commands rule associated with account - Not supported in Privilege Cloud - - - - Remove-PASAccountACL - - AccountPolicyId + + businessNumber - ID of account from which the commands will be deleted + The user's phone number + Minimum required version 10.9 String @@ -30437,10 +33410,11 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - AccountAddress + + cellularNumber - The address of the account for which the privileged command will be deleted. + The user's phone number + Minimum required version 10.9 String @@ -30449,10 +33423,11 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - AccountUserName + + faxNumber - The name of the account's user. + The user's phone number + Minimum required version 10.9 String @@ -30461,10 +33436,11 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - Id + + pagerNumber - The ID of the command that will be deleted + The user's phone number + Minimum required version 10.9 String @@ -30473,159 +33449,36 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + description - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Description Text + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - Confirm + + FirstName - Prompts you for confirmation before running the cmdlet. + The user's first name + String - SwitchParameter + String - False + None - - - - - AccountPolicyId - - ID of account from which the commands will be deleted - - String - - String - - - None - - - AccountAddress - - The address of the account for which the privileged command will be deleted. - - String - - String - - - None - - - AccountUserName - - The name of the account's user. - - String - - String - - - None - - - Id - - The ID of the command that will be deleted - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASAccountACL -AccountPolicyId UNIXSSH -AccountAddress machine -AccountUserName root -Id 12 - - Removes matching Privileged Account Rule from the account root - - - - -------------------------- EXAMPLE 2 -------------------------- - Get-PASAccount root | Get-PASAccountACL | Where-Object{$_.Command -eq "ifconfig"} | Remove-PASAccountACL - - Removes matching Privileged Account Rule from account. - - - - - - https://pspas.pspete.dev/commands/Remove-PASAccountACL - https://pspas.pspete.dev/commands/Remove-PASAccountACL - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account%20ACL.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account%20ACL.htm - - - - - - Remove-PASAccountGroupMember - Remove - PASAccountGroupMember - - Deletes a member of an account group. - - - - Removes an account member from an account group. - This account can be either a password account or an SSH Key account. - The following permissions are required on the safe: - Add Accounts - Update Account Content - Update Account Properties -Create Folders - - - - Remove-PASAccountGroupMember - - AccountID + + MiddleName - The unique ID of the account group. + The User's Middle Name + Minimum required version 10.9 String @@ -30634,10 +33487,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - GroupID + + LastName - The unique ID of the account group. + The user's last name String @@ -30646,127 +33499,37 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + street - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Address detail for the user + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - Confirm + + city - Prompts you for confirmation before running the cmdlet. + Address detail for the user + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - - - - AccountID - - The unique ID of the account group. - - String - - String - - - None - - - GroupID - - The unique ID of the account group. - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - Minimum CyberArk version 9.10 - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASAccountGroupMember -AccountID 21_7 -GroupID 21_9 - - Removes member with ID of 21_& from account group with ID of 21_9 - - - - - - https://pspas.pspete.dev/commands/Remove-PASAccountGroupMember - https://pspas.pspete.dev/commands/Remove-PASAccountGroupMember - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMemberFromAccountGroup.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMemberFromAccountGroup.htm - - - - - - Remove-PASApplication - Remove - PASApplication - - Deletes an application - - - - Deletes a specific application. - "Manage Users" permission is required to be held. - - - - Remove-PASApplication - - AppID + + state - The name of the application to delete. + Address detail for the user + Minimum required version 10.9 String @@ -30775,115 +33538,37 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + zip - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Address detail for the user + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - Confirm + + country - Prompts you for confirmation before running the cmdlet. + Address detail for the user + Minimum required version 10.9 + String - SwitchParameter + String - False + None - - - - - AppID - - The name of the application to delete. - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASApplication -AppID NewApp - - Deletes application "NewApp" - - - - - - https://pspas.pspete.dev/commands/Remove-PASApplication - https://pspas.pspete.dev/commands/Remove-PASApplication - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Application.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Application.htm - - - - - - Remove-PASApplicationAuthenticationMethod - Remove - PASApplicationAuthenticationMethod - - Deletes an authentication method from an application - - - - Deletes a specific authentication method from a defined application. - "Manage Users" permission is required. - - - - Remove-PASApplicationAuthenticationMethod - - AppID + + title - The ID of the application in which the authentication will be deleted. + Personal detail for the user + Minimum required version 10.9 String @@ -30892,10 +33577,37 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - AuthID + + organization - The unique ID of the specific authentication. + Personal detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + department + + Personal detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + profession + + Personal detail for the user + Minimum required version 10.9 String @@ -30926,111 +33638,69 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False + + loginFromHour + + The start of the timeframe the user account is permitted to authenticate. + Provide an hour of the day in 24-hour format (0-23) + Minimum required version 13.2 + + Int32 + + Int32 + + + None + + + loginToHour + + The end of the timeframe the user account is permitted to authenticate. + Provide an hour of the day in 24-hour format (0-23) + Minimum required version 13.2 + + Int32 + + Int32 + + + None + + + userActivityLogRetentionDays + + The number of days that a user's account activity records are stored before being deleted. These activity records includes logon, logoff, and user management. + If this parameter is set to zero, user activities in the Vault will not be written in the audit log. + Default value: 90 days + Minimum required version 13.2 + + Int32 + + Int32 + + + None + + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Minimum required version 14.4 + + String[] + + String[] + + + None + - - - - AppID - - The ID of the application in which the authentication will be deleted. - - String - - String - - - None - - - AuthID - - The unique ID of the specific authentication. - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASApplicationAuthenticationMethod -AppID NewApp -AuthID 1 - - Deletes authentication method with ID of 1 from "NewApp" - - - - -------------------------- EXAMPLE 2 -------------------------- - Get-PASApplicationAuthenticationMethod -AppID NewApp | Remove-PASApplicationAuthenticationMethod - - Deletes all authentication methods from "NewApp" - - - - - - https://pspas.pspete.dev/commands/Remove-PASApplicationAuthenticationMethod - https://pspas.pspete.dev/commands/Remove-PASApplicationAuthenticationMethod - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Authentication.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Authentication.htm - - - - - - Remove-PASAuthenticationMethod - Remove - PASAuthenticationMethod - - Deletes a specific authentication method. - - - - Deletes a specific authentication method. Membership of the Vault admins group required. - - - Remove-PASAuthenticationMethod - - id + New-PASUser + + UserName - The authentication method identifier. + The name of the user to create in the vault String @@ -31039,115 +33709,111 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - Confirm + + InitialPassword - Prompts you for confirmation before running the cmdlet. + The password to set on the account, as a Secure String + Must meet the password complexity requirements + + SecureString + + SecureString + + + None + + + Email + + The user's email address + String - SwitchParameter + String + + + None + + + ChangePasswordOnTheNextLogon + + Whether or not user will be forced to change password on first logon + + Boolean + + Boolean False - - WhatIf + + ExpiryDate - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Expiry Date to set on account. + Default is Never + DateTime - SwitchParameter + DateTime + + + None + + + UserTypeName + + The Type of User to create. + EPVUser type will be created by default. + + String + + String + + + None + + + Disabled + + Whether or not the user will be created as a disabled user + Default is Enabled + + Boolean + + Boolean False - - - - - id - - The authentication method identifier. - - String - - String - - - None - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Remove-PASAuthenticationMethod -id SomeID - - Deletes authentication method with id "SomeID" - - - - - - https://pspas.pspete.dev/commands/Remove-PASAuthenticationMethod - https://pspas.pspete.dev/commands/Remove-PASAuthenticationMethod - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Authentication-Method-Delete.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Authentication-Method-Delete.htm - - - - - - Remove-PASDirectory - Remove - PASDirectory - - Removes an LDAP directory configured in the Vault - - - - Removes an LDAP directory configuration from the vault. - Membership of the Vault Admins group required. - - - - Remove-PASDirectory - - id + + Location - The ID or Name of the directory to return information on. + The Vault Location where the user will be created + Default location is "Root" + + String + + String + + + None + + + FirstName + + The user's first name + + String + + String + + + None + + + LastName + + The user's last name String @@ -31178,13 +33844,25 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 10.9 + + + SwitchParameter + + + False + - - id + + UserName - The ID or Name of the directory to return information on. + The name of the user to create in the vault String @@ -31193,34 +33871,5422 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + InitialPassword - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The password to set on the account, as a Secure String + Must meet the password complexity requirements - SwitchParameter + SecureString - SwitchParameter + SecureString - False + None - - Confirm + + userType - Prompts you for confirmation before running the cmdlet. + The user type + Minimum required version 10.9 - SwitchParameter + String - SwitchParameter + String - False + None - - - - + + unAuthorizedInterfaces + + The CyberArk interfaces that this user is not authorized to use. + Minimum required version 10.9 + + String[] + + String[] + + + None + + + enableUser + + Whether the user will be enabled upon creation. + Minimum required version 10.9 + + Boolean + + Boolean + + + False + + + authenticationMethod + + The authentication method that the user will use to log on. + Valid Values: - "AuthTypePass", for CyberArk Authentication (default) + - "AuthTypeLDAP", for LDAP authentication + - "AuthTypeRADIUS", for RADIUS authentication + + Minimum required version 10.9 + + String[] + + String[] + + + None + + + Email + + The user's email address + + String + + String + + + None + + + ChangePassOnNextLogon + + Whether or not user will be forced to change password on first logon + Minimum required version 10.9 + + Boolean + + Boolean + + + False + + + ChangePasswordOnTheNextLogon + + Whether or not user will be forced to change password on first logon + + Boolean + + Boolean + + + False + + + passwordNeverExpires + + Whether or not the user's password will expire + Minimum required version 10.9 + + Boolean + + Boolean + + + False + + + distinguishedName + + The distinguished name of the user. + Minimum required version 10.9 + + String + + String + + + None + + + vaultAuthorization + + The user permissions in the vault. + To grant authorization to a user, the same authorization must be held by the account logged on to the API. + Valid values: - AddSafes + - AuditUsers + - AddUpdateUsers + - ResetUsersPasswords + - ActivateUsers + - AddNetworkAreas + - ManageDirectoryMapping + - ManageServerFileCategories + - BackupAllSafes + - RestoreAllSafes + + Minimum required version 10.9 + + String[] + + String[] + + + None + + + ExpiryDate + + Expiry Date to set on account. + Default is Never + + DateTime + + DateTime + + + None + + + UserTypeName + + The Type of User to create. + EPVUser type will be created by default. + + String + + String + + + None + + + Disabled + + Whether or not the user will be created as a disabled user + Default is Enabled + + Boolean + + Boolean + + + False + + + Location + + The Vault Location where the user will be created + Default location is "Root" + + String + + String + + + None + + + workStreet + + Business Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + workCity + + Business Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + workState + + Business Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + workZip + + Business Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + workCountry + + Business Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + homePage + + The user's email address + Minimum required version 10.9 + + String + + String + + + None + + + homeEmail + + The user's email address + Minimum required version 10.9 + + String + + String + + + None + + + businessEmail + + The user's email address + Minimum required version 10.9 + + String + + String + + + None + + + otherEmail + + The user's email address + Minimum required version 10.9 + + String + + String + + + None + + + homeNumber + + The user's phone number + Minimum required version 10.9 + + String + + String + + + None + + + businessNumber + + The user's phone number + Minimum required version 10.9 + + String + + String + + + None + + + cellularNumber + + The user's phone number + Minimum required version 10.9 + + String + + String + + + None + + + faxNumber + + The user's phone number + Minimum required version 10.9 + + String + + String + + + None + + + pagerNumber + + The user's phone number + Minimum required version 10.9 + + String + + String + + + None + + + description + + Description Text + Minimum required version 10.9 + + String + + String + + + None + + + FirstName + + The user's first name + + String + + String + + + None + + + MiddleName + + The User's Middle Name + Minimum required version 10.9 + + String + + String + + + None + + + LastName + + The user's last name + + String + + String + + + None + + + street + + Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + city + + Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + state + + Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + zip + + Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + country + + Address detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + title + + Personal detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + organization + + Personal detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + department + + Personal detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + profession + + Personal detail for the user + Minimum required version 10.9 + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 10.9 + + SwitchParameter + + SwitchParameter + + + False + + + loginFromHour + + The start of the timeframe the user account is permitted to authenticate. + Provide an hour of the day in 24-hour format (0-23) + Minimum required version 13.2 + + Int32 + + Int32 + + + None + + + loginToHour + + The end of the timeframe the user account is permitted to authenticate. + Provide an hour of the day in 24-hour format (0-23) + Minimum required version 13.2 + + Int32 + + Int32 + + + None + + + userActivityLogRetentionDays + + The number of days that a user's account activity records are stored before being deleted. These activity records includes logon, logoff, and user management. + If this parameter is set to zero, user activities in the Vault will not be written in the audit log. + Default value: 90 days + Minimum required version 13.2 + + Int32 + + Int32 + + + None + + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Minimum required version 14.4 + + String[] + + String[] + + + None + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + New-PASUser -UserName NewUser -InitialPassword $securePWD -UseGen1API + + Creates a Vault user named NewUser, with password set to securestring value from $securePWD, using the Gen1 API + + + + -------------------------- EXAMPLE 2 -------------------------- + New-PASUser -UserName NewUser -InitialPassword $securePWD + + Creates a Vault user named NewUser, with password set to securestring value from $securePWD + Minimum required version 10.9 + + + + -------------------------- EXAMPLE 3 -------------------------- + New-PASUser -UserName NewUser -InitialPassword $securePWD -unAuthorizedInterfaces "PACLI" -vaultAuthorization ManageDirectoryMapping + + Creates a Vault user as per the provided parameter values + Minimum required version 10.9 + + + + + + https://pspas.pspete.dev/commands/New-PASUser + https://pspas.pspete.dev/commands/New-PASUser + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/API-AddUser-v10.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/API-AddUser-v10.htm + + + + + + Publish-PASDiscoveredAccount + Publish + PASDiscoveredAccount + + Onboard a discovered account + + + + Onboard a discovered account to a target platform into a target safe. Optionally set the account to be reconciled, and/or with a default password. + + + + Publish-PASDiscoveredAccount + + id + + Discovered account ID + + String + + String + + + None + + + PlatformID + + Target platform ID + + String + + String + + + None + + + safeName + + Target safe name + + String + + String + + + None + + + shouldReconcileAccount + + Specify if the account should be reconciled + + Boolean + + Boolean + + + False + + + defaultPassword + + The default password value + + SecureString + + SecureString + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + id + + Discovered account ID + + String + + String + + + None + + + PlatformID + + Target platform ID + + String + + String + + + None + + + safeName + + Target safe name + + String + + String + + + None + + + shouldReconcileAccount + + Specify if the account should be reconciled + + Boolean + + Boolean + + + False + + + defaultPassword + + The default password value + + SecureString + + SecureString + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + $password = Read-Host -AsSecureString -Prompt "defaultPassword value" +Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe -defaultPassword $password + + Onboard discovered account with id 66_6 to `SomeSafe` with the provided default password + + + + + + https://pspas.pspete.dev/commands/Publish-PASDiscoveredAccount + https://pspas.pspete.dev/commands/Publish-PASDiscoveredAccount + + + + + + Publish-PASDiscoveredLocalAccount + Publish + PASDiscoveredLocalAccount + + Onboard a discovered local account + + + + Onboards accounts from the list of discovered accounts for local endpoints. The account is moved from the list of discovered accounts to the system's active accounts. + Applies to the accounts that are discovered by the EPM scanning of endpoints, including loosely connected devices: - Windows loosely connected devices + - Mac loosely connected devices + - Linux loosely connected devices + + Requires one of the following roles: - Privilege Cloud Administrator + - Privilege Cloud Administrator Basic + - Privilege Cloud Administrator Lite + + + + Publish-PASDiscoveredLocalAccount + + id + + The unique identifier of the discovered account. + + String + + String + + + None + + + safeName + + The safe to apply to the account + + String + + String + + + None + + + platformID + + The platform to apply to the account. + + String + + String + + + None + + + additionalProperties + + Additional properties that will be applied to the account and are not taken from the identifiers or customProperties of the discovered account. + + Hashtable + + Hashtable + + + None + + + secret + + The account's initial secret value. + + SecureString + + SecureString + + + None + + + resetSecret + + Whether the account should be immediately rotated (reconcile or change depending on the type). + + Boolean + + Boolean + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + id + + The unique identifier of the discovered account. + + String + + String + + + None + + + safeName + + The safe to apply to the account + + String + + String + + + None + + + platformID + + The platform to apply to the account. + + String + + String + + + None + + + additionalProperties + + Additional properties that will be applied to the account and are not taken from the identifiers or customProperties of the discovered account. + + Hashtable + + Hashtable + + + None + + + secret + + The account's initial secret value. + + SecureString + + SecureString + + + None + + + resetSecret + + Whether the account should be immediately rotated (reconcile or change depending on the type). + + Boolean + + Boolean + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Publish-PASDiscoveredLocalAccount -id SomeID -safeName SomeSafe -platformID SomePlatform + + Onboards the specified discovered local account. + + + + + + https://pspas.pspete.dev/commands/Publish-PASDiscoveredLocalAccount + https://pspas.pspete.dev/commands/Publish-PASDiscoveredLocalAccount + + + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Onboard.htm + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Onboard.htm + + + + + + Publish-PASTheme + Publish + PASTheme + + Updates draft state a custom theme + + + + Updates the draft state of a specific custom theme from $true to $false + + + + Publish-PASTheme + + ThemeName + + The name of the custom theme to update its draft state. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ThemeName + + The name of the custom theme to update its draft state. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Publish-PASTheme -ThemeName SomeTheme + + Update the draft state of SomeTheme + + + + + + https://pspas.pspete.dev/commands/Publish-PASTheme + https://pspas.pspete.dev/commands/Publish-PASTheme + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update-draft.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update-draft.htm + + + + + + Remove-PASAccount + Remove + PASAccount + + Deletes an account + + + + Deletes a specific account in the Vault. + The user who runs this web service requires the "Delete Accounts" permission. + + + + Remove-PASAccount + + AccountID + + The unique ID of the account to delete. + This is retrieved by the Get-PASAccount function. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 10.4 + + + SwitchParameter + + + False + + + + + + AccountID + + The unique ID of the account to delete. + This is retrieved by the Get-PASAccount function. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 10.4 + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASAccount -AccountID 19_1 + + Deletes the account with AccountID of 19_1 + + + + + + https://pspas.pspete.dev/commands/Remove-PASAccount + https://pspas.pspete.dev/commands/Remove-PASAccount + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account.htm + + + + + + Remove-PASAccountACL + Remove + PASAccountACL + + Deletes privileged commands rule from an account + + + + Deletes privileged commands rule associated with account + Not supported in Privilege Cloud + + + + Remove-PASAccountACL + + AccountPolicyId + + ID of account from which the commands will be deleted + + String + + String + + + None + + + AccountAddress + + The address of the account for which the privileged command will be deleted. + + String + + String + + + None + + + AccountUserName + + The name of the account's user. + + String + + String + + + None + + + Id + + The ID of the command that will be deleted + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + AccountPolicyId + + ID of account from which the commands will be deleted + + String + + String + + + None + + + AccountAddress + + The address of the account for which the privileged command will be deleted. + + String + + String + + + None + + + AccountUserName + + The name of the account's user. + + String + + String + + + None + + + Id + + The ID of the command that will be deleted + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASAccountACL -AccountPolicyId UNIXSSH -AccountAddress machine -AccountUserName root -Id 12 + + Removes matching Privileged Account Rule from the account root + + + + -------------------------- EXAMPLE 2 -------------------------- + Get-PASAccount root | Get-PASAccountACL | Where-Object{$_.Command -eq "ifconfig"} | Remove-PASAccountACL + + Removes matching Privileged Account Rule from account. + + + + + + https://pspas.pspete.dev/commands/Remove-PASAccountACL + https://pspas.pspete.dev/commands/Remove-PASAccountACL + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account%20ACL.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Account%20ACL.htm + + + + + + Remove-PASAccountGroupMember + Remove + PASAccountGroupMember + + Deletes a member of an account group. + + + + Removes an account member from an account group. + This account can be either a password account or an SSH Key account. + The following permissions are required on the safe: - Add Accounts - Update Account Content - Update Account Properties -Create Folders + + + + Remove-PASAccountGroupMember + + AccountID + + The unique ID of the account group. + + String + + String + + + None + + + GroupID + + The unique ID of the account group. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + AccountID + + The unique ID of the account group. + + String + + String + + + None + + + GroupID + + The unique ID of the account group. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + Minimum CyberArk version 9.10 + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASAccountGroupMember -AccountID 21_7 -GroupID 21_9 + + Removes member with ID of 21_& from account group with ID of 21_9 + + + + + + https://pspas.pspete.dev/commands/Remove-PASAccountGroupMember + https://pspas.pspete.dev/commands/Remove-PASAccountGroupMember + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMemberFromAccountGroup.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMemberFromAccountGroup.htm + + + + + + Remove-PASApplication + Remove + PASApplication + + Deletes an application + + + + Deletes a specific application. + "Manage Users" permission is required to be held. + + + + Remove-PASApplication + + AppID + + The name of the application to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + AppID + + The name of the application to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASApplication -AppID NewApp + + Deletes application "NewApp" + + + + + + https://pspas.pspete.dev/commands/Remove-PASApplication + https://pspas.pspete.dev/commands/Remove-PASApplication + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Application.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Application.htm + + + + + + Remove-PASApplicationAuthenticationMethod + Remove + PASApplicationAuthenticationMethod + + Deletes an authentication method from an application + + + + Deletes a specific authentication method from a defined application. + "Manage Users" permission is required. + + + + Remove-PASApplicationAuthenticationMethod + + AppID + + The ID of the application in which the authentication will be deleted. + + String + + String + + + None + + + AuthID + + The unique ID of the specific authentication. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + AppID + + The ID of the application in which the authentication will be deleted. + + String + + String + + + None + + + AuthID + + The unique ID of the specific authentication. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASApplicationAuthenticationMethod -AppID NewApp -AuthID 1 + + Deletes authentication method with ID of 1 from "NewApp" + + + + -------------------------- EXAMPLE 2 -------------------------- + Get-PASApplicationAuthenticationMethod -AppID NewApp | Remove-PASApplicationAuthenticationMethod + + Deletes all authentication methods from "NewApp" + + + + + + https://pspas.pspete.dev/commands/Remove-PASApplicationAuthenticationMethod + https://pspas.pspete.dev/commands/Remove-PASApplicationAuthenticationMethod + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Authentication.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20a%20Specific%20Authentication.htm + + + + + + Remove-PASAuthenticationMethod + Remove + PASAuthenticationMethod + + Deletes a specific authentication method. + + + + Deletes a specific authentication method. Membership of the Vault admins group required. + + + + Remove-PASAuthenticationMethod + + id + + The authentication method identifier. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + + + id + + The authentication method identifier. + + String + + String + + + None + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + PS C:\> Remove-PASAuthenticationMethod -id SomeID + + Deletes authentication method with id "SomeID" + + + + + + https://pspas.pspete.dev/commands/Remove-PASAuthenticationMethod + https://pspas.pspete.dev/commands/Remove-PASAuthenticationMethod + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Authentication-Method-Delete.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Authentication-Method-Delete.htm + + + + + + Remove-PASDependentAccount + Remove + PASDependentAccount + + This deletes an existing dependent account. + + + + Removes the association between a main privileged account and the dependent account. + Requires CyberArk version 14.6 or later. + + + + Remove-PASDependentAccount + + AccountID + + The unique ID of the main privileged account that has the dependent account associated with it. This parameter accepts pipeline input and can be aliased as 'id'. + + String + + String + + + None + + + dependentAccountId + + The unique ID of the dependent account that should be removed from the main account association. This parameter accepts pipeline input and can be aliased as 'dependentid'. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + AccountID + + The unique ID of the main privileged account that has the dependent account associated with it. This parameter accepts pipeline input and can be aliased as 'id'. + + String + + String + + + None + + + dependentAccountId + + The unique ID of the dependent account that should be removed from the main account association. This parameter accepts pipeline input and can be aliased as 'dependentid'. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Remove-PASDependentAccount -AccountID "123_456" -dependentAccountId "22_2" + + Removes the dependent account with ID "789_012" from the main account "123_456". The system will prompt for confirmation before performing the removal. + + + + -------------------------- Example 2 -------------------------- + PS C:\> Get-PASAccount -id "123_456" | Remove-PASDependentAccount -dependentAccountId "22_2" -WhatIf + + Shows what would happen if the dependent account were removed, but does not actually perform the removal. Uses pipeline input from Get-PASAccount for the main account ID. + + + + + + Online Version: + https://pspas.pspete.dev/commands/Remove-PASDependentAccount + + + + + + Remove-PASDirectory + Remove + PASDirectory + + Removes an LDAP directory configured in the Vault + + + + Removes an LDAP directory configuration from the vault. + Membership of the Vault Admins group required. + + + + Remove-PASDirectory + + id + + The ID or Name of the directory to return information on. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + id + + The ID or Name of the directory to return information on. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASDirectory -id LDAPDirectory + + Removes LDAP directory configured in the Vault + + + + + + https://pspas.pspete.dev/commands/Remove-PASDirectory + https://pspas.pspete.dev/commands/Remove-PASDirectory + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteDirectory.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteDirectory.htm + + + + + + Remove-PASDirectoryMapping + Remove + PASDirectoryMapping + + Removes a configured directory mapping from the Vault + + + + Removes a directory mapping configuration from the vault. + Membership of the Vault Admins group required. + + + + Remove-PASDirectoryMapping + + DirectoryName + + The Name of the directory containing the mapping. + + String + + String + + + None + + + MappingID + + The id of the directory mapping to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + DirectoryName + + The Name of the directory containing the mapping. + + String + + String + + + None + + + MappingID + + The id of the directory mapping to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASDirectoryMapping -DirectoryName SomeDir -MappingID 66 + + Removes the directory mapping with id 66 for the SomeDir directory + + + + + + https://pspas.pspete.dev/commands/Remove-PASDirectoryMapping + https://pspas.pspete.dev/commands/Remove-PASDirectoryMapping + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete-directory-mapping.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete-directory-mapping.htm + + + + + + Remove-PASDiscoveredLocalAccount + Remove + PASDiscoveredLocalAccount + + Delete a discovered local account + + + + Delete an account from the list of discovered local accounts for local endpoint Windows and MacOS accounts. + Deleting an account from the current discovered accounts list does not affect the next scan for discovered accounts, and the deleted account may appear again. + Applies to the accounts that are discovered by the EPM scanning of endpoints, including loosely connected devices: - Windows loosely connected devices + - Mac loosely connected devices + - Linux loosely connected devices + + Requires one of the following roles: - Privilege Cloud Administrator + - Privilege Cloud Administrator Basic + - Privilege Cloud Administrator Lite + + + + Remove-PASDiscoveredLocalAccount + + id + + THe unique identifier of the account. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + id + + THe unique identifier of the account. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASDiscoveredLocalAccount -id SomeID + + Deletes specified discovered local account + + + + + + https://pspas.pspete.dev/commands/Remove-PASDiscoveredLocalAccount + https://pspas.pspete.dev/commands/Remove-PASDiscoveredLocalAccount + + + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Delete.htm + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Delete.htm + + + + + + Remove-PASFIDO2Device + Remove + PASFIDO2Device + + Removes a FIDO2 device from a user's authentication methods. + + + + Removes a FIDO2 device from either a user's authentication methods or from the current user's own authentication methods. + Requires CyberArk version 14.6 or later. + + + + Remove-PASFIDO2Device + + id + + The unique identifier of the FIDO2 device to be removed from a user's authentication methods. + + String + + String + + + None + + + OwnDevice + + When specified, removes the FIDO2 device from the current user's own authentication methods. Without this parameter, the device is removed from the user that it belongs do in their authentication methods. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + id + + The unique identifier of the FIDO2 device to be removed from a user's authentication methods. + + String + + String + + + None + + + OwnDevice + + When specified, removes the FIDO2 device from the current user's own authentication methods. Without this parameter, the device is removed from the user that it belongs do in their authentication methods. + + SwitchParameter + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Remove-PASFIDO2Device -id "device123" + + Removes the FIDO2 device with ID "device123" from a user's registered authentication methods. This requires administrative privileges. + + + + -------------------------- Example 2 -------------------------- + PS C:\> Remove-PASFIDO2Device -id "device123" -OwnDevice + + Removes the FIDO2 device with ID "device123" from the current user's own registered authentication methods. This allows users to self-manage their FIDO2 devices. + + + + + + https://pspas.pspete.dev/commands/Remove-PASFIDO2Device + https://pspas.pspete.dev/commands/Remove-PASFIDO2Device + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-remove.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-remove.htm + + + \[https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-remove.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/fido2-selfremove.htm + + + + + + Remove-PASGroup + Remove + PASGroup + + Deletes a user group + + + + Deletes a vault group. + To delete a vault group, the following authorizations are required: - Add/Update Users + + + + Remove-PASGroup + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + ID + + The Group ID + + Int32 + + Int32 + + + None + + + + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + ID + + The Group ID + + Int32 + + Int32 + + + None + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASGroup -GroupID 3 + + Deletes vault group with ID of 3 + + + + + + https://pspas.pspete.dev/commands/Remove-PASGroup + https://pspas.pspete.dev/commands/Remove-PASGroup + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User%20Group.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User%20Group.htm + + + + + + Remove-PASGroupMember + Remove + PASGroupMember + + Removes a vault user from a group + + + + Removes an existing member from an existing group in the vault + + + + Remove-PASGroupMember + + GroupID + + The ID of the group + + String + + String + + + None + + + Member + + The name of the group member + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + GroupID + + The ID of the group + + String + + String + + + None + + + Member + + The name of the group member + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASGroupMember -GroupID X1_Y2 -Member TargetUser + + Removes TargetUser from group + + + + + + https://pspas.pspete.dev/commands/Remove-PASGroupMember + https://pspas.pspete.dev/commands/Remove-PASGroupMember + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveUserFromGroup.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveUserFromGroup.htm + + + + + + Remove-PASOnboardingRule + Remove + PASOnboardingRule + + Deletes an automatic on-boarding rule + + + + Deletes an automatic on-boarding rule from the Vault. + Vault Admin membership required. + + + + Remove-PASOnboardingRule + + RuleID + + The unique ID of the rule to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + RuleID + + The unique ID of the rule to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASOnboardingRule -RuleID 5 + + Removes specified on-boarding rule. + + + + + + https://pspas.pspete.dev/commands/Remove-PASOnboardingRule + https://pspas.pspete.dev/commands/Remove-PASOnboardingRule + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteAutoOnboardingRule.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteAutoOnboardingRule.htm + + + + + + Remove-PASOpenIDConnectProvider + Remove + PASOpenIDConnectProvider + + Deletes a configured OIDC Identity Provider. + + + + Deletes an OIDC Identity Provider. Requires membership of Vault Admins group. + + + + Remove-PASOpenIDConnectProvider + + id + + The unique identifier of the provider to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + id + + The unique identifier of the provider to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + PS C:\> Remove-PASOpenIDConnectProvider -id SomeOIDCProvider + + Deletes OIDC Identity Provider with ID SomeOIDCProvider + + + + + + https://pspas.pspete.dev/commands/Remove-PASOpenIDConnectProvider + https://pspas.pspete.dev/commands/Remove-PASOpenIDConnectProvider + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Delete-Provider.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Delete-Provider.htm + + + + + + Remove-PASPlatform + Remove + PASPlatform + + Deletes a platform. + + + + Deletes, target, dependent, group or rotational group platform. + + + + Remove-PASPlatform + + TargetPlatform + + Specify if ID relates to Target platform + + + SwitchParameter + + + False + + + ID + + The unique ID number of the platform to delete. + + Int32 + + Int32 + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + Remove-PASPlatform + + DependentPlatform + + Specify if ID relates to Dependent platform + + + SwitchParameter + + + False + + + ID + + The unique ID number of the platform to delete. + + Int32 + + Int32 + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + Remove-PASPlatform + + GroupPlatform + + Specify if ID relates to Group platform + + + SwitchParameter + + + False + + + ID + + The unique ID number of the platform to delete. + + Int32 + + Int32 + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + Remove-PASPlatform + + RotationalGroup + + Specify if ID relates to Rotational Group platform + + + SwitchParameter + + + False + + + ID + + The unique ID number of the platform to delete. + + Int32 + + Int32 + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + TargetPlatform + + Specify if ID relates to Target platform + + SwitchParameter + + SwitchParameter + + + False + + + DependentPlatform + + Specify if ID relates to Dependent platform + + SwitchParameter + + SwitchParameter + + + False + + + GroupPlatform + + Specify if ID relates to Group platform + + SwitchParameter + + SwitchParameter + + + False + + + RotationalGroup + + Specify if ID relates to Rotational Group platform + + SwitchParameter + + SwitchParameter + + + False + + + ID + + The unique ID number of the platform to delete. + + Int32 + + Int32 + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + PAS 11.4 minimum + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPlatform -TargetPlatform -ID 9 + + Deletes Target Platform with ID of 9 + + + + -------------------------- EXAMPLE 2 -------------------------- + Remove-PASPlatform -DependentPlatform -ID 9 + + Deletes Dependent Platform with ID of 9 + + + + -------------------------- EXAMPLE 3 -------------------------- + Remove-PASPlatform -GroupPlatform -ID 39 + + Deletes Group Platform with ID of 39 + + + + -------------------------- EXAMPLE 4 -------------------------- + Remove-PASPlatform -RotationalGroup -ID 59 + + Deletes Rotational Group Platform with ID of 59 + + + + + + https://pspas.pspete.dev/commands/Remove-PASPlatform + https://pspas.pspete.dev/commands/Remove-PASPlatform + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-target-platform.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-target-platform.htm + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-dependent-platform.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-dependent-platform.htm + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-goup-platform.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-goup-platform.htm + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-rotational-group-platform.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-rotational-group-platform.htm + + + + + + Remove-PASPolicyACL + Remove + PASPolicyACL + + Delete all privileged commands on policy + + + + Deletes all privileged command rules associated with the policy + Not supported in Privilege Cloud + + + + Remove-PASPolicyACL + + PolicyID + + String value of Policy ID + + String + + String + + + None + + + Id + + The Rule Id that will be deleted + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + PolicyID + + String value of Policy ID + + String + + String + + + None + + + Id + + The Rule Id that will be deleted + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPolicyACL -PolicyID UNIXSSH -Id 13 + + Deletes Rule with ID of 13 from UNIXSSH platform. + + + + + + https://pspas.pspete.dev/commands/Remove-PASPolicyACL + https://pspas.pspete.dev/commands/Remove-PASPolicyACL + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Policy%20ACL.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Policy%20ACL.htm + + + + + + Remove-PASPrivateSSHKey + Remove + PASPrivateSSHKey + + Deletes an MFA caching SSH key. + + + + Deletes an MFA caching SSH key for connecting to targets via PSM for SSH. Either deletes your key, or the key for another specific user. If deleting a key for another user, the user who runs this command must be at the same vault location level or higher, and requires the "Reset Users' Passwords" permission in the Vault. + Requires CyberArk Version 12.1 or higher. + + + + Remove-PASPrivateSSHKey + + UserID + + The numerical id of the user to delete the key for. + + Int32 + + Int32 + + + 0 + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + + + + UserID + + The numerical id of the user to delete the key for. + + Int32 + + Int32 + + + 0 + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + PS C:\> Remove-PASPrivateSSHKey + + Deletes your MFA caching SSH key. + + + + -------------------------- EXAMPLE 2 -------------------------- + PS C:\> Remove-PASPrivateSSHKey -UserID 646 + + Deletes MFA caching SSH key for user with id 646. + + + + + + https://pspas.pspete.dev/commands/Remove-PASPrivateSSHKey + https://pspas.pspete.dev/commands/Remove-PASPrivateSSHKey + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key.htm + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key%20for%20another%20user.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key%20for%20another%20user.htm + + + + + + Remove-PASPTAExcludedTarget + Remove + PASPTAExcludedTarget + + Removes excluded target from PTA + + + + Remove configured excluded target + + + + Remove-PASPTAExcludedTarget + + ID + + The ID of the Excluded Target to remove + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ID + + The ID of the Excluded Target to remove + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPTAExcludedTarget -ID 65b6aa31721d9b5f3a56ca7e + + Removes excluded target matching ID + + + + + + https://pspas.pspete.dev/commands/Remove-PASPTAExcludedTarget + https://pspas.pspete.dev/commands/Remove-PASPTAExcludedTarget + + + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + + + + + + Remove-PASPTAIncludedTarget + Remove + PASPTAIncludedTarget + + Remove PTA included target + + + + Remove configured included target from PTA + + + + Remove-PASPTAIncludedTarget + + ID + + The ID of the target to remove + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ID + + The ID of the target to remove + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPTAIncludedTarget -ID 65b6aa31721d9b5f3a56ca7e + + Removes included target matching ID + + + + + + https://pspas.pspete.dev/commands/Remove-PASPTAIncludedTarget + https://pspas.pspete.dev/commands/Remove-PASPTAIncludedTarget + + + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + + + + + + Remove-PASPTAPrivilegedGroup + Remove + PASPTAPrivilegedGroup + + Deletes PTA configured privileged group + + + + Delete privileged group configured in PTA + + + + Remove-PASPTAPrivilegedGroup + + ID + + The ID of the group configuration to delete + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ID + + The ID of the group configuration to delete + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPTAPrivilegedGroup -ID 65b6aa31721d9b5f3a56ca7e + + Deletes group configuration matching ID + + + + + + https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedGroup + https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedGroup + + + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + + + + + + Remove-PASPTAPrivilegedUser + Remove + PASPTAPrivilegedUser + + Delete configured privileged user from PTA + + + + Deletes configured privileged user from PTA + + + + Remove-PASPTAPrivilegedUser + + ID + + The ID of the user configuration to delete + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ID + + The ID of the user configuration to delete + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPTAPrivilegedUser -ID 65b6aa31721d9b5f3a56ca7e + + Deletes user configuration matching ID + + + + + + https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedUser + https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedUser + + + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + + + + + + Remove-PASPTASecurityConfigurationProperty + Remove + PASPTASecurityConfigurationProperty + + Removes PTA security configuration property + + + + This deletes a specific PTA security configuration property + + + + Remove-PASPTASecurityConfigurationProperty + + propertyKey + + The key of the PTA security configuration property + + String + + String + + + None + + + id + + The ID of the item to remove from the property + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + propertyKey + + The key of the PTA security configuration property + + String + + String + + + None + + + id + + The ID of the item to remove from the property + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + Minimum Version CyberArk 14.2 + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPTASecurityConfigurationProperty -propertyKey "PrivilegedUsersList" -id "someid" + + Removes the specified id from the PrivilegedUsersList property + + + + -------------------------- EXAMPLE 2 -------------------------- + Remove-PASPTASecurityConfigurationProperty -propertyKey "SCTExcludedAccountsList" -id "someid" + + Removes the specified id from the SCTExcludedAccountsList property + + + + + + https://pspas.pspete.dev/commands/Remove-PASPTASecurityConfigurationProperty + https://pspas.pspete.dev/commands/Remove-PASPTASecurityConfigurationProperty + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletesecurity.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletesecurity.htm + + + + + + Remove-PASPTASyslog + Remove + PASPTASyslog + + Removes SYSLOG configuration from PTA + + + + Removes a SYSLOG configuration from PTA + + + + Remove-PASPTASyslog + + ID + + The ID of the SYSLOG configuration to delete + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ID + + The ID of the SYSLOG configuration to delete + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Remove-PASPTASyslog -ID SomeID + + Removes specified SYSLOG configuration from PTA + + + + + + https://pspas.pspete.dev/commands/Remove-PASPTASyslog + https://pspas.pspete.dev/commands/Remove-PASPTASyslog + + + + + + Remove-PASPublicSSHKey + Remove + PASPublicSSHKey + + Deletes a specific Public SSH Key from a specific vault user. + + + + Deletes an authorized public SSH key for a specific user in the Vault, preventing them from authenticating to the Vault through PSMP using a corresponding private SSH key. + "Reset Users Passwords" Vault permission is required. + The authenticated user who runs this function must be in the same Vault Location or higher as the user whose public SSH keys are deleted. + A user cannot manage their own public SSH keys. + + + + Remove-PASPublicSSHKey + + UserName + + The username of the Vault user whose public SSH keys will be added + A username cannot contain the following characters: "%", "&", "+" or ".". + + String + + String + + + None + + + KeyID + + The ID of the public SSH key to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + UserName + + The username of the Vault user whose public SSH keys will be added + A username cannot contain the following characters: "%", "&", "+" or ".". + + String + + String + + + None + + + KeyID + + The ID of the public SSH key to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASPublicSSHKey -UserName Splitter -KeyID 415161FE8F2B408BB76BC244258C3697 + + Deletes specified ssh key from vault user "Splitter" + + + + + + https://pspas.pspete.dev/commands/Remove-PASPublicSSHKey + https://pspas.pspete.dev/commands/Remove-PASPublicSSHKey + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Public%20SSH%20Key.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Public%20SSH%20Key.htm + + + + + + Remove-PASRequest + Remove + PASRequest + + Deletes a request from the Vault + + + + Deletes a request from the Vault. + The "Manage" Safe vault permission is required. + Officially supported from version 9.10. + Reports received that function works in 9.9 also. + + + + Remove-PASRequest + + RequestID + + The ID (composed of the Safe Name and internal RequestID) of the request to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + RequestID + + The ID (composed of the Safe Name and internal RequestID) of the request to delete. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + " + + Deletes Request <ID> + + + + + + https://pspas.pspete.dev/commands/Remove-PASRequest + https://pspas.pspete.dev/commands/Remove-PASRequest + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMyRequest.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMyRequest.htm + + + + + + Remove-PASSafe + Remove + PASSafe + + Deletes a safe from the Vault + + + + Deletes a safe from the Vault. + The "Manage" Safe vault permission is required. + Default operation requires CyberArk version 12.1+. + For earlier versions, the Gen1 API switch must be specified. + + + + Remove-PASSafe + + SafeName + + The name of the safe to delete. + + String + + String + + + None + + + UseGen1API + + Forces use of the Gen1 API endpoint + Should be specified for PAS versions earlier than 12.1 + + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. + The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + SafeName + + The name of the safe to delete. + + String + + String + + + None + + + UseGen1API + + Forces use of the Gen1 API endpoint + Should be specified for PAS versions earlier than 12.1 + + SwitchParameter + + SwitchParameter + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. + The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASSafe -SafeName OLD_Safe + + Deletes "OLD_Safe" + + + + -------------------------- EXAMPLE 2 -------------------------- + Remove-PASSafe -SafeName OLD_Safe -UseGen1API + + Deletes "OLD_Safe" using the Gen1 API + + + + + + https://pspas.pspete.dev/commands/Remove-PASSafe + https://pspas.pspete.dev/commands/Remove-PASSafe + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe.htm + + + + + + Remove-PASSafeMember + Remove + PASSafeMember + + Removes a member from a safe + + + + Removes a specific member from a Safe. + The user who runs this function requires the ManageSafeMembers permission. + Default operation against Gen2 API requires minimum version of 12.2 + + + + Remove-PASSafeMember + + SafeName + + The name of the safe from which to remove the member. + + String + + String + + + None + + + MemberName + + The name of the safe member to remove from the safes list of members. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 12.2 + Is not supported for Privilege Cloud + + + SwitchParameter + + + False + + + + + + SafeName + + The name of the safe from which to remove the member. + + String + + String + + + None + + + MemberName + + The name of the safe member to remove from the safes list of members. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 12.2 + Is not supported for Privilege Cloud + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Remove-PASSafeMember -SafeName TargetSafe -MemberName TargetUser + + Removes TargetUser as safe member from TargetSafe using Gen2 API + Requires minimum version 12.2 + + + + -------------------------- EXAMPLE 2 -------------------------- + Remove-PASSafeMember -SafeName TargetSafe -MemberName TargetUser -UseGen1API + + Removes TargetUser as safe member from TargetSafe using Gen1 API + + + + + + https://pspas.pspete.dev/commands/Remove-PASSafeMember + https://pspas.pspete.dev/commands/Remove-PASSafeMember + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe%20Member.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe%20Member.htm + + + + + + Remove-PASStoredPlatform + Remove + PASStoredPlatform + + Removes the platform stored in memory. + + + + Removes the platform stored in memory. + Requires Vault Admin membership + + + + Remove-PASStoredPlatform + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Remove-PASStoredPlatform + + Delete the stored platform from memory + + + + + + https://pspas.pspete.dev/commands/Remove-PASStoredPlatform + https://pspas.pspete.dev/commands/Remove-PASStoredPlatform + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletestoredplatform.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/deletestoredplatform.htm + + + + + + Remove-PASTheme + Remove + PASTheme + + Delete Theme + + + + Removes a specific theme + + + + Remove-PASTheme + + ThemeName + + The name of the theme + + String + + String + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ThemeName + + The name of the theme + + String + + String + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + @@ -31228,55 +39294,83 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASDirectory -id LDAPDirectory + Remove-PASTheme -ThemeName "Custom Dark" - Removes LDAP directory configured in the Vault + Removes the theme "Custom Dark" - https://pspas.pspete.dev/commands/Remove-PASDirectory - https://pspas.pspete.dev/commands/Remove-PASDirectory + https://pspas.pspete.dev/commands/Remove-PASTheme + https://pspas.pspete.dev/commands/Remove-PASTheme - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteDirectory.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteDirectory.htm + https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-delete.htm + https://docs.cyberark.com/pam-self-hosted/14.4/en/content/sdk/rest-api-cust-ui-themes-delete.htm - Remove-PASDirectoryMapping + Remove-PASUser Remove - PASDirectoryMapping + PASUser - Removes a configured directory mapping from the Vault + Deletes a vault user - Removes a directory mapping configuration from the vault. - Membership of the Vault Admins group required. + Deletes an existing user from the vault + Default operation using the Gen2 API requires minimum version of 11.1 - Remove-PASDirectoryMapping - - DirectoryName + Remove-PASUser + + id - The Name of the directory containing the mapping. + The numeric id of the user to delete. + Minimum required version 11.1 - String + Int32 - String + Int32 - None + 0 - - MappingID + + WhatIf - The id of the directory mapping to delete. + Shows what would happen if the cmdlet runs. + The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + Remove-PASUser + + UserName + + The name of the user to delete from the vault + Should be specified for versions earlier than 11.1 String @@ -31288,7 +39382,8 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - WhatIf - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Shows what would happen if the cmdlet runs. + The cmdlet is not run. SwitchParameter @@ -31310,22 +39405,24 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - DirectoryName + + id - The Name of the directory containing the mapping. + The numeric id of the user to delete. + Minimum required version 11.1 - String + Int32 - String + Int32 - None + 0 - - MappingID + + UserName - The id of the directory mapping to delete. + The name of the user to delete from the vault + Should be specified for versions earlier than 11.1 String @@ -31337,7 +39434,8 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - WhatIf - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Shows what would happen if the cmdlet runs. + The cmdlet is not run. SwitchParameter @@ -31369,54 +39467,67 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASDirectoryMapping -DirectoryName SomeDir -MappingID 66 + Remove-PASUser -id 1234 - Removes the directory mapping with id 66 for the SomeDir directory + Deletes vault user with id 1234 + Minimum required version 11.1 + + + + -------------------------- EXAMPLE 2 -------------------------- + Remove-PASUser -UserName This_User + + Deletes vault user "This_User" - https://pspas.pspete.dev/commands/Remove-PASDirectoryMapping - https://pspas.pspete.dev/commands/Remove-PASDirectoryMapping + https://pspas.pspete.dev/commands/Remove-PASUser + https://pspas.pspete.dev/commands/Remove-PASUser - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete-directory-mapping.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete-directory-mapping.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User.htm - Remove-PASDiscoveredLocalAccount + Remove-PASUserAllowedAuthenticationMethod Remove - PASDiscoveredLocalAccount + PASUserAllowedAuthenticationMethod - Delete a discovered local account + Delete allowed authentication methods from multiple users - Delete an account from the list of discovered local accounts for local endpoint Windows and MacOS accounts. - Deleting an account from the current discovered accounts list does not affect the next scan for discovered accounts, and the deleted account may appear again. - Applies to the accounts that are discovered by the EPM scanning of endpoints, including loosely connected devices: - Windows loosely connected devices - - Mac loosely connected devices - - Linux loosely connected devices - - Requires one of the following roles: - Privilege Cloud Administrator - - Privilege Cloud Administrator Basic - - Privilege Cloud Administrator Lite + Deletes allowed authentication methods from multiple Vault users using a single request. + Requires the Add/Update Users authorizations to be held by the user running the command. - Remove-PASDiscoveredLocalAccount + Remove-PASUserAllowedAuthenticationMethod - id + userIds - THe unique identifier of the account. + A list of strings of the user IDs from which to delete the allowed authentication methods. - String + Int32[] - String + Int32[] + + + None + + + allowedAuthenticationMethods + + A list of strings of all the non-Vault authentication methods (specified by ID) that the users cannot use to log on. + + String[] + + String[] None @@ -31447,13 +39558,25 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - id + userIds - THe unique identifier of the account. + A list of strings of the user IDs from which to delete the allowed authentication methods. - String + Int32[] - String + Int32[] + + + None + + + allowedAuthenticationMethods + + A list of strings of all the non-Vault authentication methods (specified by ID) that the users cannot use to log on. + + String[] + + String[] None @@ -31493,39 +39616,120 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - -------------------------- Example 1 -------------------------- - Remove-PASDiscoveredLocalAccount -id SomeID + PS C:\> Remove-PASUserAllowedAuthenticationMethod -userIds 67,68,69 -allowedAuthenticationMethods LDAP - Deletes specified discovered local account + Deletes the LDAP authentication methods from users with ids 67, 68 & 69 - https://pspas.pspete.dev/commands/Remove-PASDiscoveredLocalAccount - https://pspas.pspete.dev/commands/Remove-PASDiscoveredLocalAccount + https://pspas.pspete.dev/commands/Remove-PASUserAllowedAuthenticationMethod + https://pspas.pspete.dev/commands/Remove-PASUserAllowedAuthenticationMethod - https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Delete.htm - https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/Privilege%20Cloud/PrivCloud-DiscoveredAccountsService-Delete.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-delete-allowed-auth.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-delete-allowed-auth.htm - Remove-PASGroup - Remove - PASGroup + Request-PASJustInTimeAccess + Request + PASJustInTimeAccess - Deletes a user group + Requests JIT access to a target Windows machine - Deletes a vault group. - To delete a vault group, the following authorizations are required: - Add/Update Users + Requests and receives access, with administrative rights, to a target Windows machine. The domain user who requests access will be added to the local Administrators group of the target machine. - Remove-PASGroup + Request-PASJustInTimeAccess + + AccountID + + The ID of the local account that will be used to add the logged on user to the Administrators group on the target machine. + + String + + String + + + None + + + + + + AccountID + + The ID of the local account that will be used to add the logged on user to the Administrators group on the target machine. + + String + + String + + + None + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + Request-PASJustInTimeAccess -AccountID 36_3 + + Requests JIT access on the server for which the account with id 36_3 is a local account with local admin membership. + + + + + + https://pspas.pspete.dev/commands/Request-PASJustInTimeAccess + https://pspas.pspete.dev/commands/Request-PASJustInTimeAccess + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm + + + + + + Reset-PASPTASecurityConfigurationCategory + Reset + PASPTASecurityConfigurationCategory + + Resets PTA security configuration category to default values + + + + Resets PTA security configuration category to default values + + + + Reset-PASPTASecurityConfigurationCategory + + categoryKey + + The key of the PTA security configuration category to reset + + String + + String + + + None + WhatIf @@ -31548,21 +39752,145 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - ID + + + + + categoryKey + + The key of the PTA security configuration category to reset + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + Minimum Version CyberArk 14.2 + + + + + -------------------------- EXAMPLE 1 -------------------------- + Reset-PASPTASecurityConfigurationCategory -categoryKey "ActiveDormantUser" + + Resets the ActiveDormantUser category to default values + + + + -------------------------- EXAMPLE 2 -------------------------- + Reset-PASPTASecurityConfigurationCategory -categoryKey "SuspectedCredentialsTheft" + + Resets the SuspectedCredentialsTheft category to default values + + + + + + https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationCategory + https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationCategory + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecuritycategory.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecuritycategory.htm + + + + + + Reset-PASPTASecurityConfigurationProperty + Reset + PASPTASecurityConfigurationProperty + + Resets PTA security configuration property to default value + + + + Resets PTA security configuration property to default value + Minimum required version 14.2 + + + + Reset-PASPTASecurityConfigurationProperty + + propertyKey - {{ Fill ID Description }} + The key of the PTA security configuration property to reset - Int32 + String - Int32 + String None + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + propertyKey + + The key of the PTA security configuration property to reset + + String + + String + + + None + WhatIf @@ -31587,17 +39915,104 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - ID + + + + + + Minimum Version CyberArk 14.2 + + + + + -------------------------- EXAMPLE 1 -------------------------- + Reset-PASPTASecurityConfigurationProperty -propertyKey "ActiveDormantUserDays" + + Resets the ActiveDormantUserDays property to its default value + + + + -------------------------- EXAMPLE 2 -------------------------- + Reset-PASPTASecurityConfigurationProperty -propertyKey "FailedVaultLogonAttemptsThreshold" + + Resets the FailedVaultLogonAttemptsThreshold property to its default value + + + + + + https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationProperty + https://pspas.pspete.dev/commands/Reset-PASPTASecurityConfigurationProperty + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecurityproperty.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/resetsecurityproperty.htm + + + + + + Reset-PASTheme + Reset + PASTheme + + Revert the UI to the default theme + + + + Deactivates the custom theme and revert the UI to the default theme + + + + Reset-PASTheme + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + WhatIf - {{ Fill ID Description }} + Shows what would happen if the cmdlet runs. The cmdlet is not run. - Int32 + SwitchParameter - Int32 + SwitchParameter - None + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False @@ -31608,44 +40023,45 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASGroup -GroupID 3 + + -------------------------- Example 1 -------------------------- + PS C:\> Reset-PASTheme - Deletes vault group with ID of 3 + Reverts the UI to the default theme - https://pspas.pspete.dev/commands/Remove-PASGroup - https://pspas.pspete.dev/commands/Remove-PASGroup + https://pspas.pspete.dev/commands/Reset-PASTheme + https://pspas.pspete.dev/commands/Reset-PASTheme - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User%20Group.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User%20Group.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-deactivate.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-deactivate.htm - Remove-PASGroupMember - Remove - PASGroupMember + Resume-PASDependentAccount + Resume + PASDependentAccount - Removes a vault user from a group + This resumes automatic management of a dependent account by the CPM. - Removes an existing member from an existing group in the vault + Resumes automatic management of a dependent account by the Central Password Manager (CPM). + Requires CyberArk version 14.6 or later. - Remove-PASGroupMember - - GroupID + Resume-PASDependentAccount + + AccountID - The ID of the group + The unique ID of the main privileged account that has the dependent account associated with it. This parameter accepts pipeline input and can be aliased as 'id'. String @@ -31654,10 +40070,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - Member + + dependentAccountId - The name of the group member + The unique ID of the dependent account for which automatic CPM management should be resumed. This parameter accepts pipeline input and can be aliased as 'dependentid'. String @@ -31691,10 +40107,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - GroupID + + AccountID - The ID of the group + The unique ID of the main privileged account that has the dependent account associated with it. This parameter accepts pipeline input and can be aliased as 'id'. String @@ -31703,10 +40119,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - Member + + dependentAccountId - The name of the group member + The unique ID of the dependent account for which automatic CPM management should be resumed. This parameter accepts pipeline input and can be aliased as 'dependentid'. String @@ -31749,44 +40165,46 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASGroupMember -GroupID X1_Y2 -Member TargetUser + -------------------------- Example 1 -------------------------- + PS C:\> Resume-PASDependentAccount -AccountID "123_456" -dependentAccountId "22_2" - Removes TargetUser from group + Resumes automatic CPM management for the dependent account with ID "789_012" that is associated with the main account "123_456". + + + + -------------------------- Example 2 -------------------------- + PS C:\> Get-PASAccount -id "123_456" | Resume-PASDependentAccount -dependentAccountId "22_2" + + Uses pipeline input to resume automatic management of dependent account "789_012" for the main account retrieved by Get-PASAccount. - https://pspas.pspete.dev/commands/Remove-PASGroupMember - https://pspas.pspete.dev/commands/Remove-PASGroupMember - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveUserFromGroup.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/RemoveUserFromGroup.htm + Online Version: + https://pspas.pspete.dev/commands/Resume-PASDependentAccount - Remove-PASOnboardingRule - Remove - PASOnboardingRule + Resume-PASPSMSession + Resume + PASPSMSession - Deletes an automatic on-boarding rule + Resumes a Suspended PSM Session. - Deletes an automatic on-boarding rule from the Vault. - Vault Admin membership required. + Resumes a suspended, active PSM session, identified by the unique ID of the PSM Session, allowing a privileged user to continue working. - Remove-PASOnboardingRule - - RuleID + Resume-PASPSMSession + + LiveSessionId - The unique ID of the rule to delete. + The unique ID/SessionGuid of a Suspended PSM Session. String @@ -31820,10 +40238,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - RuleID + + LiveSessionId - The unique ID of the rule to delete. + The unique ID/SessionGuid of a Suspended PSM Session. String @@ -31861,48 +40279,48 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - + Minimum CyberArk Version 10.2 -------------------------- EXAMPLE 1 -------------------------- - Remove-PASOnboardingRule -RuleID 5 + Resume-PASPSMSession -LiveSessionId $SessionUUID - Removes specified on-boarding rule. + Terminates Live PSM Session identified by the session UUID. - https://pspas.pspete.dev/commands/Remove-PASOnboardingRule - https://pspas.pspete.dev/commands/Remove-PASOnboardingRule + https://pspas.pspete.dev/commands/Resume-PASPSMSession + https://pspas.pspete.dev/commands/Resume-PASPSMSession - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteAutoOnboardingRule.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteAutoOnboardingRule.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Suspend-ResumeSession.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Suspend-ResumeSession.htm - Remove-PASOpenIDConnectProvider - Remove - PASOpenIDConnectProvider + Revoke-PASJustInTimeAccess + Revoke + PASJustInTimeAccess - Deletes a configured OIDC Identity Provider. + Revoke JIT access to a target Windows machine - Deletes an OIDC Identity Provider. Requires membership of Vault Admins group. + Requests and receives access, with administrative rights, to a target Windows machine. The domain user who issuing the command will be removed from the local Administrators group of the target machine. - Remove-PASOpenIDConnectProvider - - id + Revoke-PASJustInTimeAccess + + AccountID - The unique identifier of the provider to delete. + The ID of the local account that will be used to remove the authenticated user from the Administrators group on the target machine. String @@ -31911,35 +40329,13 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - id + + AccountID - The unique identifier of the provider to delete. + The ID of the local account that will be used to remove the authenticated user from the Administrators group on the target machine. String @@ -31948,30 +40344,6 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - @@ -31982,109 +40354,108 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - -------------------------- Example 1 -------------------------- - PS C:\> Remove-PASOpenIDConnectProvider -id SomeOIDCProvider + -------------------------- EXAMPLE 1 -------------------------- + Revoke-PASJustInTimeAccess -AccountID 36_3 - Deletes OIDC Identity Provider with ID SomeOIDCProvider + Revokes JIT access on the server for which the account with id 36_3 is a local account with local admin membership. - https://pspas.pspete.dev/commands/Remove-PASOpenIDConnectProvider - https://pspas.pspete.dev/commands/Remove-PASOpenIDConnectProvider + https://pspas.pspete.dev/commands/Revoke-PASJustInTimeAccess + https://pspas.pspete.dev/commands/Revoke-PASJustInTimeAccess - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Delete-Provider.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Delete-Provider.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm - Remove-PASPlatform - Remove - PASPlatform + Set-PASAccount + Set + PASAccount - Deletes a platform. + Updates an existing accounts details. - Deletes, target, dependent, group or rotational group platform. + Updates an existing accounts details. + Default operation using the Gen2 API requires minimum version fo 10.4 + When using the Gen1 API: + - It is not supported in Privilege Cloud + - All of the account's property details MUST be passed to the function. + - Any current properties of the account not sent as part of the request will be removed + from the account. - To change a property value not exposed via a named parameter, pass the property name and updated value to the function via the Properties parameter. - If changing the name or folder of a service account that has multiple dependencies (usages), the connection between it and its dependencies will be automatically maintained. - If changing the name or folder of an account that is linked to another account (whether logon, reconciliation or verification), the links will be automatically updated. - Remove-PASPlatform - - TargetPlatform - - Specify if ID relates to Target platform - - - SwitchParameter - - - False - - - ID + Set-PASAccount + + AccountID - The unique ID number of the platform to delete. + The unique ID of the account to update. + As returned by by Get-PASAccount - Int32 + String - Int32 + String - 0 + None - - WhatIf + + op - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The operation to perform (add, remove, replace). + Requires minimum version of 10.4 + String - SwitchParameter + String - False + None - - Confirm + + path - Prompts you for confirmation before running the cmdlet. + The path of the property to update, for instance /address or /name. + Requires minimum version of 10.4 + String - SwitchParameter + String - False + None - - - Remove-PASPlatform - - DependentPlatform + + value - Specify if ID relates to Dependent platform + The new property value for add or replace operations. + Requires minimum version of 10.4 + String - SwitchParameter + String - False + None - - ID + + InputObject - The unique ID number of the platform to delete. + Receives object from pipeline. - Int32 + PSObject - Int32 + PSObject - 0 + None WhatIf @@ -32110,29 +40481,44 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - Remove-PASPlatform - - GroupPlatform + Set-PASAccount + + AccountID - Specify if ID relates to Group platform + The unique ID of the account to update. + As returned by by Get-PASAccount + String - SwitchParameter + String - False + None - ID + operations - The unique ID number of the platform to delete. + A collection of update actions to perform, must include op, path & value (except where action is remove). + Requires minimum version of 10.4 - Int32 + Hashtable[] - Int32 + Hashtable[] - 0 + None + + + InputObject + + Receives object from pipeline. + + PSObject + + PSObject + + + None WhatIf @@ -32158,220 +40544,50 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - Remove-PASPlatform - - RotationalGroup + Set-PASAccount + + AccountID - Specify if ID relates to Rotational Group platform + The unique ID of the account to update. + As returned by by Get-PASAccount + String - SwitchParameter + String - False + None - ID - - The unique ID number of the platform to delete. - - Int32 - - Int32 - - - 0 - - - WhatIf + Folder - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The folder where the account is stored. + String - SwitchParameter + String - False + None - - Confirm + + AccountName - Prompts you for confirmation before running the cmdlet. + The name of the account + String - SwitchParameter - - - False - - - - - - TargetPlatform - - Specify if ID relates to Target platform - - SwitchParameter - - SwitchParameter - - - False - - - DependentPlatform - - Specify if ID relates to Dependent platform - - SwitchParameter - - SwitchParameter - - - False - - - GroupPlatform - - Specify if ID relates to Group platform - - SwitchParameter - - SwitchParameter - - - False - - - RotationalGroup - - Specify if ID relates to Rotational Group platform - - SwitchParameter - - SwitchParameter - - - False - - - ID - - The unique ID number of the platform to delete. - - Int32 - - Int32 - - - 0 - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - PAS 11.4 minimum - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASPlatform -TargetPlatform -ID 9 - - Deletes Target Platform with ID of 9 - - - - -------------------------- EXAMPLE 2 -------------------------- - Remove-PASPlatform -DependentPlatform -ID 9 - - Deletes Dependent Platform with ID of 9 - - - - -------------------------- EXAMPLE 3 -------------------------- - Remove-PASPlatform -GroupPlatform -ID 39 - - Deletes Group Platform with ID of 39 - - - - -------------------------- EXAMPLE 4 -------------------------- - Remove-PASPlatform -RotationalGroup -ID 59 - - Deletes Rotational Group Platform with ID of 59 - - - - - - https://pspas.pspete.dev/commands/Remove-PASPlatform - https://pspas.pspete.dev/commands/Remove-PASPlatform - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-target-platform.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-target-platform.htm - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-dependent-platform.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-dependent-platform.htm - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-goup-platform.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-goup-platform.htm - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-rotational-group-platform.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-delete-rotational-group-platform.htm - - - - - - Remove-PASPolicyACL - Remove - PASPolicyACL - - Delete all privileged commands on policy - - - - Deletes all privileged command rules associated with the policy - Not supported in Privilege Cloud - - - - Remove-PASPolicyACL - - PolicyID + String + + + None + + + DeviceType - String value of Policy ID + The devicetype assigned to the account. + Ensure all required parameters are specified. + Different device types require different parameters String @@ -32380,10 +40596,63 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - Id + + PlatformID - The Rule Id that will be deleted + The CyberArk platform assigned to the account + Ensure all required parameters are specified. + Different platforms require different parameters + + String + + String + + + None + + + Address + + The Name or Address of the machine where the account will be used + + String + + String + + + None + + + UserName + + The Username on the target machine + + String + + String + + + None + + + GroupName + + A groupname with which the account will be associated + The name of the group with which the account is associated. + To create a new group, specify the group platform ID in the GroupPlatformID property, then specify the group name. + The group will then be created automatically. + + String + + String + + + None + + + GroupPlatformID + + GroupPlatformID is required if account is to be moved to a new group. String @@ -32392,6 +40661,31 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None + + Properties + + Hashtable of name=value pairs. + Specify properties to update. + + Hashtable + + Hashtable + + + @{ } + + + InputObject + + Receives object from pipeline. + + PSObject + + PSObject + + + None + WhatIf @@ -32417,10 +40711,11 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - PolicyID + + AccountID - String value of Policy ID + The unique ID of the account to update. + As returned by by Get-PASAccount String @@ -32429,10 +40724,11 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - Id + + op - The Rule Id that will be deleted + The operation to perform (add, remove, replace). + Requires minimum version of 10.4 String @@ -32441,242 +40737,75 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + path - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The path of the property to update, for instance /address or /name. + Requires minimum version of 10.4 - SwitchParameter + String - SwitchParameter + String - False + None - - Confirm + + value - Prompts you for confirmation before running the cmdlet. + The new property value for add or replace operations. + Requires minimum version of 10.4 - SwitchParameter + String - SwitchParameter + String - False + None - - - - - - - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASPolicyACL -PolicyID UNIXSSH -Id 13 - - Deletes Rule with ID of 13 from UNIXSSH platform. - - - - - - https://pspas.pspete.dev/commands/Remove-PASPolicyACL - https://pspas.pspete.dev/commands/Remove-PASPolicyACL - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Policy%20ACL.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Policy%20ACL.htm - - - - - - Remove-PASPrivateSSHKey - Remove - PASPrivateSSHKey - - Deletes an MFA caching SSH key. - - - - Deletes an MFA caching SSH key for connecting to targets via PSM for SSH. Either deletes your key, or the key for another specific user. If deleting a key for another user, the user who runs this command must be at the same vault location level or higher, and requires the "Reset Users' Passwords" permission in the Vault. - Requires CyberArk Version 12.1 or higher. - - - - Remove-PASPrivateSSHKey - - UserID - - The numerical id of the user to delete the key for. - - Int32 - - Int32 - - - 0 - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - - - - UserID + + operations - The numerical id of the user to delete the key for. + A collection of update actions to perform, must include op, path & value (except where action is remove). + Requires minimum version of 10.4 - Int32 + Hashtable[] - Int32 + Hashtable[] - 0 + None - - Confirm + + Folder - Prompts you for confirmation before running the cmdlet. + The folder where the account is stored. - SwitchParameter + String - SwitchParameter + String - False + None - - WhatIf + + AccountName - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The name of the account - SwitchParameter + String - SwitchParameter + String - False + None - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Remove-PASPrivateSSHKey - - Deletes your MFA caching SSH key. - - - - -------------------------- Example 2 -------------------------- - PS C:\> Remove-PASPrivateSSHKey -UserID 646 - - Deletes MFA caching SSH key for user with id 646. - - - - - - https://pspas.pspete.dev/commands/Remove-PASPrivateSSHKey - https://pspas.pspete.dev/commands/Remove-PASPrivateSSHKey - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key.htm - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key%20for%20another%20user.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20MFA%20caching%20SSH%20key%20for%20another%20user.htm - - - - - - Remove-PASPTAExcludedTarget - Remove - PASPTAExcludedTarget - - Removes excluded target from PTA - - - - Remove configured excluded target - - - - Remove-PASPTAExcludedTarget - - ID - - The ID of the Excluded Target to remove - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - - - - ID + + DeviceType - The ID of the Excluded Target to remove + The devicetype assigned to the account. + Ensure all required parameters are specified. + Different device types require different parameters String @@ -32685,118 +40814,92 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + PlatformID - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The CyberArk platform assigned to the account + Ensure all required parameters are specified. + Different platforms require different parameters - SwitchParameter + String - SwitchParameter + String - False + None - - Confirm + + Address - Prompts you for confirmation before running the cmdlet. + The Name or Address of the machine where the account will be used - SwitchParameter + String - SwitchParameter + String - False + None - - - - - - - - - - - -------------------------- Example 1 -------------------------- - Remove-PASPTAExcludedTarget -ID 65b6aa31721d9b5f3a56ca7e - - Removes excluded target matching ID - - - - - - https://pspas.pspete.dev/commands/Remove-PASPTAExcludedTarget - https://pspas.pspete.dev/commands/Remove-PASPTAExcludedTarget - - - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm - - - - - - Remove-PASPTAIncludedTarget - Remove - PASPTAIncludedTarget - - Remove PTA included target - - - - Remove configured included target from PTA - - - - Remove-PASPTAIncludedTarget - - ID - - The ID of the target to remove - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - - - - ID + + UserName + + The Username on the target machine + + String + + String + + + None + + + GroupName + + A groupname with which the account will be associated + The name of the group with which the account is associated. + To create a new group, specify the group platform ID in the GroupPlatformID property, then specify the group name. + The group will then be created automatically. + + String + + String + + + None + + + GroupPlatformID + + GroupPlatformID is required if account is to be moved to a new group. + + String + + String + + + None + + + Properties + + Hashtable of name=value pairs. + Specify properties to update. + + Hashtable + + Hashtable + + + @{ } + + + InputObject - The ID of the target to remove + Receives object from pipeline. - String + PSObject - String + PSObject None @@ -32830,48 +40933,98 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - + Dependencies (usages) cannot be updated. Accounts that do not have a policy ID cannot be updated. + To update account properties, "Update password properties" permission is required. To rename accounts, "Rename accounts" permission is required. To move accounts to a different folder, Move accounts/folders permission is required. - -------------------------- Example 1 -------------------------- - Remove-PASPTAIncludedTarget -ID 65b6aa31721d9b5f3a56ca7e + -------------------------- EXAMPLE 1 -------------------------- + Set-PASAccount -AccountID 27_4 -op replace -path "/address" -value "NewAddress" - Removes included target matching ID + Replaces the current address value with NewAddress + Requires minimum version of 10.4 + + + + -------------------------- EXAMPLE 2 -------------------------- + Set-PASAccount -AccountID 27_4 -op remove -path "/platformAccountProperties/UserDN" + + Removes UserDN property set on account + Requires minimum version of 10.4 + + + + -------------------------- EXAMPLE 3 -------------------------- + $actions += @{"op"="Add";"path"="/platformAccountProperties/UserDN";"value"="SomeDN"} + +$actions += @{"op"="Replace";"path"="/Name";"value"="SomeName"} + +Set-PASAccount -AccountID 27_4 -operations $actions + + Performs the update operations contained in the $actions array against the account + Requires minimum version of 10.4 + + + + -------------------------- EXAMPLE 4 -------------------------- + Get-PASAccount DBUser | Set-PASAccount -Properties @{"DSN"="myDSN"} + + Sets DSN value on matched account dbUser + Requires minimum version of 10.4 + + + + -------------------------- EXAMPLE 5 -------------------------- + Set-PASAccount -AccountID 21_3 -Folder Root -AccountName NewName ` +-DeviceType Database -PlatformID Oracle -Address dbServer.domain.com -UserName DBUser + + Will set the AccountName of account with AccountID of 21_3 to "NewName". Any/All additional properties of the account which are not specified via parameters will be cleared Not supported in Privilege Cloud + + + + -------------------------- EXAMPLE 6 -------------------------- + $actions = @() +$props = @{"port"="5022";"UserDN"="SomeDN";"LogonDomain"="SomeDomain"} +$actions += @{"op"="add";"path"="/platformAccountProperties";"value"=$props} +Set-PASAccount -AccountID 29_3 -operations $actions + + Adds multiple values to categories under the platformAccountProperties path. + Requires minimum version of 10.4 - https://pspas.pspete.dev/commands/Remove-PASPTAIncludedTarget - https://pspas.pspete.dev/commands/Remove-PASPTAIncludedTarget + https://pspas.pspete.dev/commands/Set-PASAccount + https://pspas.pspete.dev/commands/Set-PASAccount - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/UpdateAccount%20v10.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/UpdateAccount%20v10.htm - Remove-PASPTAPrivilegedGroup - Remove - PASPTAPrivilegedGroup + Set-PASAuthenticationMethod + Set + PASAuthenticationMethod - Deletes PTA configured privileged group + Updates an authentication method - Delete privileged group configured in PTA + Updates authentication method. + Membership of Vault admins group required. - Remove-PASPTAPrivilegedGroup + Set-PASAuthenticationMethod ID - The ID of the group configuration to delete + The authentication module unique identifier. String @@ -32880,114 +41033,46 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + displayName - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The display name of the authentication method. + String - SwitchParameter + String + + + None + + + enabled + + Whether or not the authentication method is enabled for use. + + Boolean + + Boolean False - - Confirm + + mobileEnabled - Prompts you for confirmation before running the cmdlet. + Whether or not the authentication method is available from the mobile application. + Boolean - SwitchParameter + Boolean False - - - - - ID - - The ID of the group configuration to delete - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - Remove-PASPTAPrivilegedGroup -ID 65b6aa31721d9b5f3a56ca7e - - Deletes group configuration matching ID - - - - - - https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedGroup - https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedGroup - - - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm - - - - - - Remove-PASPTAPrivilegedUser - Remove - PASPTAPrivilegedUser - - Delete configured privileged user from PTA - - - - Deletes configured privileged user from PTA - - - - Remove-PASPTAPrivilegedUser - - ID + + logoffUrl - The ID of the user configuration to delete + The logoff page URL of the third-party server. String @@ -32996,118 +41081,37 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - WhatIf + + secondFactorAuth - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Defines which second factor authentication to use when connecting to the Vault. + An empty value will disable the second factor authentication. + String - SwitchParameter + String - False + None - - Confirm + + signInLabel - Prompts you for confirmation before running the cmdlet. + Defines the sign-in text for this authentication method. + Relevant only for CyberArk, RADIUS and LDAP authentication methods. + String - SwitchParameter + String - False + None - - - - - ID - - The ID of the user configuration to delete - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - Remove-PASPTAPrivilegedUser -ID 65b6aa31721d9b5f3a56ca7e - - Deletes user configuration matching ID - - - - - - https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedUser - https://pspas.pspete.dev/commands/Remove-PASPTAPrivilegedUser - - - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/DeleteSecurity.htm - - - - - - Remove-PASPublicSSHKey - Remove - PASPublicSSHKey - - Deletes a specific Public SSH Key from a specific vault user. - - - - Deletes an authorized public SSH key for a specific user in the Vault, preventing them from authenticating to the Vault through PSMP using a corresponding private SSH key. - "Reset Users Passwords" Vault permission is required. - The authenticated user who runs this function must be in the same Vault Location or higher as the user whose public SSH keys are deleted. - A user cannot manage their own public SSH keys. - - - - Remove-PASPublicSSHKey - - UserName + + usernameFieldLabel - The username of the Vault user whose public SSH keys will be added - A username cannot contain the following characters: "%", "&", "+" or ".". + Defines the label of the username field for this authentication method. + Relevant only for CyberArk, RADIUS, and LDAP authentication methods. String @@ -33116,10 +41120,11 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - KeyID + + passwordFieldLabel - The ID of the public SSH key to delete. + Defines the label of the password field for this authentication method. + Relevant only for CyberArk, RADIUS, and LDAP authentication methods. String @@ -33154,10 +41159,9 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - UserName + ID - The username of the Vault user whose public SSH keys will be added - A username cannot contain the following characters: "%", "&", "+" or ".". + The authentication module unique identifier. String @@ -33166,10 +41170,98 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - KeyID + + displayName - The ID of the public SSH key to delete. + The display name of the authentication method. + + String + + String + + + None + + + enabled + + Whether or not the authentication method is enabled for use. + + Boolean + + Boolean + + + False + + + mobileEnabled + + Whether or not the authentication method is available from the mobile application. + + Boolean + + Boolean + + + False + + + logoffUrl + + The logoff page URL of the third-party server. + + String + + String + + + None + + + secondFactorAuth + + Defines which second factor authentication to use when connecting to the Vault. + An empty value will disable the second factor authentication. + + String + + String + + + None + + + signInLabel + + Defines the sign-in text for this authentication method. + Relevant only for CyberArk, RADIUS and LDAP authentication methods. + + String + + String + + + None + + + usernameFieldLabel + + Defines the label of the username field for this authentication method. + Relevant only for CyberArk, RADIUS, and LDAP authentication methods. + + String + + String + + + None + + + passwordFieldLabel + + Defines the label of the password field for this authentication method. + Relevant only for CyberArk, RADIUS, and LDAP authentication methods. String @@ -33213,45 +41305,103 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASPublicSSHKey -UserName Splitter -KeyID 415161FE8F2B408BB76BC244258C3697 + Set-PASAuthenticationMethod -id SomeID -enabled $false - Deletes specified ssh key from vault user "Splitter" + Disable authentication method "SomeID" - https://pspas.pspete.dev/commands/Remove-PASPublicSSHKey - https://pspas.pspete.dev/commands/Remove-PASPublicSSHKey + https://pspas.pspete.dev/commands/Set-PASAuthenticationMethod + https://pspas.pspete.dev/commands/Set-PASAuthenticationMethod - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Public%20SSH%20Key.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Public%20SSH%20Key.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Update_Authentication_method.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Update_Authentication_method.htm - Remove-PASRequest - Remove - PASRequest + Set-PASDependentAccount + Set + PASDependentAccount - Deletes a request from the Vault + Updates a Dependent Account - Deletes a request from the Vault. - The "Manage" Safe vault permission is required. - Officially supported from version 9.10. - Reports received that function works in 9.9 also. + Updates an existing dependent account. + Requires the Update account properties permission for the Account. - Remove-PASRequest - - RequestID + Set-PASDependentAccount + + accountId - The ID (composed of the Safe Name and internal RequestID) of the request to delete. + The account ID of the master account + + String + + String + + + None + + + dependentAccountId + + The unique ID of the dependent account + + String + + String + + + None + + + name + + The name of the dependent account + + String + + String + + + None + + + platformAccountProperties + + Hashtable of mandatory and optional parameters of the dependent account, based on the platform. + + Hashtable + + Hashtable + + + None + + + automaticManagementEnabled + + Whether the account secret is automatically managed by the CPM + + Boolean + + Boolean + + + False + + + manualManagementReason + + The reason for disabling automatic secret management String @@ -33285,10 +41435,70 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - RequestID + + accountId + + The account ID of the master account + + String + + String + + + None + + + dependentAccountId - The ID (composed of the Safe Name and internal RequestID) of the request to delete. + The unique ID of the dependent account + + String + + String + + + None + + + name + + The name of the dependent account + + String + + String + + + None + + + platformAccountProperties + + Hashtable of mandatory and optional parameters of the dependent account, based on the platform. + + Hashtable + + Hashtable + + + None + + + automaticManagementEnabled + + Whether the account secret is automatically managed by the CPM + + Boolean + + Boolean + + + False + + + manualManagementReason + + The reason for disabling automatic secret management String @@ -33331,46 +41541,47 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - -------------------------- EXAMPLE 1 -------------------------- - " + -------------------------- Example 1 -------------------------- + PS C:\> Set-PASDependentAccount -accountId 123_45 -dependentAccountId 123_560 -name SomeNewName + -platformAccountProperties @{"Property"="Value"} -automaticManagementEnabled $false + -manualManagementReason "Some Reason" - Deletes Request <ID> + Updates the Dependent Account with the specified values - https://pspas.pspete.dev/commands/Remove-PASRequest - https://pspas.pspete.dev/commands/Remove-PASRequest + https://pspas.pspete.dev/commands/Set-PASDependentAccount + https://pspas.pspete.dev/commands/Set-PASDependentAccount - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMyRequest.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/DeleteMyRequest.htm + (https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-dependent-account.htm) + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-dependent-account.htm - Remove-PASSafe - Remove - PASSafe + Set-PASDirectoryMapping + Set + PASDirectoryMapping - Deletes a safe from the Vault + Updates an existing Directory Mapping for a directory - Deletes a safe from the Vault. - The "Manage" Safe vault permission is required. - Default operation requires CyberArk version 12.1+. - For earlier versions, the Gen1 API switch must be specified. + Updates a directory mapping. + Membership of the Vault Admins group required. + Minimum required version 10.7 - Remove-PASSafe + Set-PASDirectoryMapping - SafeName + DirectoryName - The name of the safe to delete. + The name of the directory the mapping is for. String @@ -33379,23 +41590,140 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - UseGen1API + + UserActivityLogPeriod - Forces use of the Gen1 API endpoint - Should be specified for PAS versions earlier than 12.1 + Retention period in days for user activity logs + Minimum required version 10.10 + Int32 - SwitchParameter + Int32 - False + 0 + + + MappingID + + The ID of the Directory Mapping to Update + + String + + String + + + None + + + MappingName + + The name of the PAS role that will be created. + + String + + String + + + None + + + LDAPBranch + + The LDAP branch that will be used for external directory queries + + String + + String + + + None + + + DomainGroups + + Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system. + + String[] + + String[] + + + None + + + VaultGroups + + A list of Vault groups that a mapped user will be added to. + + String[] + + String[] + + + None + + + Location + + The path of the Vault location that mapped users are added under. + This value cannot be updated. + + String + + String + + + None + + + LDAPQuery + + Match LDAP query results to mapping + + String + + String + + + None + + + MappingAuthorizations + + Specify authorizations that will be applied when an LDAP User Account is created in the Vault. + To apply specific authorizations to a mapping, the user must have the same authorizations. + Possible authorizations: - AddSafes + - AuditUsers + - AddUpdateUsers + - ResetUsersPasswords + - ActivateUsers + - ManageServerFileCategories + - BackupAllSafes + - RestoreAllSafes + + + AddUpdateUsers + AddSafes + AddNetworkAreas + ManageServerFileCategories + AuditUsers + BackupAllSafes + RestoreAllSafes + ResetUsersPasswords + ActivateUsers + + Authorizations + + Authorizations + + + None WhatIf - Shows what would happen if the cmdlet runs. - The cmdlet is not run. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -33414,13 +41742,65 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False + + AuthorizedInterfaces + + Sets the authorized interface from the available interfaces defined by the license. + Requires 14.0 + + String[] + + String[] + + + None + + + EnableENEWhenDisconnected + + Whether or not to monitor this user type's activity. + Requires 14.0 + + Boolean + + Boolean + + + None + + + UsedQuota + + Sets the disk quota allocated to the user in MB. + Requires 14.0 + + Int32 + + Int32 + + + None + + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Requires 14.4 + + String[] + + String[] + + + None + - SafeName + DirectoryName - The name of the safe to delete. + The name of the directory the mapping is for. String @@ -33429,24 +41809,129 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - UseGen1API + + MappingID - Forces use of the Gen1 API endpoint - Should be specified for PAS versions earlier than 12.1 + The ID of the Directory Mapping to Update - SwitchParameter + String - SwitchParameter + String - False + None + + + MappingName + + The name of the PAS role that will be created. + + String + + String + + + None + + + LDAPBranch + + The LDAP branch that will be used for external directory queries + + String + + String + + + None + + + DomainGroups + + Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system. + + String[] + + String[] + + + None + + + VaultGroups + + A list of Vault groups that a mapped user will be added to. + + String[] + + String[] + + + None + + + Location + + The path of the Vault location that mapped users are added under. + This value cannot be updated. + + String + + String + + + None + + + LDAPQuery + + Match LDAP query results to mapping + + String + + String + + + None + + + MappingAuthorizations + + Specify authorizations that will be applied when an LDAP User Account is created in the Vault. + To apply specific authorizations to a mapping, the user must have the same authorizations. + Possible authorizations: - AddSafes + - AuditUsers + - AddUpdateUsers + - ResetUsersPasswords + - ActivateUsers + - ManageServerFileCategories + - BackupAllSafes + - RestoreAllSafes + + Authorizations + + Authorizations + + + None + + + UserActivityLogPeriod + + Retention period in days for user activity logs + Minimum required version 10.10 + + Int32 + + Int32 + + + 0 WhatIf - Shows what would happen if the cmdlet runs. - The cmdlet is not run. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -33467,6 +41952,58 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False + + AuthorizedInterfaces + + Sets the authorized interface from the available interfaces defined by the license. + Requires 14.0 + + String[] + + String[] + + + None + + + EnableENEWhenDisconnected + + Whether or not to monitor this user type's activity. + Requires 14.0 + + Boolean + + Boolean + + + None + + + UsedQuota + + Sets the disk quota allocated to the user in MB. + Requires 14.0 + + Int32 + + Int32 + + + None + + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Requires 14.4 + + String[] + + String[] + + + None + @@ -33478,51 +42015,65 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASSafe -SafeName OLD_Safe + Get-PASDirectoryMapping -DirectoryName $Directory -MappingID $ID | + +Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpdateUsers, AuditUsers - Deletes "OLD_Safe" + Configures the AddUpdateUsers & AuditUsers authorisations on the mapping. + Minimum required version 10.7 -------------------------- EXAMPLE 2 -------------------------- - Remove-PASSafe -SafeName OLD_Safe -UseGen1API + Set-PASDirectoryMapping -DirectoryName $DirectoryName -MappingID $MappingID -MappingName $MappingName -LDAPBranch $LDAPBranch ` +-MappingAuthorizations AddUpdateUsers, ActivateUsers & ResetUsersPasswords - Deletes "OLD_Safe" using the Gen1 API + Sets AddUpdateUsers, ActivateUsers & ResetUsersPasswords authorisations on the directory mapping + Minimum required version 10.7 + + + + -------------------------- EXAMPLE 3 -------------------------- + Set-PASDirectoryMapping -DirectoryName $DirectoryName -MappingID $MappingID -MappingName $MappingName -LDAPBranch $LDAPBranch ` +-UserActivityLogPeriod 365 + + Sets UserActivityLogPeriod for the mapping to 365 + Minimum required version 10.10 - https://pspas.pspete.dev/commands/Remove-PASSafe - https://pspas.pspete.dev/commands/Remove-PASSafe + https://pspas.pspete.dev/commands/Set-PASDirectoryMapping + https://pspas.pspete.dev/commands/Set-PASDirectoryMapping - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm - Remove-PASSafeMember - Remove - PASSafeMember + Set-PASDirectoryMappingOrder + Set + PASDirectoryMappingOrder - Removes a member from a safe + Changes the order of directory mappings for a directory - Removes a specific member from a Safe. - The user who runs this function requires the ManageSafeMembers permission. - Default operation against Gen2 API requires minimum version of 12.2 + Updates the order of all a directories mappings. + Requires membership of Vault Admins group & "Audit users", "Add/Update users" & "Manage Directory mappings" authorizations. + Minimum version 10.10 - Remove-PASSafeMember + Set-PASDirectoryMappingOrder - SafeName + DirectoryName - The name of the safe from which to remove the member. + The name of the directory String @@ -33531,33 +42082,22 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - MemberName + + MappingsOrder - The name of the safe member to remove from the safes list of members. + The MappingID of each directory mapping, in the order they should be applied. - String + Int32[] - String + Int32[] None - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm + WhatIf - Prompts you for confirmation before running the cmdlet. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -33565,12 +42105,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - UseGen1API + + Confirm - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 12.2 - Is not supported for Privilege Cloud + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -33582,9 +42120,9 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - SafeName + DirectoryName - The name of the safe from which to remove the member. + The name of the directory String @@ -33593,14 +42131,14 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - MemberName + + MappingsOrder - The name of the safe member to remove from the safes list of members. + The MappingID of each directory mapping, in the order they should be applied. - String + Int32[] - String + Int32[] None @@ -33629,20 +42167,6 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - UseGen1API - - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 12.2 - Is not supported for Privilege Cloud - - SwitchParameter - - SwitchParameter - - - False - @@ -33654,65 +42178,55 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASSafeMember -SafeName TargetSafe -MemberName TargetUser - - Removes TargetUser as safe member from TargetSafe using Gen2 API - Requires minimum version 12.2 - - - - -------------------------- EXAMPLE 2 -------------------------- - Remove-PASSafeMember -SafeName TargetSafe -MemberName TargetUser -UseGen1API + Set-PASDirectoryMappingOrder -DirectoryName "DOMAIN.COM" -MappingsOrder 39,43,41,669,668,667 - Removes TargetUser as safe member from TargetSafe using Gen1 API + Sets the order of the directory mappings for directory "DOMAIN.COM" - https://pspas.pspete.dev/commands/Remove-PASSafeMember - https://pspas.pspete.dev/commands/Remove-PASSafeMember + https://pspas.pspete.dev/commands/Set-PASDirectoryMappingOrder + https://pspas.pspete.dev/commands/Set-PASDirectoryMappingOrder - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe%20Member.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Delete%20Safe%20Member.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-reorder-map.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-reorder-map.htm - Remove-PASUser - Remove - PASUser + Set-PASGroup + Set + PASGroup - Deletes a vault user + Renames a Vault group - Deletes an existing user from the vault - Default operation using the Gen2 API requires minimum version of 11.1 + Updates a Vault group. The authenticated user requires the following permissions: - Add\Update users + Requires CyberArk Version 12.0+ - Remove-PASUser - - id + Set-PASGroup + + GroupName - The numeric id of the user to delete. - Minimum required version 11.1 + A new name for the group - Int32 + String - Int32 + String - 0 + None WhatIf - Shows what would happen if the cmdlet runs. - The cmdlet is not run. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -33731,66 +42245,25 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - - Remove-PASUser - - UserName + + ID - The name of the user to delete from the vault - Should be specified for versions earlier than 11.1 + The Group ID - String + Int32 - String + Int32 None - - WhatIf - - Shows what would happen if the cmdlet runs. - The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - id - - The numeric id of the user to delete. - Minimum required version 11.1 - - Int32 - - Int32 - - - 0 - - - UserName + + GroupName - The name of the user to delete from the vault - Should be specified for versions earlier than 11.1 + A new name for the group String @@ -33802,8 +42275,7 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - WhatIf - Shows what would happen if the cmdlet runs. - The cmdlet is not run. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -33824,80 +42296,14 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - - - - - - - - - - -------------------------- EXAMPLE 1 -------------------------- - Remove-PASUser -id 1234 - - Deletes vault user with id 1234 - Minimum required version 11.1 - - - - -------------------------- EXAMPLE 2 -------------------------- - Remove-PASUser -UserName This_User - - Deletes vault user "This_User" - - - - - - https://pspas.pspete.dev/commands/Remove-PASUser - https://pspas.pspete.dev/commands/Remove-PASUser - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Users%20Web%20Services%20-%20Delete%20User.htm - - - - - - Request-PASJustInTimeAccess - Request - PASJustInTimeAccess - - Requests JIT access to a target Windows machine - - - - Requests and receives access, with administrative rights, to a target Windows machine. The domain user who requests access will be added to the local Administrators group of the target machine. - - - - Request-PASJustInTimeAccess - - AccountID - - The ID of the local account that will be used to add the logged on user to the Administrators group on the target machine. - - String - - String - - - None - - - - - - AccountID + + ID - The ID of the local account that will be used to add the logged on user to the Administrators group on the target machine. + The Group ID - String + Int32 - String + Int32 None @@ -33913,46 +42319,50 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - -------------------------- EXAMPLE 1 -------------------------- - Request-PASJustInTimeAccess -AccountID 36_3 + PS C:\> Set-PASGroup -GroupID 420 -GroupName SomeName - Requests JIT access on the server for which the account with id 36_3 is a local account with local admin membership. + Renames group with id 420 to "SomeName" - https://pspas.pspete.dev/commands/Request-PASJustInTimeAccess - https://pspas.pspete.dev/commands/Request-PASJustInTimeAccess + https://pspas.pspete.dev/commands/Set-PASGroup + https://pspas.pspete.dev/commands/Set-PASGroup - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.0/en/Content/WebServices/Update-group.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.0/en/Content/WebServices/Update-group.htm - Resume-PASPSMSession - Resume - PASPSMSession + Set-PASIPAllowList + Set + PASIPAllowList - Resumes a Suspended PSM Session. + Update the list of allowed IP addresses for connector communication to the Privilege Cloud SaaS environment. - Resumes a suspended, active PSM session, identified by the unique ID of the PSM Session, allowing a privileged user to continue working. + Configuration erases everything that was previously configured. In order to keep your current configuration, add the existing IP addresses to the list. An empty list will remove all the current IP addresses. + Configuration can take up to 10 minutes. You cannot trigger a new process when there is a process running. To verify, run the `Get-PASIPAllowList` CmdLet and check that the updateInProgress parameter property is false. + Requires one of the following roles: - Privilege Cloud Administrator + - Privilege Cloud Administrator Basic + - Privilege Cloud Administrator Lite - Resume-PASPSMSession - - LiveSessionId + Set-PASIPAllowList + + customerPublicIPs - The unique ID/SessionGuid of a Suspended PSM Session. + List of IP addresses and subnets separated by commas - String + String[] - String + String[] None @@ -33982,14 +42392,14 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - LiveSessionId + + customerPublicIPs - The unique ID/SessionGuid of a Suspended PSM Session. + List of IP addresses and subnets separated by commas - String + String[] - String + String[] None @@ -34023,48 +42433,50 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - Minimum CyberArk Version 10.2 + -------------------------- EXAMPLE 1 -------------------------- - Resume-PASPSMSession -LiveSessionId $SessionUUID + Set-PASIPAllowList -customerPublicIPs '10.66.19.45/32','19.79.19.79/22','194.2.192.5/32','201.3.201.3/24' - Terminates Live PSM Session identified by the session UUID. + Configures the IP Allow List with the specified addresses - https://pspas.pspete.dev/commands/Resume-PASPSMSession - https://pspas.pspete.dev/commands/Resume-PASPSMSession + https://pspas.pspete.dev/commands/Set-PASIPAllowList + https://pspas.pspete.dev/commands/Set-PASIPAllowList - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Suspend-ResumeSession.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Suspend-ResumeSession.htm + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/PrivilegeCloudAPIs/PrivCloud-IP-allowlist-Configure-API.htm + https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/PrivilegeCloudAPIs/PrivCloud-IP-allowlist-Configure-API.htm - Revoke-PASJustInTimeAccess - Revoke - PASJustInTimeAccess + Set-PASLinkedAccount + Set + PASLinkedAccount - Revoke JIT access to a target Windows machine + Associates a linked account to an existing account. - Requests and receives access, with administrative rights, to a target Windows machine. The domain user who issuing the command will be removed from the local Administrators group of the target machine. + Associates a Reconcile account, Logon account, or other type of linked account that is defined in the platform configuration. + Requires the following Safe member authorizations: - List accounts - Required for both the Safe of the linked account and the Safe of the source account. - Update account properties. - Require for the Safe of the source account + Requires CyberArk Version 12.1+ - Revoke-PASJustInTimeAccess + Set-PASLinkedAccount AccountID - The ID of the local account that will be used to remove the authenticated user from the Administrators group on the target machine. + The AccountID of the account to associate a linked account to. String @@ -34073,75 +42485,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - - - - AccountID - - The ID of the local account that will be used to remove the authenticated user from the Administrators group on the target machine. - - String - - String - - - None - - - - - - - - - - - - -------------------------- EXAMPLE 1 -------------------------- - Revoke-PASJustInTimeAccess -AccountID 36_3 - - Revokes JIT access on the server for which the account with id 36_3 is a local account with local admin membership. - - - - - - https://pspas.pspete.dev/commands/Revoke-PASJustInTimeAccess - https://pspas.pspete.dev/commands/Revoke-PASJustInTimeAccess - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/GetAccess.htm - - - - - - Set-PASAccount - Set - PASAccount - - Updates an existing accounts details. - - - - Updates an existing accounts details. - Default operation using the Gen2 API requires minimum version fo 10.4 - When using the Gen1 API: - - It is not supported in Privilege Cloud - - All of the account's property details MUST be passed to the function. - - Any current properties of the account not sent as part of the request will be removed - from the account. - To change a property value not exposed via a named parameter, pass the property name and updated value to the function via the Properties parameter. - If changing the name or folder of a service account that has multiple dependencies (usages), the connection between it and its dependencies will be automatically maintained. - If changing the name or folder of an account that is linked to another account (whether logon, reconciliation or verification), the links will be automatically updated. - - - - Set-PASAccount - - AccountID + + safe - The unique ID of the account to update. - As returned by by Get-PASAccount + The Safe in which the linked account is stored. String @@ -34150,11 +42497,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - op + + extraPasswordIndex - The operation to perform (add, remove, replace). - Requires minimum version of 10.4 + The linked account's extra password index (1,2, or 3). String @@ -34163,11 +42509,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - path + + name - The path of the property to update, for instance /address or /name. - Requires minimum version of 10.4 + The accountname of the linked account. String @@ -34176,11 +42521,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - value + + folder - The new property value for add or replace operations. - Requires minimum version of 10.4 + The folder in which the linked account is stored in it's safe. String @@ -34189,18 +42533,6 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - None - - InputObject - - Receives object from pipeline. - - PSObject - - PSObject - - - None - WhatIf @@ -34224,216 +42556,333 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False + + + + AccountID + + The AccountID of the account to associate a linked account to. + + String + + String + + + None + + + safe + + The Safe in which the linked account is stored. + + String + + String + + + None + + + extraPasswordIndex + + The linked account's extra password index (1,2, or 3). + + String + + String + + + None + + + name + + The accountname of the linked account. + + String + + String + + + None + + + folder + + The folder in which the linked account is stored in it's safe. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + PS C:\> Set-PASLinkedAccount -AccountID 29_4 -safe Some_Safe -extraPasswordIndex 1 -name SomeAdmin -folder root + + Adds "SomeAdmin" account from "Some_Safe" as the logon account for account with id 29_4 + + + + -------------------------- EXAMPLE 2 -------------------------- + PS C:\> Set-PASLinkedAccount -AccountID 29_4 -safe Some_Safe -extraPasswordIndex 2 -name SomeAccount -folder root + + Adds "SomeAccount" account from "Some_Safe" as the extrapass2 account for account with id 29_4 + + + + -------------------------- EXAMPLE 3 -------------------------- + PS C:\> Set-PASLinkedAccount -AccountID 29_4 -safe Some_Safe -extraPasswordIndex 3 -name SomeReconcile -folder root + + Adds "SomeReconcile" account from "Some_Safe" as the reconcile account for account with id 29_4 + + + + + + https://pspas.pspete.dev/commands/Set-PASLinkedAccount + https://pspas.pspete.dev/commands/Set-PASLinkedAccount + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Link-account.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Link-account.htm + + + + + + Set-PASMasterPolicy + Set + PASMasterPolicy + + Updates Master Policy + + + + Allows a Vault Admin to update Master Policy Settings + + - Set-PASAccount - - AccountID + Set-PASMasterPolicy + + DualControl - The unique ID of the account to update. - As returned by by Get-PASAccount + Set Dual control policy. - String + Boolean - String + Boolean None - - operations + + MultiLevelApproval - A collection of update actions to perform, must include op, path & value (except where action is remove). - Requires minimum version of 10.4 + Configure Multi-level approvals. - Hashtable[] + Boolean - Hashtable[] + Boolean None - - InputObject + + PasswordChangeDays - Receives object from pipeline. + Password change frequency policy. - PSObject + Int32 - PSObject + Int32 None - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - Confirm + + PasswordVerificationDays - Prompts you for confirmation before running the cmdlet. + Password verification frequency policy. + Int32 - SwitchParameter + Int32 - False + None - - - Set-PASAccount - - AccountID + + RequireMonitoringAndIsolation - The unique ID of the account to update. - As returned by by Get-PASAccount + Require monitoring and isolation policy. - String + Boolean - String + Boolean None - - Folder + + RecordActivity - The folder where the account is stored. + Record activity policy. - String + Boolean - String + Boolean None - - AccountName + + RetentionPeriod - The name of the account + Retention period policy. - String + Int32 - String + Int32 None - - DeviceType + + OnlyManagersApproval - The devicetype assigned to the account. - Ensure all required parameters are specified. - Different device types require different parameters + Configure approval by managers only policy. - String + Boolean - String + Boolean None - - PlatformID + + ConfirmersNumber - The CyberArk platform assigned to the account - Ensure all required parameters are specified. - Different platforms require different parameters + Configure number of confirmers policy. - String + Int32 - String + Int32 None - - Address + + EnforceExclusiveAccess - The Name or Address of the machine where the account will be used + Enforce exclusive access policy. - String + Boolean - String + Boolean None - - UserName + + EnforceOneTimePassword - The Username on the target machine + Enforce one-time password policy. - String + Boolean - String + Boolean None - - GroupName + + TransparentConnection - A groupname with which the account will be associated - The name of the group with which the account is associated. - To create a new group, specify the group platform ID in the GroupPlatformID property, then specify the group name. - The group will then be created automatically. + Transparent connection policy. - String + Boolean - String + Boolean None - - GroupPlatformID + + AllowViewPassword - GroupPlatformID is required if account is to be moved to a new group. + Allow view password policy. - String + Boolean - String + Boolean None - - Properties + + RequireReason - Hashtable of name=value pairs. - Specify properties to update. + Require reason policy. - Hashtable + Boolean - Hashtable + Boolean - @{ } + None - - InputObject + + AllowFreeText - Receives object from pipeline. + Allow free text reason. - PSObject + Boolean - PSObject + Boolean None - - WhatIf + + Confirm - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -34441,10 +42890,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - Confirm + + WhatIf - Prompts you for confirmation before running the cmdlet. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -34455,203 +42904,190 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - - - AccountID + + AllowFreeText - The unique ID of the account to update. - As returned by by Get-PASAccount + Allow free text reason. - String + Boolean - String + Boolean None - - op + + AllowViewPassword - The operation to perform (add, remove, replace). - Requires minimum version of 10.4 + Allow view password policy. - String + Boolean - String + Boolean None - - path + + ConfirmersNumber - The path of the property to update, for instance /address or /name. - Requires minimum version of 10.4 + Configure number of confirmers policy. - String + Int32 - String + Int32 None - - value + + DualControl - The new property value for add or replace operations. - Requires minimum version of 10.4 + Set Dual control policy. - String + Boolean - String + Boolean None - - operations + + EnforceExclusiveAccess - A collection of update actions to perform, must include op, path & value (except where action is remove). - Requires minimum version of 10.4 + Enforce exclusive access policy. - Hashtable[] + Boolean - Hashtable[] + Boolean None - - Folder + + EnforceOneTimePassword - The folder where the account is stored. + Enforce one-time password policy. - String + Boolean - String + Boolean None - - AccountName + + MultiLevelApproval - The name of the account + Configure Multi-level approvals. - String + Boolean - String + Boolean None - - DeviceType + + OnlyManagersApproval - The devicetype assigned to the account. - Ensure all required parameters are specified. - Different device types require different parameters + Configure approval by managers only policy. - String + Boolean - String + Boolean None - - PlatformID + + PasswordChangeDays - The CyberArk platform assigned to the account - Ensure all required parameters are specified. - Different platforms require different parameters + Password change frequency policy. - String + Int32 - String + Int32 None - - Address + + PasswordVerificationDays - The Name or Address of the machine where the account will be used + Password verification frequency policy. - String + Int32 - String + Int32 None - - UserName + + RecordActivity - The Username on the target machine + Record activity policy. - String + Boolean - String + Boolean None - - GroupName + + RequireMonitoringAndIsolation - A groupname with which the account will be associated - The name of the group with which the account is associated. - To create a new group, specify the group platform ID in the GroupPlatformID property, then specify the group name. - The group will then be created automatically. + Require monitoring and isolation policy. - String + Boolean - String + Boolean None - - GroupPlatformID + + RequireReason - GroupPlatformID is required if account is to be moved to a new group. + Require reason policy. - String + Boolean - String + Boolean None - - Properties + + RetentionPeriod - Hashtable of name=value pairs. - Specify properties to update. + Retention period policy. - Hashtable + Int32 - Hashtable + Int32 - @{ } + None - - InputObject + + TransparentConnection - Receives object from pipeline. + Transparent connection policy. - PSObject + Boolean - PSObject + Boolean None - - WhatIf + + Confirm - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -34660,10 +43096,10 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - Confirm + + WhatIf - Prompts you for confirmation before running the cmdlet. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -34673,102 +43109,128 @@ Publish-PASDiscoveredAccount -id 66_6 -PlatformID WinDomain -safeName SomeSafe - False - - + + + + System.Boolean + + + + + + + + System.Int32 + + + + + + + + + + System.Object + + + + + + - Dependencies (usages) cannot be updated. Accounts that do not have a policy ID cannot be updated. - To update account properties, "Update password properties" permission is required. To rename accounts, "Rename accounts" permission is required. To move accounts to a different folder, Move accounts/folders permission is required. + - -------------------------- EXAMPLE 1 -------------------------- - Set-PASAccount -AccountID 27_4 -op replace -path "/address" -value "NewAddress" - - Replaces the current address value with NewAddress - Requires minimum version of 10.4 - - - - -------------------------- EXAMPLE 2 -------------------------- - Set-PASAccount -AccountID 27_4 -op remove -path "/platformAccountProperties/UserDN" - - Removes UserDN property set on account - Requires minimum version of 10.4 - - - - -------------------------- EXAMPLE 3 -------------------------- - $actions += @{"op"="Add";"path"="/platformAccountProperties/UserDN";"value"="SomeDN"} - -$actions += @{"op"="Replace";"path"="/Name";"value"="SomeName"} - -Set-PASAccount -AccountID 27_4 -operations $actions - - Performs the update operations contained in the $actions array against the account - Requires minimum version of 10.4 - - - - -------------------------- EXAMPLE 4 -------------------------- - Get-PASAccount DBUser | Set-PASAccount -Properties @{"DSN"="myDSN"} - - Sets DSN value on matched account dbUser - Requires minimum version of 10.4 - - - - -------------------------- EXAMPLE 5 -------------------------- - Set-PASAccount -AccountID 21_3 -Folder Root -AccountName NewName ` --DeviceType Database -PlatformID Oracle -Address dbServer.domain.com -UserName DBUser - - Will set the AccountName of account with AccountID of 21_3 to "NewName". Any/All additional properties of the account which are not specified via parameters will be cleared Not supported in Privilege Cloud - - - - -------------------------- EXAMPLE 6 -------------------------- - $actions = @() -$props = @{"port"="5022";"UserDN"="SomeDN";"LogonDomain"="SomeDomain"} -$actions += @{"op"="add";"path"="/platformAccountProperties";"value"=$props} -Set-PASAccount -AccountID 29_3 -operations $actions + -------------------------- Example 1 -------------------------- + PS C:\> Set-PASMasterPolicy -DualControl $false - Adds multiple values to categories under the platformAccountProperties path. - Requires minimum version of 10.4 + Disables Dual Control in master Policy - https://pspas.pspete.dev/commands/Set-PASAccount - https://pspas.pspete.dev/commands/Set-PASAccount + https://pspas.pspete.dev/commands/Set-PASMasterPolicy + https://pspas.pspete.dev/commands/Set-PASMasterPolicy - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/UpdateAccount%20v10.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/UpdateAccount%20v10.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-policy-by-id.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/update-policy-by-id.htm - Set-PASAuthenticationMethod + Set-PASOnboardingRule Set - PASAuthenticationMethod + PASOnboardingRule - Updates an authentication method + Updates an automatic onboarding rule. - Updates authentication method. - Membership of Vault admins group required. + Updates an existing automatic onboarding rule. - Set-PASAuthenticationMethod + Set-PASOnboardingRule - ID + Id - The authentication module unique identifier. + The ID of the rule to update. + + Int32 + + Int32 + + + 0 + + + AddressMethod + + The method to use when applying the address filter (Equals / Begins with/ Ends with). + This parameter is ignored if AddressFilter is not specified. + + String + + String + + + None + + + AccountCategoryFilter + + Filter for Privileged or Non-Privileged accounts. + + String + + String + + + None + + + RuleName + + Name of the rule + If left blank, a name will be generated automatically. + + String + + String + + + None + + + RuleDescription + + A description of the rule. String @@ -34778,9 +43240,9 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - displayName + TargetPlatformId - The display name of the authentication method. + The ID of the platform that will be associated to the on-boarded account. String @@ -34790,21 +43252,22 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - enabled + TargetSafeName - Whether or not the authentication method is enabled for use. + The name of the Safe where the on-boarded account will be stored. - Boolean + String - Boolean + String - False + None - mobileEnabled + IsAdminIDFilter - Whether or not the authentication method is available from the mobile application. + Whether or not UNIX accounts with UID=0 or Windows accounts with SID ending in 500 will be onboarded automatically using this rule. + If set to false, all accounts matching the rule will be onboarded. Boolean @@ -34814,9 +43277,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions False - logoffUrl + MachineTypeFilter - The logoff page URL of the third-party server. + The Machine Type by which to filter. + Leave blank for "Any" String @@ -34826,10 +43290,9 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - secondFactorAuth + SystemTypeFilter - Defines which second factor authentication to use when connecting to the Vault. - An empty value will disable the second factor authentication. + The System Type by which to filter. String @@ -34839,10 +43302,9 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - signInLabel + UserNameFilter - Defines the sign-in text for this authentication method. - Relevant only for CyberArk, RADIUS and LDAP authentication methods. + The name of the user by which to filter. String @@ -34852,10 +43314,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - usernameFieldLabel + UserNameMethod - Defines the label of the username field for this authentication method. - Relevant only for CyberArk, RADIUS, and LDAP authentication methods. + The method to use when applying the user name filter (Equals / Begins with/ Ends with). + This parameter is ignored if UserNameFilter is not specified. String @@ -34865,10 +43327,9 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - passwordFieldLabel + AddressFilter - Defines the label of the password field for this authentication method. - Relevant only for CyberArk, RADIUS, and LDAP authentication methods. + IP Address or DNS name of the machine by which to filter. String @@ -34903,21 +43364,21 @@ Set-PASAccount -AccountID 29_3 -operations $actions - ID + Id - The authentication module unique identifier. + The ID of the rule to update. - String + Int32 - String + Int32 - None + 0 - displayName + TargetPlatformId - The display name of the authentication method. + The ID of the platform that will be associated to the on-boarded account. String @@ -34927,21 +43388,22 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - enabled + TargetSafeName - Whether or not the authentication method is enabled for use. + The name of the Safe where the on-boarded account will be stored. - Boolean + String - Boolean + String - False + None - mobileEnabled + IsAdminIDFilter - Whether or not the authentication method is available from the mobile application. + Whether or not UNIX accounts with UID=0 or Windows accounts with SID ending in 500 will be onboarded automatically using this rule. + If set to false, all accounts matching the rule will be onboarded. Boolean @@ -34951,9 +43413,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions False - logoffUrl + MachineTypeFilter - The logoff page URL of the third-party server. + The Machine Type by which to filter. + Leave blank for "Any" String @@ -34963,10 +43426,9 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - secondFactorAuth + SystemTypeFilter - Defines which second factor authentication to use when connecting to the Vault. - An empty value will disable the second factor authentication. + The System Type by which to filter. String @@ -34976,10 +43438,9 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - signInLabel + UserNameFilter - Defines the sign-in text for this authentication method. - Relevant only for CyberArk, RADIUS and LDAP authentication methods. + The name of the user by which to filter. String @@ -34989,10 +43450,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - usernameFieldLabel + UserNameMethod - Defines the label of the username field for this authentication method. - Relevant only for CyberArk, RADIUS, and LDAP authentication methods. + The method to use when applying the user name filter (Equals / Begins with/ Ends with). + This parameter is ignored if UserNameFilter is not specified. String @@ -35002,10 +43463,59 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - passwordFieldLabel + AddressFilter - Defines the label of the password field for this authentication method. - Relevant only for CyberArk, RADIUS, and LDAP authentication methods. + IP Address or DNS name of the machine by which to filter. + + String + + String + + + None + + + AddressMethod + + The method to use when applying the address filter (Equals / Begins with/ Ends with). + This parameter is ignored if AddressFilter is not specified. + + String + + String + + + None + + + AccountCategoryFilter + + Filter for Privileged or Non-Privileged accounts. + + String + + String + + + None + + + RuleName + + Name of the rule + If left blank, a name will be generated automatically. + + String + + String + + + None + + + RuleDescription + + A description of the rule. String @@ -35043,50 +43553,48 @@ Set-PASAccount -AccountID 29_3 -operations $actions - + Minimum Version: 10.5 -------------------------- EXAMPLE 1 -------------------------- - Set-PASAuthenticationMethod -id SomeID -enabled $false + Set-PASOnboardingRule -Id 1 -TargetPlatformId WINDOMAIN -TargetSafeName SafeName -SystemTypeFilter Windows - Disable authentication method "SomeID" + Updates Onboarding Rule with ID 1 - https://pspas.pspete.dev/commands/Set-PASAuthenticationMethod - https://pspas.pspete.dev/commands/Set-PASAuthenticationMethod + https://pspas.pspete.dev/commands/Set-PASOnboardingRule + https://pspas.pspete.dev/commands/Set-PASOnboardingRule - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Update_Authentication_method.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Update_Authentication_method.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditAutomaticOnboardingRule.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditAutomaticOnboardingRule.htm - Set-PASDirectoryMapping + Set-PASOpenIDConnectProvider Set - PASDirectoryMapping + PASOpenIDConnectProvider - Updates an existing Directory Mapping for a directory + Updates an existing OIDC Identity Provider. - Updates a directory mapping. - Membership of the Vault Admins group required. - Minimum required version 10.7 + Updates an existing OIDC Identity Provider. Requires membership of Vault Admins group. - Set-PASDirectoryMapping - - DirectoryName + Set-PASOpenIDConnectProvider + + id - The name of the directory the mapping is for. + The unique identifier of the provider. String @@ -35095,23 +43603,22 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - UserActivityLogPeriod + + authenticationFlow - Retention period in days for user activity logs - Minimum required version 10.10 + The OIDC connection flow. - Int32 + String - Int32 + String - 0 + None - - MappingID + + authenticationEndpointUrl - The ID of the Directory Mapping to Update + The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL. String @@ -35120,10 +43627,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - MappingName + + issuer - The name of the PAS role that will be created. + The Issuer Identifier for the OpenID Provider. Used to verify that the response was issued from a specific provider. String @@ -35132,10 +43639,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - LDAPBranch + + description - The LDAP branch that will be used for external directory queries + A description of the provider. String @@ -35144,35 +43651,36 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - DomainGroups + + discoveryEndpointUrl - Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system. + OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL. + This URL is metadata that describes the provider's configuration. - String[] + String - String[] + String None - - VaultGroups + + jwkSet - A list of Vault groups that a mapped user will be added to. + The JSON web key set provided by the OIDC Identity Provider for validating JSON web tokens during the authentication flow. + The JSON must include a "keys" parameter, which is an array of JWT signing keys. - String[] + String - String[] + String None - - Location + + clientId - The path of the Vault location that mapped users are added under. - This value cannot be updated. + The unique identifier for the client application. This ID is created by the provider, and assigned to each client application upon registration. String @@ -35181,10 +43689,22 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - LDAPQuery + + clientSecret - Match LDAP query results to mapping + The client secret is only known to the application and the provider for secure communication during the authentication flow. This secret is created by the provider, and assigned to each client application upon registration. + + SecureString + + SecureString + + + None + + + clientSecretMethod + + The client authentication method for the client secret. String @@ -35193,34 +43713,14 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - MappingAuthorizations + + userNameClaim - Specify authorizations that will be applied when an LDAP User Account is created in the Vault. - To apply specific authorizations to a mapping, the user must have the same authorizations. - Possible authorizations: - AddSafes - - AuditUsers - - AddUpdateUsers - - ResetUsersPasswords - - ActivateUsers - - ManageServerFileCategories - - BackupAllSafes - - RestoreAllSafes + The property in the ID token provided by the OIDC Identity Provider that contains the user name. - - AddUpdateUsers - AddSafes - AddNetworkAreas - ManageServerFileCategories - AuditUsers - BackupAllSafes - RestoreAllSafes - ResetUsersPasswords - ActivateUsers - - Authorizations + String - Authorizations + String None @@ -35247,52 +43747,13 @@ Set-PASAccount -AccountID 29_3 -operations $actions False - - AuthorizedInterfaces - - Sets the authorized interface from the available interfaces defined by the license. - Requires 14.0 - - String[] - - String[] - - - None - - - EnableENEWhenDisconnected - - Whether or not to monitor this user type's activity. - Requires 14.0 - - Boolean - - Boolean - - - None - - - UsedQuota - - Sets the disk quota allocated to the user in MB. - Requires 14.0 - - Int32 - - Int32 - - - None - - - DirectoryName + + id - The name of the directory the mapping is for. + The unique identifier of the provider. String @@ -35301,10 +43762,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - MappingID + + authenticationFlow - The ID of the Directory Mapping to Update + The OIDC connection flow. String @@ -35313,10 +43774,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - MappingName + + authenticationEndpointUrl - The name of the PAS role that will be created. + The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL. String @@ -35325,10 +43786,10 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - LDAPBranch + + issuer - The LDAP branch that will be used for external directory queries + The Issuer Identifier for the OpenID Provider. Used to verify that the response was issued from a specific provider. String @@ -35337,47 +43798,236 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - DomainGroups + + description - Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system. + A description of the provider. - String[] + String - String[] + String None - - VaultGroups + + discoveryEndpointUrl - A list of Vault groups that a mapped user will be added to. + OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL. + This URL is metadata that describes the provider's configuration. - String[] + String - String[] + String None - - Location + + jwkSet + + The JSON web key set provided by the OIDC Identity Provider for validating JSON web tokens during the authentication flow. + The JSON must include a "keys" parameter, which is an array of JWT signing keys. + + String + + String + + + None + + + clientId + + The unique identifier for the client application. This ID is created by the provider, and assigned to each client application upon registration. + + String + + String + + + None + + + clientSecret + + The client secret is only known to the application and the provider for secure communication during the authentication flow. This secret is created by the provider, and assigned to each client application upon registration. + + SecureString + + SecureString + + + None + + + clientSecretMethod + + The client authentication method for the client secret. + + String + + String + + + None + + + userNameClaim + + The property in the ID token provided by the OIDC Identity Provider that contains the user name. + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + + + + + + -------------------------- EXAMPLE 1 -------------------------- + PS C:\> Set-PASOpenIDConnectProvider -id SomeOIDCProvider -discoveryEndpointUrl https://SomeURL -clientId SomeIDValue -clientSecretMethod POST + + Updates an existing OIDC Identity Provider with ID SomeOIDCProvider. + + + + + + Online Version: + https://pspas.pspete.dev/commands/Set-PASOpenIDConnectProvider + + + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Update-Provider.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Update-Provider.htm + + + + + + Set-PASPlatformPSMConfig + Set + PASPlatformPSMConfig + + Update target platform PSM Policy details. + + + + Allows Vault admins to update the PSM Policy Section of a target platform. + + + + Set-PASPlatformPSMConfig + + ID + + Numeric ID of target platform + + Int32 + + Int32 + + + 0 + + + PSMServerID + + PSM server ID linked to the platform + + String + + String + + + None + + + PSMConnectors + + Collection of PSM Connectors to link to the platform + + PSObject[] + + PSObject[] + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + ID - The path of the Vault location that mapped users are added under. - This value cannot be updated. + Numeric ID of target platform - String + Int32 - String + Int32 - None + 0 - - LDAPQuery + + PSMServerID - Match LDAP query results to mapping + PSM server ID linked to the platform String @@ -35386,40 +44036,18 @@ Set-PASAccount -AccountID 29_3 -operations $actions None - - MappingAuthorizations + + PSMConnectors - Specify authorizations that will be applied when an LDAP User Account is created in the Vault. - To apply specific authorizations to a mapping, the user must have the same authorizations. - Possible authorizations: - AddSafes - - AuditUsers - - AddUpdateUsers - - ResetUsersPasswords - - ActivateUsers - - ManageServerFileCategories - - BackupAllSafes - - RestoreAllSafes + Collection of PSM Connectors to link to the platform - Authorizations + PSObject[] - Authorizations + PSObject[] None - - UserActivityLogPeriod - - Retention period in days for user activity logs - Minimum required version 10.10 - - Int32 - - Int32 - - - 0 - WhatIf @@ -35444,45 +44072,6 @@ Set-PASAccount -AccountID 29_3 -operations $actions False - - AuthorizedInterfaces - - Sets the authorized interface from the available interfaces defined by the license. - Requires 14.0 - - String[] - - String[] - - - None - - - EnableENEWhenDisconnected - - Whether or not to monitor this user type's activity. - Requires 14.0 - - Boolean - - Boolean - - - None - - - UsedQuota - - Sets the disk quota allocated to the user in MB. - Requires 14.0 - - Int32 - - Int32 - - - None - @@ -35494,65 +44083,70 @@ Set-PASAccount -AccountID 29_3 -operations $actions -------------------------- EXAMPLE 1 -------------------------- - Get-PASDirectoryMapping -DirectoryName $Directory -MappingID $ID | + $PSMConfig = Get-PASPlatformPSMConfig -ID 23 -Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpdateUsers, AuditUsers +$PSMConfig.PSMConnectors += (\[PSCustomObject\]@{"PSMConnectorID"="PSM-RDP";"Enabled"=$true}) +Set-PASPlatformPSMConfig -ID 23 -PSMConnectors $PSMConfig.PSMConnectors - Configures the AddUpdateUsers & AuditUsers authorisations on the mapping. - Minimum required version 10.7 + Adds PSM-RDP as an additional connection component configured on platform with id of 23 -------------------------- EXAMPLE 2 -------------------------- - Set-PASDirectoryMapping -DirectoryName $DirectoryName -MappingID $MappingID -MappingName $MappingName -LDAPBranch $LDAPBranch ` --MappingAuthorizations AddUpdateUsers, ActivateUsers & ResetUsersPasswords + $PSMConfig = Get-PASPlatformPSMConfig -ID 23 + +$PSMConfig | Set-PASPlatformPSMConfig -ID 23 -PSMServerID PSM-LoadBalancer-EMEA - Sets AddUpdateUsers, ActivateUsers & ResetUsersPasswords authorisations on the directory mapping - Minimum required version 10.7 + Updates configured PSMServer on platform with id of 23 to PSM-LoadBalancer-EMEA -------------------------- EXAMPLE 3 -------------------------- - Set-PASDirectoryMapping -DirectoryName $DirectoryName -MappingID $MappingID -MappingName $MappingName -LDAPBranch $LDAPBranch ` --UserActivityLogPeriod 365 + $ConnectionComponent = $([PSCustomObject]@{"PSMConnectorID"="PSM-SSH";"Enabled"=$true}) + +Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnectors $ConnectionComponent - Sets UserActivityLogPeriod for the mapping to 365 - Minimum required version 10.10 + Configures platform with ID 42 with connection component PSM-SSH Any other Connection Components currently configured will be removed. + + + + -------------------------- EXAMPLE 4 -------------------------- + Set-PASPlatformPSMConfig -id 42 -PSMServerID PSM-LoadBalancer-EMEA + + Clears all configured Connection Components from platform with id of 42 - https://pspas.pspete.dev/commands/Set-PASDirectoryMapping - https://pspas.pspete.dev/commands/Set-PASDirectoryMapping + https://pspas.pspete.dev/commands/Set-PASPlatformPSMConfig + https://pspas.pspete.dev/commands/Set-PASPlatformPSMConfig - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditDirectoryMapping.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Session%20Mngmnt%20-%20Update_Session_Management_Policy_Platform.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Session%20Mngmnt%20-%20Update_Session_Management_Policy_Platform.htm - Set-PASDirectoryMappingOrder + Set-PASPTAEvent Set - PASDirectoryMappingOrder + PASPTAEvent - Changes the order of directory mappings for a directory + Updates the status of a security event - Updates the order of all a directories mappings. - Requires membership of Vault Admins group & "Audit users", "Add/Update users" & "Manage Directory mappings" authorizations. - Minimum version 10.10 + Updates the status of a security event to open or closed - Set-PASDirectoryMappingOrder + Set-PASPTAEvent - DirectoryName + EventID - The name of the directory + The event ID. String @@ -35561,14 +44155,14 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - MappingsOrder + + mStatus - The MappingID of each directory mapping, in the order they should be applied. + The status to update (open or closed). - Int32[] + String - Int32[] + String None @@ -35599,9 +44193,9 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda - DirectoryName + EventID - The name of the directory + The event ID. String @@ -35610,14 +44204,14 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - MappingsOrder + + mStatus - The MappingID of each directory mapping, in the order they should be applied. + The status to update (open or closed). - Int32[] + String - Int32[] + String None @@ -35651,56 +44245,91 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda - + Minimum Version CyberArk 11.3 -------------------------- EXAMPLE 1 -------------------------- - Set-PASDirectoryMappingOrder -DirectoryName "DOMAIN.COM" -MappingsOrder 39,43,41,669,668,667 + Set-PASPTAEvent -EventID $id - Sets the order of the directory mappings for directory "DOMAIN.COM" + - https://pspas.pspete.dev/commands/Set-PASDirectoryMappingOrder - https://pspas.pspete.dev/commands/Set-PASDirectoryMappingOrder + https://pspas.pspete.dev/commands/Set-PASPTAEvent + https://pspas.pspete.dev/commands/Set-PASPTAEvent - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-reorder-map.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/rest-api-reorder-map.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/CloseOpenSecurityEvent.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/CloseOpenSecurityEvent.htm - Set-PASGroup + Set-PASPTARemediation Set - PASGroup + PASPTARemediation - Renames a Vault group + Updates automatic remediation settings in PTA - Updates a Vault group. The authenticated user requires the following permissions: - Add\Update users - Requires CyberArk Version 12.0+ + Updates automatic remediation settings configured in PTA - Set-PASGroup - - GroupName + Set-PASPTARemediation + + changePassword_SuspectedCredentialsTheft - A new name for the group + Indicate if Change Password on Suspected Credential Theft the command is active - String + Boolean - String + Boolean - None + False + + + changePassword_OverPassTheHash + + Indicate if the Change Password on Over Pass The Hash command is active + + Boolean + + Boolean + + + False + + + reconcilePassword_SuspectedPasswordChange + + Indicate if the Reconcile Password on Suspected Password Change command is active + + Boolean + + Boolean + + + False + + + pendAccount_UnmanagedPrivilegedAccount + + Indicate if the Add Unmanaged Accounts to Pending Accounts command is active + + Boolean + + Boolean + + + False WhatIf @@ -35724,32 +44353,56 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False - - ID - - {{ Fill ID Description }} - - Int32 - - Int32 - - - None - - - GroupName + + changePassword_SuspectedCredentialsTheft - A new name for the group + Indicate if Change Password on Suspected Credential Theft the command is active - String + Boolean - String + Boolean - None + False + + + changePassword_OverPassTheHash + + Indicate if the Change Password on Over Pass The Hash command is active + + Boolean + + Boolean + + + False + + + reconcilePassword_SuspectedPasswordChange + + Indicate if the Reconcile Password on Suspected Password Change command is active + + Boolean + + Boolean + + + False + + + pendAccount_UnmanagedPrivilegedAccount + + Indicate if the Add Unmanaged Accounts to Pending Accounts command is active + + Boolean + + Boolean + + + False WhatIf @@ -35775,73 +44428,65 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False - - ID - - {{ Fill ID Description }} - - Int32 - - Int32 - - - None - - + Minimum Version CyberArk 10.4 - -------------------------- Example 1 -------------------------- - PS C:\> Set-PASGroup -GroupID 420 -GroupName SomeName + -------------------------- EXAMPLE 1 -------------------------- + Set-PASPTARemediation -changePassword_SuspectedCredentialsTheft $true - Renames group with id 420 to "SomeName" + Enables the "Change password on Suspected Credentials Theft" rule. + + + + -------------------------- EXAMPLE 2 -------------------------- + Set-PASPTARemediation -reconcilePassword_SuspectedPasswordChange $false + + Disables the "reconcile on suspected password change" rule. - https://pspas.pspete.dev/commands/Set-PASGroup - https://pspas.pspete.dev/commands/Set-PASGroup + https://pspas.pspete.dev/commands/Set-PASPTARemediation + https://pspas.pspete.dev/commands/Set-PASPTARemediation - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.0/en/Content/WebServices/Update-group.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.0/en/Content/WebServices/Update-group.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/AutomaticRemediation_UpdateConfiguration.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/AutomaticRemediation_UpdateConfiguration.htm - Set-PASIPAllowList + Set-PASPTARiskEvent Set - PASIPAllowList + PASPTARiskEvent - Update the list of allowed IP addresses for connector communication to the Privilege Cloud SaaS environment. + Update PTA Risk Events - Configuration erases everything that was previously configured. In order to keep your current configuration, add the existing IP addresses to the list. An empty list will remove all the current IP addresses. - Configuration can take up to 10 minutes. You cannot trigger a new process when there is a process running. To verify, run the `Get-PASIPAllowList` CmdLet and check that the updateInProgress parameter property is false. - Requires one of the following roles: - Privilege Cloud Administrator - - Privilege Cloud Administrator Basic - - Privilege Cloud Administrator Lite + Update the status of a risk event to open or closed. + Requires minimum version of 13.2 - Set-PASIPAllowList - - customerPublicIPs + Set-PASPTARiskEvent + + status - List of IP addresses and subnets separated by commas + The status to update on the risk event - String[] + String - String[] + String None @@ -35868,21 +44513,51 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False + + closeReason + + The close reason for the risk event Valid Values: - HANDLED + - NOTREAL + - OTHER + - NONE + + Requires version 14.0 + + String + + String + + + None + + + ID + + The ID of the PTA Risk Event + + String + + String + + + None + + + reasonText + + Free text close reason + Requires version 14.0 + + String + + String + + + None + - - customerPublicIPs - - List of IP addresses and subnets separated by commas - - String[] - - String[] - - - None - WhatIf @@ -35907,6 +44582,60 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False + + closeReason + + The close reason for the risk event Valid Values: - HANDLED + - NOTREAL + - OTHER + - NONE + + Requires version 14.0 + + String + + String + + + None + + + ID + + The ID of the PTA Risk Event + + String + + String + + + None + + + reasonText + + Free text close reason + Requires version 14.0 + + String + + String + + + None + + + status + + The status to update on the risk event + + String + + String + + + None + @@ -35917,45 +44646,43 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda - -------------------------- Example 1 -------------------------- - Set-PASIPAllowList -customerPublicIPs '10.66.19.45/32','19.79.19.79/22','194.2.192.5/32','201.3.201.3/24' + -------------------------- EXAMPLE 1 -------------------------- + Set-PASPTARiskEvent -EventID 123 -Status CLOSED - Configures the IP Allow List with the specified addresses + Close PTA Risk Event with id 1234 - https://pspas.pspete.dev/commands/Set-PASIPAllowList - https://pspas.pspete.dev/commands/Set-PASIPAllowList + https://pspas.pspete.dev/commands/Set-PASPTARiskEvent + https://pspas.pspete.dev/commands/Set-PASPTARiskEvent - https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/PrivilegeCloudAPIs/PrivCloud-IP-allowlist-Configure-API.htm - https://docs.cyberark.com/privilege-cloud-shared-services/latest/en/Content/PrivilegeCloudAPIs/PrivCloud-IP-allowlist-Configure-API.htm + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/CloseOpenRiskEvent.htm + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/CloseOpenRiskEvent.htm - Set-PASLinkedAccount + Set-PASPTARule Set - PASLinkedAccount + PASPTARule - Associates a linked account to an existing account. + Updates an existing Risky Activity rule to PTA - Associates a Reconcile account, Logon account, or other type of linked account that is defined in the platform configuration. - Requires the following Safe member authorizations: - List accounts - Required for both the Safe of the linked account and the Safe of the source account. - Update account properties. - Require for the Safe of the source account - Requires CyberArk Version 12.1+ + Updates an existing Risky Activity rule in the PTA server configuration. - Set-PASLinkedAccount - - AccountID + Set-PASPTARule + + id - The AccountID of the account to associate a linked account to. + The unique ID of the rule. String @@ -35964,10 +44691,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - safe + + category - The Safe in which the linked account is stored. + The Category of the risky activity - Valid values: SSH, WINDOWS, SCP, KEYSTROKES or SQL String @@ -35976,10 +44703,11 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - extraPasswordIndex + + regex - The linked account's extra password index (1,2, or 3). + Risky activity in regex form. + Must support all characters (including "/" and escaping characters) String @@ -35988,10 +44716,24 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - name + + score - The accountname of the linked account. + Activity score. + Number must be between 1 and 100 + + Int32 + + Int32 + + + 0 + + + description + + Activity description. + The field is mandatory but can be empty String @@ -36000,10 +44742,11 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - folder + + response - The folder in which the linked account is stored in it's safe. + Automatic response to be executed + Valid Values: NONE, TERMINATE or SUSPEND String @@ -36012,6 +44755,18 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None + + active + + Indicate if the rule should be active or disabled + + Boolean + + Boolean + + + False + WhatIf @@ -36034,13 +44789,61 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False + + machinesList + + List of machines to be included or excluded for detection + + String[] + + String[] + + + None + + + machinesMode + + Indicates whether the list of machines will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only machines on the list will be processed for detection - EXCLUDE - Machines on the list will not be processed for detection + + String + + String + + + None + + + vaultUsersList + + List of accounts to be included or excluded for detection + + String[] + + String[] + + + None + + + vaultUsersMode + + Indicates whether the list of accounts will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only accounts on the list will be processed for detection - EXCLUDE - Accounts on the list will not be processed for detection + + String + + String + + + None + - - AccountID + + id - The AccountID of the account to associate a linked account to. + The unique ID of the rule. String @@ -36049,10 +44852,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - safe + + category - The Safe in which the linked account is stored. + The Category of the risky activity - Valid values: SSH, WINDOWS, SCP, KEYSTROKES or SQL String @@ -36061,10 +44864,11 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - extraPasswordIndex + + regex - The linked account's extra password index (1,2, or 3). + Risky activity in regex form. + Must support all characters (including "/" and escaping characters) String @@ -36073,10 +44877,24 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - name + + score - The accountname of the linked account. + Activity score. + Number must be between 1 and 100 + + Int32 + + Int32 + + + 0 + + + description + + Activity description. + The field is mandatory but can be empty String @@ -36085,10 +44903,11 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - folder + + response - The folder in which the linked account is stored in it's safe. + Automatic response to be executed + Valid Values: NONE, TERMINATE or SUSPEND String @@ -36097,6 +44916,18 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None + + active + + Indicate if the rule should be active or disabled + + Boolean + + Boolean + + + False + WhatIf @@ -36121,105 +44952,109 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False + + machinesList + + List of machines to be included or excluded for detection + + String[] + + String[] + + + None + + + machinesMode + + Indicates whether the list of machines will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only machines on the list will be processed for detection - EXCLUDE - Machines on the list will not be processed for detection + + String + + String + + + None + + + vaultUsersList + + List of accounts to be included or excluded for detection + + String[] + + String[] + + + None + + + vaultUsersMode + + Indicates whether the list of accounts will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only accounts on the list will be processed for detection - EXCLUDE - Accounts on the list will not be processed for detection + + String + + String + + + None + - + Minimum Version CyberArk 10.4 - -------------------------- Example 1 -------------------------- - PS C:\> Set-PASLinkedAccount -AccountID 29_4 -safe Some_Safe -extraPasswordIndex 1 -name SomeAdmin -folder root - - Adds "SomeAdmin" account from "Some_Safe" as the logon account for account with id 29_4 - - - - -------------------------- Example 2 -------------------------- - PS C:\> Set-PASLinkedAccount -AccountID 29_4 -safe Some_Safe -extraPasswordIndex 2 -name SomeAccount -folder root + -------------------------- EXAMPLE 1 -------------------------- + Set-PASPTARule -id 66 -category KEYSTROKES -regex '(*.)risky cmd(.*)' -score 65 -description "Updated Rule" -response SUSPEND -active $true - Adds "SomeAccount" account from "Some_Safe" as the extrapass2 account for account with id 29_4 + Updates rule 66 in PTA - -------------------------- Example 3 -------------------------- - PS C:\> Set-PASLinkedAccount -AccountID 29_4 -safe Some_Safe -extraPasswordIndex 3 -name SomeReconcile -folder root + -------------------------- EXAMPLE 2 -------------------------- + Set-PASPTARule -id 66 -category KEYSTROKES -regex '(*.)risky cmd(.*)' -score 65 -description "Updated Rule" -response SUSPEND -active $true -vaultUsersList UserA,UserB,UserC -machinesMode INCLUDE Computer1,Computer2,Computer3 - Adds "SomeReconcile" account from "Some_Safe" as the reconcile account for account with id 29_4 + Updates rule 66 in PTA, scoped to exclude listed users, and include listed machines - https://pspas.pspete.dev/commands/Set-PASLinkedAccount - https://pspas.pspete.dev/commands/Set-PASLinkedAccount + https://pspas.pspete.dev/commands/Set-PASPTARule + https://pspas.pspete.dev/commands/Set-PASPTARule - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Link-account.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Link-account.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/UpdateRule.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/UpdateRule.htm - Set-PASOnboardingRule + Set-PASPTASMTP Set - PASOnboardingRule + PASPTASMTP - Updates an automatic onboarding rule. + Sets an SMTP configuration to PTA - Updates an existing automatic onboarding rule. + Configure PTA SMTP settings + API is not documented, so this help file may not be 100% accurate - Set-PASOnboardingRule + Set-PASPTASMTP - Id - - The ID of the rule to update. - - Int32 - - Int32 - - - 0 - - - AddressMethod - - The method to use when applying the address filter (Equals / Begins with/ Ends with). - This parameter is ignored if AddressFilter is not specified. - - String - - String - - - None - - - AccountCategoryFilter - - Filter for Privileged or Non-Privileged accounts. - - String - - String - - - None - - - RuleName + host - Name of the rule - If left blank, a name will be generated automatically. + The SMTP host String @@ -36228,10 +45063,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - RuleDescription + + protocol - A description of the rule. + The protocol for SMTP integration String @@ -36240,22 +45075,22 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - TargetPlatformId + + port - The ID of the platform that will be associated to the on-boarded account. + The port for the SMTP communication - String + Int32 - String + Int32 - None + 0 - - TargetSafeName + + sender - The name of the Safe where the on-boarded account will be stored. + The sender address String @@ -36264,36 +45099,22 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - IsAdminIDFilter - - Whether or not UNIX accounts with UID=0 or Windows accounts with SID ending in 500 will be onboarded automatically using this rule. - If set to false, all accounts matching the rule will be onboarded. - - Boolean - - Boolean - - - False - - - MachineTypeFilter + + recipients - The Machine Type by which to filter. - Leave blank for "Any" + The recipient address - String + String[] - String + String[] None - SystemTypeFilter + accountId - The System Type by which to filter. + Account to use for SMTP authentication String @@ -36302,10 +45123,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - UserNameFilter + + CertificateFile - The name of the user by which to filter. + Certificate to use for SMTP authentication String @@ -36314,30 +45135,28 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - UserNameMethod + + AlertToEmailScoreThreshold - The method to use when applying the user name filter (Equals / Begins with/ Ends with). - This parameter is ignored if UserNameFilter is not specified. + PTA Alert Score threshold for email alerts - String + Int32 - String + Int32 - None + 0 - - AddressFilter + + Confirm - IP Address or DNS name of the machine by which to filter. + Prompts you for confirmation before running the cmdlet. - String - String + SwitchParameter - None + False WhatIf @@ -36350,86 +45169,13 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - Id - - The ID of the rule to update. - - Int32 - - Int32 - - - 0 - - - TargetPlatformId - - The ID of the platform that will be associated to the on-boarded account. - - String - - String - - - None - - - TargetSafeName - - The name of the Safe where the on-boarded account will be stored. - - String - - String - - - None - - - IsAdminIDFilter - - Whether or not UNIX accounts with UID=0 or Windows accounts with SID ending in 500 will be onboarded automatically using this rule. - If set to false, all accounts matching the rule will be onboarded. - - Boolean - - Boolean - - - False - - - MachineTypeFilter - - The Machine Type by which to filter. - Leave blank for "Any" - - String - - String - - - None - - - SystemTypeFilter + host - The System Type by which to filter. + The SMTP host String @@ -36438,10 +45184,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - UserNameFilter + + protocol - The name of the user by which to filter. + The protocol for SMTP integration String @@ -36450,23 +45196,22 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - UserNameMethod + + port - The method to use when applying the user name filter (Equals / Begins with/ Ends with). - This parameter is ignored if UserNameFilter is not specified. + The port for the SMTP communication - String + Int32 - String + Int32 - None + 0 - - AddressFilter + + sender - IP Address or DNS name of the machine by which to filter. + The sender address String @@ -36475,23 +45220,22 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - AddressMethod + + recipients - The method to use when applying the address filter (Equals / Begins with/ Ends with). - This parameter is ignored if AddressFilter is not specified. + The recipient address - String + String[] - String + String[] None - - AccountCategoryFilter + + accountId - Filter for Privileged or Non-Privileged accounts. + Account to use for SMTP authentication String @@ -36500,11 +45244,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - RuleName + + CertificateFile - Name of the rule - If left blank, a name will be generated automatically. + Certificate to use for SMTP authentication String @@ -36513,22 +45256,22 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - RuleDescription + + AlertToEmailScoreThreshold - A description of the rule. + PTA Alert Score threshold for email alerts - String + Int32 - String + Int32 - None + 0 - - WhatIf + + Confirm - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -36537,10 +45280,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False - - Confirm + + WhatIf - Prompts you for confirmation before running the cmdlet. + Shows what would happen if the cmdlet runs. The cmdlet is not run. SwitchParameter @@ -36554,48 +45297,61 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda - Minimum Version: 10.5 + - -------------------------- EXAMPLE 1 -------------------------- - Set-PASOnboardingRule -Id 1 -TargetPlatformId WINDOMAIN -TargetSafeName SafeName -SystemTypeFilter Windows + -------------------------- Example 1 -------------------------- + PS C:\> Set-PASPTASMTP -host smtp.domain.com -protocol TCP -port 25 -sender 'PTA@domain.com' ` + -recipients 'security_team@domain.com' -AlertToEmailScoreThreshold 70 - Updates Onboarding Rule with ID 1 + Configures PTA SMTP settings - https://pspas.pspete.dev/commands/Set-PASOnboardingRule - https://pspas.pspete.dev/commands/Set-PASOnboardingRule - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditAutomaticOnboardingRule.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/EditAutomaticOnboardingRule.htm + https://pspas.pspete.dev/commands/Set-PASPTASMTP + https://pspas.pspete.dev/commands/Set-PASPTASMTP - Set-PASOpenIDConnectProvider + Set-PASSafe Set - PASOpenIDConnectProvider + PASSafe - Updates an existing OIDC Identity Provider. + Updates a safe in the Vault - Updates an existing OIDC Identity Provider. Requires membership of Vault Admins group. + Updates a single safe in the Vault. Manage Safe permission is required. - Set-PASOpenIDConnectProvider + Set-PASSafe - id + SafeName + + The name of the safe to update. - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' + + String + + String + + + None + + + NewSafeName - The unique identifier of the provider. + A name to rename the safe to - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' String @@ -36605,9 +45361,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - authenticationFlow + Description - The OIDC connection flow. + Updated Description for safe. + Max 100 characters. String @@ -36616,10 +45373,23 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None + + OLACEnabled + + Boolean value, dictating whether or not to enable Object Level Access Control on the safe. + + Boolean + + Boolean + + + False + - authenticationEndpointUrl + ManagingCPM - The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL. + The Name of the CPM user to manage the safe. + Specify "" to prevent CPM management. String @@ -36629,9 +45399,61 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - issuer + NumberOfVersionsRetention - The Issuer Identifier for the OpenID Provider. Used to verify that the response was issued from a specific provider. + The number of retained versions of every password that is stored in the Safe. - Max value = 999 Specify either this parameter or NumberOfDaysRetention. + + Int32 + + Int32 + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + location + + The vault location to set for the safe + Minimum required version 12.2 + + String + + String + + + None + + + + Set-PASSafe + + SafeName + + The name of the safe to update. - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' String @@ -36641,9 +45463,11 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - description + NewSafeName - A description of the provider. + A name to rename the safe to - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' String @@ -36653,10 +45477,10 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - discoveryEndpointUrl + Description - OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL. - This URL is metadata that describes the provider's configuration. + Updated Description for safe. + Max 100 characters. String @@ -36665,11 +45489,23 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None + + OLACEnabled + + Boolean value, dictating whether or not to enable Object Level Access Control on the safe. + + Boolean + + Boolean + + + False + - jwkSet + ManagingCPM - The JSON web key set provided by the OIDC Identity Provider for validating JSON web tokens during the authentication flow. - The JSON must include a "keys" parameter, which is an array of JWT signing keys. + The Name of the CPM user to manage the safe. + Specify "" to prevent CPM management. String @@ -36679,9 +45515,60 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - clientId + NumberOfVersionsRetention - The unique identifier for the client application. This ID is created by the provider, and assigned to each client application upon registration. + The number of retained versions of every password that is stored in the Safe. - Max value = 999 Specify either this parameter or NumberOfDaysRetention. + + Int32 + + Int32 + + + 0 + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 12.2 + + + SwitchParameter + + + False + + + + Set-PASSafe + + SafeName + + The name of the safe to update. - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' String @@ -36691,21 +45578,24 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - clientSecret + NewSafeName - The client secret is only known to the application and the provider for secure communication during the authentication flow. This secret is created by the provider, and assigned to each client application upon registration. + A name to rename the safe to - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' - SecureString + String - SecureString + String None - clientSecretMethod + Description - The client authentication method for the client secret. + Updated Description for safe. + Max 100 characters. String @@ -36714,10 +45604,23 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None + + OLACEnabled + + Boolean value, dictating whether or not to enable Object Level Access Control on the safe. + + Boolean + + Boolean + + + False + - userNameClaim + ManagingCPM - The property in the ID token provided by the OIDC Identity Provider that contains the user name. + The Name of the CPM user to manage the safe. + Specify "" to prevent CPM management. String @@ -36726,6 +45629,21 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None + + NumberOfDaysRetention + + The number of days for which password versions are saved in the Safe. + - Minimum Value: 0 + - Maximum Value: 3650 + Specify either this parameter or NumberOfVersionsRetention + + Int32 + + Int32 + + + 0 + WhatIf @@ -36748,226 +45666,42 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False + + location + + The vault location to set for the safe + Minimum required version 12.2 + + String + + String + + + None + - - - - id - - The unique identifier of the provider. - - String - - String - - - None - - - authenticationFlow - - The OIDC connection flow. - - String - - String - - - None - - - authenticationEndpointUrl - - The URL of the provider's authorization endpoint. Authentication requests will be sent to this URL. - - String - - String - - - None - - - issuer - - The Issuer Identifier for the OpenID Provider. Used to verify that the response was issued from a specific provider. - - String - - String - - - None - - - description - - A description of the provider. - - String - - String - - - None - - - discoveryEndpointUrl - - OIDC defines a discovery mechanism, called OpenID Connect Discovery, where an OIDC Identity provider publishes its metadata at a well-known URL. - This URL is metadata that describes the provider's configuration. - - String - - String - - - None - - - jwkSet - - The JSON web key set provided by the OIDC Identity Provider for validating JSON web tokens during the authentication flow. - The JSON must include a "keys" parameter, which is an array of JWT signing keys. - - String - - String - - - None - - - clientId - - The unique identifier for the client application. This ID is created by the provider, and assigned to each client application upon registration. - - String - - String - - - None - - - clientSecret - - The client secret is only known to the application and the provider for secure communication during the authentication flow. This secret is created by the provider, and assigned to each client application upon registration. - - SecureString - - SecureString - - - None - - - clientSecretMethod - - The client authentication method for the client secret. - - String - - String - - - None - - - userNameClaim - - The property in the ID token provided by the OIDC Identity Provider that contains the user name. - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Set-PASOpenIDConnectProvider -id SomeOIDCProvider -discoveryEndpointUrl https://SomeURL -clientId SomeIDValue -clientSecretMethod POST - - Updates an existing OIDC Identity Provider with ID SomeOIDCProvider. - - - - - - Online Version: - https://pspas.pspete.dev/commands/Set-PASOpenIDConnectProvider - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Update-Provider.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/OIDC-Update-Provider.htm - - - - - - Set-PASPlatformPSMConfig - Set - PASPlatformPSMConfig - - Update target platform PSM Policy details. - - - - Allows Vault admins to update the PSM Policy Section of a target platform. - - - Set-PASPlatformPSMConfig - - ID + Set-PASSafe + + SafeName - Numeric ID of target platform + The name of the safe to update. - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' - Int32 + String - Int32 + String - 0 + None - - PSMServerID + + NewSafeName - PSM server ID linked to the platform + A name to rename the safe to - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' String @@ -36976,17 +45710,58 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - PSMConnectors + + Description - Collection of PSM Connectors to link to the platform + Updated Description for safe. + Max 100 characters. - PSObject[] + String - PSObject[] + String + + + None + + + OLACEnabled + + Boolean value, dictating whether or not to enable Object Level Access Control on the safe. + + Boolean + + Boolean + + + False + + + ManagingCPM + + The Name of the CPM user to manage the safe. + Specify "" to prevent CPM management. + + String + + String + + + None + + + NumberOfDaysRetention + + The number of days for which password versions are saved in the Safe. + - Minimum Value: 0 + - Maximum Value: 3650 + Specify either this parameter or NumberOfVersionsRetention + + Int32 + + Int32 - None + 0 WhatIf @@ -37010,25 +45785,41 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 12.2 + + + SwitchParameter + + + False + - - ID + + SafeName - Numeric ID of target platform + The name of the safe to update. - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' - Int32 + String - Int32 + String - 0 + None - - PSMServerID + + NewSafeName - PSM server ID linked to the platform + A name to rename the safe to - Max Length 28 characters. + - Cannot start with a space. + - Cannot contain: '\','/',':','*','<','>','"','.' or '|' String @@ -37037,18 +45828,71 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda None - - PSMConnectors + + Description - Collection of PSM Connectors to link to the platform + Updated Description for safe. + Max 100 characters. - PSObject[] + String - PSObject[] + String + + + None + + + OLACEnabled + + Boolean value, dictating whether or not to enable Object Level Access Control on the safe. + + Boolean + + Boolean + + + False + + + ManagingCPM + + The Name of the CPM user to manage the safe. + Specify "" to prevent CPM management. + + String + + String None + + NumberOfVersionsRetention + + The number of retained versions of every password that is stored in the Safe. - Max value = 999 Specify either this parameter or NumberOfDaysRetention. + + Int32 + + Int32 + + + 0 + + + NumberOfDaysRetention + + The number of days for which password versions are saved in the Safe. + - Minimum Value: 0 + - Maximum Value: 3650 + Specify either this parameter or NumberOfVersionsRetention + + Int32 + + Int32 + + + 0 + WhatIf @@ -37073,6 +45917,32 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda False + + location + + The vault location to set for the safe + Minimum required version 12.2 + + String + + String + + + None + + + UseGen1API + + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 12.2 + + SwitchParameter + + SwitchParameter + + + False + @@ -37084,70 +45954,52 @@ Set-PASDirectoryMapping -DirectoryName $Directory -MappingAuthorizations AddUpda -------------------------- EXAMPLE 1 -------------------------- - $PSMConfig = Get-PASPlatformPSMConfig -ID 23 - -$PSMConfig.PSMConnectors += (\[PSCustomObject\]@{"PSMConnectorID"="PSM-RDP";"Enabled"=$true}) -Set-PASPlatformPSMConfig -ID 23 -PSMConnectors $PSMConfig.PSMConnectors + Set-PASSafe -SafeName SAFE -Description "New-Description" -NumberOfVersionsRetention 10 - Adds PSM-RDP as an additional connection component configured on platform with id of 23 + Updates description and version retention on SAFE using Gen2 API + Minimum required version 12.2 -------------------------- EXAMPLE 2 -------------------------- - $PSMConfig = Get-PASPlatformPSMConfig -ID 23 - -$PSMConfig | Set-PASPlatformPSMConfig -ID 23 -PSMServerID PSM-LoadBalancer-EMEA - - Updates configured PSMServer on platform with id of 23 to PSM-LoadBalancer-EMEA - - - - -------------------------- EXAMPLE 3 -------------------------- - $ConnectionComponent = $([PSCustomObject]@{"PSMConnectorID"="PSM-SSH";"Enabled"=$true}) - -Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnectors $ConnectionComponent - - Configures platform with ID 42 with connection component PSM-SSH Any other Connection Components currently configured will be removed. - - - - -------------------------- EXAMPLE 4 -------------------------- - Set-PASPlatformPSMConfig -id 42 -PSMServerID PSM-LoadBalancer-EMEA + Set-PASSafe -SafeName SAFE -Description "New-Description" -NumberOfDaysRetention 10 -UseGen1API - Clears all configured Connection Components from platform with id of 42 + Updates description and number of days retention on SAFE using Gen1 API - https://pspas.pspete.dev/commands/Set-PASPlatformPSMConfig - https://pspas.pspete.dev/commands/Set-PASPlatformPSMConfig + https://pspas.pspete.dev/commands/Set-PASSafe + https://pspas.pspete.dev/commands/Set-PASSafe - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Session%20Mngmnt%20-%20Update_Session_Management_Policy_Platform.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Session%20Mngmnt%20-%20Update_Session_Management_Policy_Platform.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe.htm - Set-PASPTAEvent + Set-PASSafeMember Set - PASPTAEvent + PASSafeMember - Updates the status of a security event + Updates a Safe Member - Updates the status of a security event to open or closed + Updates an existing Safe Member's permissions on a safe. + Manage Safe Members permission is required. + Default operation against the Gen2 API requires a minimum version of 12.2 - Set-PASPTAEvent - - EventID + Set-PASSafeMember + + SafeName - The event ID. + The name of the safe to which the safe member belong String @@ -37156,10 +46008,338 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - mStatus + + MemberName + + Vault or Domain User, or Group, safe member to update. + + String + + String + + + None + + + MembershipExpirationDate + + Defines when the member's Safe membership expires. + + DateTime + + DateTime + + + None + + + UseAccounts + + Boolean value defining if UseAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + RetrieveAccounts + + Boolean value defining if RetrieveAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ListAccounts + + Boolean value defining if ListAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + AddAccounts + + Boolean value defining if permission will be granted to safe member on safe. + Includes UpdateAccountProperties (when adding or removing permission). + + Boolean + + Boolean + + + False + + + UpdateAccountContent + + Boolean value defining if AddAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + UpdateAccountProperties + + Boolean value defining if UpdateAccountProperties permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + InitiateCPMAccountManagementOperations + + Boolean value defining if InitiateCPMAccountManagementOperations permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + SpecifyNextAccountContent + + Boolean value defining if SpecifyNextAccountContent permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + RenameAccounts + + Boolean value defining if RenameAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + DeleteAccounts + + Boolean value defining if DeleteAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + UnlockAccounts + + Boolean value defining if UnlockAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ManageSafe + + Boolean value defining if ManageSafe permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ManageSafeMembers + + Boolean value defining if ManageSafeMembers permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + BackupSafe + + Boolean value defining if BackupSafe permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ViewAuditLog + + Boolean value defining if ViewAuditLog permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ViewSafeMembers + + Boolean value defining if ViewSafeMembers permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + AccessWithoutConfirmation + + Boolean value defining if AccessWithoutConfirmation permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + CreateFolders + + Boolean value defining if CreateFolders permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + DeleteFolders + + Boolean value defining if DeleteFolders permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + MoveAccountsAndFolders + + Boolean value defining if MoveAccountsAndFolders permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + requestsAuthorizationLevel1 + + Boolean value defining if requestsAuthorizationLevel1 permission will be granted to safe member on safe. + Minimum required version 12.2 + + Boolean + + Boolean + + + None + + + requestsAuthorizationLevel2 + + Boolean value defining if requestsAuthorizationLevel2 permission will be granted to safe member on safe. + Minimum required version 12.2 + + Boolean + + Boolean + + + None + + + + Set-PASSafeMember + + SafeName + + The name of the safe to which the safe member belong + + String + + String + + + None + + + MemberName - The status to update (open or closed). + Vault or Domain User, or Group, safe member to update. String @@ -37168,126 +46348,34 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - WhatIf + + MembershipExpirationDate - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Defines when the member's Safe membership expires. + DateTime - SwitchParameter + DateTime - False + None - - Confirm + + UseAccounts - Prompts you for confirmation before running the cmdlet. + Boolean value defining if UseAccounts permission will be granted to safe member on safe. + Boolean - SwitchParameter + Boolean False - - - - - EventID - - The event ID. - - String - - String - - - None - - - mStatus - - The status to update (open or closed). - - String - - String - - - None - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - Minimum Version CyberArk 11.3 - - - - - -------------------------- EXAMPLE 1 -------------------------- - Set-PASPTAEvent -EventID $id - - - - - - - - https://pspas.pspete.dev/commands/Set-PASPTAEvent - https://pspas.pspete.dev/commands/Set-PASPTAEvent - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/CloseOpenSecurityEvent.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/CloseOpenSecurityEvent.htm - - - - - - Set-PASPTARemediation - Set - PASPTARemediation - - Updates automatic remediation settings in PTA - - - - Updates automatic remediation settings configured in PTA - - - - Set-PASPTARemediation - - changePassword_SuspectedCredentialsTheft + + RetrieveAccounts - Indicate if Change Password on Suspected Credential Theft the command is active + Boolean value defining if RetrieveAccounts permission will be granted to safe member on safe. Boolean @@ -37296,10 +46384,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - changePassword_OverPassTheHash + + ListAccounts - Indicate if the Change Password on Over Pass The Hash command is active + Boolean value defining if ListAccounts permission will be granted to safe member on safe. Boolean @@ -37308,10 +46396,11 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - reconcilePassword_SuspectedPasswordChange + + AddAccounts - Indicate if the Reconcile Password on Suspected Password Change command is active + Boolean value defining if permission will be granted to safe member on safe. + Includes UpdateAccountProperties (when adding or removing permission). Boolean @@ -37320,10 +46409,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - pendAccount_UnmanagedPrivilegedAccount + + UpdateAccountContent - Indicate if the Add Unmanaged Accounts to Pending Accounts command is active + Boolean value defining if AddAccounts permission will be granted to safe member on safe. Boolean @@ -37332,396 +46421,143 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - WhatIf + + UpdateAccountProperties - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Boolean value defining if UpdateAccountProperties permission will be granted to safe member on safe. + Boolean - SwitchParameter + Boolean False - - Confirm + + InitiateCPMAccountManagementOperations - Prompts you for confirmation before running the cmdlet. + Boolean value defining if InitiateCPMAccountManagementOperations permission will be granted to safe member on safe. + Boolean - SwitchParameter + Boolean False - - - - - changePassword_SuspectedCredentialsTheft - - Indicate if Change Password on Suspected Credential Theft the command is active - - Boolean - - Boolean - - - False - - - changePassword_OverPassTheHash - - Indicate if the Change Password on Over Pass The Hash command is active - - Boolean - - Boolean - - - False - - - reconcilePassword_SuspectedPasswordChange - - Indicate if the Reconcile Password on Suspected Password Change command is active - - Boolean - - Boolean - - - False - - - pendAccount_UnmanagedPrivilegedAccount - - Indicate if the Add Unmanaged Accounts to Pending Accounts command is active - - Boolean - - Boolean - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - - - - - Minimum Version CyberArk 10.4 - - - - - -------------------------- EXAMPLE 1 -------------------------- - Set-PASPTARemediation -changePassword_SuspectedCredentialsTheft $true - - Enables the "Change password on Suspected Credentials Theft" rule. - - - - -------------------------- EXAMPLE 2 -------------------------- - Set-PASPTARemediation -reconcilePassword_SuspectedPasswordChange $false - - Disables the "reconcile on suspected password change" rule. - - - - - - https://pspas.pspete.dev/commands/Set-PASPTARemediation - https://pspas.pspete.dev/commands/Set-PASPTARemediation - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/AutomaticRemediation_UpdateConfiguration.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/AutomaticRemediation_UpdateConfiguration.htm - - - - - - Set-PASPTARiskEvent - Set - PASPTARiskEvent - - Update PTA Risk Events - - - - Update the status of a risk event to open or closed. - Requires minimum version of 13.2 - - - - Set-PASPTARiskEvent - - status + + SpecifyNextAccountContent - The status to update on the risk event + Boolean value defining if SpecifyNextAccountContent permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - WhatIf + + RenameAccounts - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Boolean value defining if RenameAccounts permission will be granted to safe member on safe. + Boolean - SwitchParameter + Boolean False - - Confirm + + DeleteAccounts - Prompts you for confirmation before running the cmdlet. + Boolean value defining if DeleteAccounts permission will be granted to safe member on safe. + Boolean - SwitchParameter + Boolean False - - closeReason + + UnlockAccounts - The close reason for the risk event Valid Values: - HANDLED - - NOTREAL - - OTHER - - NONE - - Requires version 14.0 + Boolean value defining if UnlockAccounts permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - ID + + ManageSafe - The ID of the PTA Risk Event + Boolean value defining if ManageSafe permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - reasonText + ManageSafeMembers - Free text close reason - Requires version 14.0 + Boolean value defining if ManageSafeMembers permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - closeReason - - The close reason for the risk event Valid Values: - HANDLED - - NOTREAL - - OTHER - - NONE - - Requires version 14.0 - - String - - String - - - None - - - ID - - The ID of the PTA Risk Event - - String - - String - - - None - - - reasonText - - Free text close reason - Requires version 14.0 - - String - - String - - - None - - - status - - The status to update on the risk event - - String - - String - - - None - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - Set-PASPTARiskEvent -EventID 123 -Status CLOSED - - Close PTA Risk Event with id 1234 - - - - - - https://pspas.pspete.dev/commands/Set-PASPTARiskEvent - https://pspas.pspete.dev/commands/Set-PASPTARiskEvent - - - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/CloseOpenRiskEvent.htm - https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/CloseOpenRiskEvent.htm - - - - - - Set-PASPTARule - Set - PASPTARule - - Updates an existing Risky Activity rule to PTA - - - - Updates an existing Risky Activity rule in the PTA server configuration. - - - - Set-PASPTARule - - id + + BackupSafe - The unique ID of the rule. + Boolean value defining if BackupSafe permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - category + + ViewAuditLog - The Category of the risky activity - Valid values: SSH, WINDOWS, SCP, KEYSTROKES or SQL + Boolean value defining if ViewAuditLog permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - regex + + ViewSafeMembers - Risky activity in regex form. - Must support all characters (including "/" and escaping characters) + Boolean value defining if ViewSafeMembers permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - score + + RequestsAuthorizationLevel - Activity score. - Number must be between 1 and 100 + Integer value defining level assigned to RequestsAuthorizationLevel for safe member. + Valid Values: 0, 1 or 2 Int32 @@ -37730,36 +46566,46 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector 0 - - description + + AccessWithoutConfirmation - Activity description. - The field is mandatory but can be empty + Boolean value defining if AccessWithoutConfirmation permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - response + + CreateFolders - Automatic response to be executed - Valid Values: NONE, TERMINATE or SUSPEND + Boolean value defining if CreateFolders permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - - active + + DeleteFolders - Indicate if the rule should be active or disabled + Boolean value defining if DeleteFolders permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + MoveAccountsAndFolders + + Boolean value defining if MoveAccountsAndFolders permission will be granted to safe member on safe. Boolean @@ -37790,22 +46636,25 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - machinesList + + UseGen1API - List of machines to be included or excluded for detection + Specify to force usage the Gen1 API endpoint. + Should be specified for versions earlier than 12.2 - String[] - String[] + SwitchParameter - None + False - - machinesMode + + + Set-PASSafeMember + + SafeName - Indicates whether the list of machines will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only machines on the list will be processed for detection - EXCLUDE - Machines on the list will not be processed for detection + The name of the safe to which the safe member belong String @@ -37814,301 +46663,82 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - vaultUsersList + + MemberName - List of accounts to be included or excluded for detection + Vault or Domain User, or Group, safe member to update. - String[] + String - String[] + String None - vaultUsersMode + MembershipExpirationDate - Indicates whether the list of accounts will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only accounts on the list will be processed for detection - EXCLUDE - Accounts on the list will not be processed for detection + Defines when the member's Safe membership expires. - String + DateTime - String + DateTime None - - - - - id - - The unique ID of the rule. - - String - - String - - - None - - - category - - The Category of the risky activity - Valid values: SSH, WINDOWS, SCP, KEYSTROKES or SQL - - String - - String - - - None - - - regex - - Risky activity in regex form. - Must support all characters (including "/" and escaping characters) - - String - - String - - - None - - - score - - Activity score. - Number must be between 1 and 100 - - Int32 - - Int32 - - - 0 - - - description - - Activity description. - The field is mandatory but can be empty - - String - - String - - - None - - - response - - Automatic response to be executed - Valid Values: NONE, TERMINATE or SUSPEND - - String - - String - - - None - - - active - - Indicate if the rule should be active or disabled - - Boolean - - Boolean - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - machinesList - - List of machines to be included or excluded for detection - - String[] - - String[] - - - None - - - machinesMode - - Indicates whether the list of machines will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only machines on the list will be processed for detection - EXCLUDE - Machines on the list will not be processed for detection - - String - - String - - - None - - - vaultUsersList - - List of accounts to be included or excluded for detection - - String[] - - String[] - - - None - - - vaultUsersMode - - Indicates whether the list of accounts will be processed for Suspicious Activity detection Valid values: - INCLUDE - Only accounts on the list will be processed for detection - EXCLUDE - Accounts on the list will not be processed for detection - - String - - String - - - None - - - - - - - Minimum Version CyberArk 10.4 - - - - - -------------------------- EXAMPLE 1 -------------------------- - Set-PASPTARule -id 66 -category KEYSTROKES -regex '(*.)risky cmd(.*)' -score 65 -description "Updated Rule" -response SUSPEND -active $true - - Updates rule 66 in PTA - - - - -------------------------- EXAMPLE 2 -------------------------- - Set-PASPTARule -id 66 -category KEYSTROKES -regex '(*.)risky cmd(.*)' -score 65 -description "Updated Rule" -response SUSPEND -active $true -vaultUsersList UserA,UserB,UserC -machinesMode INCLUDE Computer1,Computer2,Computer3 - - Updates rule 66 in PTA, scoped to exclude listed users, and include listed machines - - - - - - https://pspas.pspete.dev/commands/Set-PASPTARule - https://pspas.pspete.dev/commands/Set-PASPTARule - - - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/UpdateRule.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/UpdateRule.htm - - - - - - Set-PASSafe - Set - PASSafe - - Updates a safe in the Vault - - - - Updates a single safe in the Vault. Manage Safe permission is required. All required properties should be sent in the request. Any properties set on the safe not included in the request will be cleared. - - - - Set-PASSafe - - SafeName + + WhatIf - The name of the safe to update. - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' + Shows what would happen if the cmdlet runs. The cmdlet is not run. - String - String + SwitchParameter - None + False - - NewSafeName + + Confirm - A name to rename the safe to - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' + Prompts you for confirmation before running the cmdlet. - String - String + SwitchParameter - None + False - - Description + + AccountsManager - Updated Description for safe. - Max 100 characters. + Sets Accounts Manager permissions for user on safe - String - String + SwitchParameter - None + False - - OLACEnabled + + + Set-PASSafeMember + + SafeName - Boolean value, dictating whether or not to enable Object Level Access Control on the safe. + The name of the safe to which the safe member belong - Boolean + String - Boolean + String - False + None - - ManagingCPM + + MemberName - The Name of the CPM user to manage the safe. - Specify "" to prevent CPM management. + Vault or Domain User, or Group, safe member to update. String @@ -38118,16 +46748,16 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - NumberOfVersionsRetention + MembershipExpirationDate - The number of retained versions of every password that is stored in the Safe. - Max value = 999 Specify either this parameter or NumberOfDaysRetention. + Defines when the member's Safe membership expires. - Int32 + DateTime - Int32 + DateTime - 0 + None WhatIf @@ -38151,42 +46781,24 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - location + + Approver - The vault location to set for the safe - Minimum required version 12.2 + Sets Approver permissions for user on safe - String - String + SwitchParameter - None + False - Set-PASSafe + Set-PASSafeMember SafeName - The name of the safe to update. - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' - - String - - String - - - None - - - NewSafeName - - A name to rename the safe to - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' + The name of the safe to which the safe member belong String @@ -38195,11 +46807,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - Description + + MemberName - Updated Description for safe. - Max 100 characters. + Vault or Domain User, or Group, safe member to update. String @@ -38208,43 +46819,18 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - OLACEnabled - - Boolean value, dictating whether or not to enable Object Level Access Control on the safe. - - Boolean - - Boolean - - - False - - ManagingCPM + MembershipExpirationDate - The Name of the CPM user to manage the safe. - Specify "" to prevent CPM management. + Defines when the member's Safe membership expires. - String + DateTime - String + DateTime None - - NumberOfVersionsRetention - - The number of retained versions of every password that is stored in the Safe. - Max value = 999 Specify either this parameter or NumberOfDaysRetention. - - Int32 - - Int32 - - - 0 - WhatIf @@ -38267,11 +46853,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - UseGen1API + + ConnectOnly - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 12.2 + Set Connect Only permissions for user on safe SwitchParameter @@ -38281,40 +46866,11 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector - Set-PASSafe + Set-PASSafeMember SafeName - The name of the safe to update. - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' - - String - - String - - - None - - - NewSafeName - - A name to rename the safe to - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' - - String - - String - - - None - - - Description - - Updated Description for safe. - Max 100 characters. + The name of the safe to which the safe member belong String @@ -38323,23 +46879,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - OLACEnabled - - Boolean value, dictating whether or not to enable Object Level Access Control on the safe. - - Boolean - - Boolean - - - False - - - ManagingCPM + + MemberName - The Name of the CPM user to manage the safe. - Specify "" to prevent CPM management. + Vault or Domain User, or Group, safe member to update. String @@ -38349,19 +46892,16 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - NumberOfDaysRetention + MembershipExpirationDate - The number of days for which password versions are saved in the Safe. - - Minimum Value: 0 - - Maximum Value: 3650 - Specify either this parameter or NumberOfVersionsRetention + Defines when the member's Safe membership expires. - Int32 + DateTime - Int32 + DateTime - 0 + None WhatIf @@ -38385,42 +46925,24 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - location + + Full - The vault location to set for the safe - Minimum required version 12.2 + Sets Full Permissions for user on safe - String - String + SwitchParameter - None + False - Set-PASSafe + Set-PASSafeMember SafeName - The name of the safe to update. - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' - - String - - String - - - None - - - NewSafeName - - A name to rename the safe to - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' + The name of the safe to which the safe member belong String @@ -38429,11 +46951,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - Description + + MemberName - Updated Description for safe. - Max 100 characters. + Vault or Domain User, or Group, safe member to update. String @@ -38442,46 +46963,18 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - OLACEnabled - - Boolean value, dictating whether or not to enable Object Level Access Control on the safe. - - Boolean - - Boolean - - - False - - ManagingCPM + MembershipExpirationDate - The Name of the CPM user to manage the safe. - Specify "" to prevent CPM management. + Defines when the member's Safe membership expires. - String + DateTime - String + DateTime None - - NumberOfDaysRetention - - The number of days for which password versions are saved in the Safe. - - Minimum Value: 0 - - Maximum Value: 3650 - Specify either this parameter or NumberOfVersionsRetention - - Int32 - - Int32 - - - 0 - WhatIf @@ -38504,11 +46997,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - UseGen1API + + ReadOnly - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 12.2 + Sets Read Only permissions for user on safe SwitchParameter @@ -38522,9 +47014,7 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector SafeName - The name of the safe to update. - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' + The name of the safe to which the safe member belong String @@ -38533,12 +47023,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - NewSafeName + + MemberName - A name to rename the safe to - Max Length 28 characters. - - Cannot start with a space. - - Cannot contain: '\','/',':','*','<','>','"','.' or '|' + Vault or Domain User, or Group, safe member to update. String @@ -38548,22 +47036,82 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - Description + MembershipExpirationDate - Updated Description for safe. - Max 100 characters. + Defines when the member's Safe membership expires. - String + DateTime - String + DateTime None - - OLACEnabled + + UseAccounts - Boolean value, dictating whether or not to enable Object Level Access Control on the safe. + Boolean value defining if UseAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + RetrieveAccounts + + Boolean value defining if RetrieveAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ListAccounts + + Boolean value defining if ListAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + AddAccounts + + Boolean value defining if permission will be granted to safe member on safe. + Includes UpdateAccountProperties (when adding or removing permission). + + Boolean + + Boolean + + + False + + + UpdateAccountContent + + Boolean value defining if AddAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + UpdateAccountProperties + + Boolean value defining if UpdateAccountProperties permission will be granted to safe member on safe. Boolean @@ -38573,37 +47121,130 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - ManagingCPM + InitiateCPMAccountManagementOperations - The Name of the CPM user to manage the safe. - Specify "" to prevent CPM management. + Boolean value defining if InitiateCPMAccountManagementOperations permission will be granted to safe member on safe. - String + Boolean - String + Boolean - None + False - NumberOfVersionsRetention + SpecifyNextAccountContent - The number of retained versions of every password that is stored in the Safe. - Max value = 999 Specify either this parameter or NumberOfDaysRetention. + Boolean value defining if SpecifyNextAccountContent permission will be granted to safe member on safe. - Int32 + Boolean - Int32 + Boolean - 0 + False + + + RenameAccounts + + Boolean value defining if RenameAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + DeleteAccounts + + Boolean value defining if DeleteAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + UnlockAccounts + + Boolean value defining if UnlockAccounts permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False - NumberOfDaysRetention + ManageSafe - The number of days for which password versions are saved in the Safe. - - Minimum Value: 0 - - Maximum Value: 3650 - Specify either this parameter or NumberOfVersionsRetention + Boolean value defining if ManageSafe permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ManageSafeMembers + + Boolean value defining if ManageSafeMembers permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + BackupSafe + + Boolean value defining if BackupSafe permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ViewAuditLog + + Boolean value defining if ViewAuditLog permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + ViewSafeMembers + + Boolean value defining if ViewSafeMembers permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + RequestsAuthorizationLevel + + Integer value defining level assigned to RequestsAuthorizationLevel for safe member. + Valid Values: 0, 1 or 2 Int32 @@ -38612,6 +47253,54 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector 0 + + AccessWithoutConfirmation + + Boolean value defining if AccessWithoutConfirmation permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + CreateFolders + + Boolean value defining if CreateFolders permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + DeleteFolders + + Boolean value defining if DeleteFolders permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + + + MoveAccountsAndFolders + + Boolean value defining if MoveAccountsAndFolders permission will be granted to safe member on safe. + + Boolean + + Boolean + + + False + WhatIf @@ -38637,19 +47326,32 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - location + requestsAuthorizationLevel1 - The vault location to set for the safe + Boolean value defining if requestsAuthorizationLevel1 permission will be granted to safe member on safe. Minimum required version 12.2 - String + Boolean - String + Boolean None - + + requestsAuthorizationLevel2 + + Boolean value defining if requestsAuthorizationLevel2 permission will be granted to safe member on safe. + Minimum required version 12.2 + + Boolean + + Boolean + + + None + + UseGen1API Specify to force usage the Gen1 API endpoint. @@ -38662,6 +47364,66 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False + + AccountsManager + + Sets Accounts Manager permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + Approver + + Sets Approver permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + ConnectOnly + + Set Connect Only permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + Full + + Sets Full Permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + + + ReadOnly + + Sets Read Only permissions for user on safe + + SwitchParameter + + SwitchParameter + + + False + @@ -38673,60 +47435,51 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector -------------------------- EXAMPLE 1 -------------------------- - Set-PASSafe -SafeName SAFE -Description "New-Description" -NumberOfVersionsRetention 10 + Set-PASSafeMember -SafeName TargetSafe -MemberName TargetUser -AddAccounts $true - Updates description and version retention on SAFE using Gen2 API + Updates TargetUser's permissions as safe member on TargetSafe to include "Add Accounts" using the Gen2 API. Minimum required version 12.2 -------------------------- EXAMPLE 2 -------------------------- - Get-PASSafe -SafeName SAFE | Set-PASSafe -SafeName SAFE -NumberOfVersionsRetention 10 - - Updates version retention on SAFE using Gen2 API, maintaining all other properties. - Minimum required version 12.2 - - - - -------------------------- EXAMPLE 3 -------------------------- - Set-PASSafe -SafeName SAFE -Description "New-Description" -NumberOfDaysRetention 10 -UseGen1API + Set-PASSafeMember -SafeName TargetSafe -MemberName TargetUser -AddAccounts $true -UseGen1API - Updates description and number of days retention on SAFE using Gen1 API + Updates TargetUser's permissions as safe member on TargetSafe to include "Add Accounts" using the Gen1 API. - https://pspas.pspete.dev/commands/Set-PASSafe - https://pspas.pspete.dev/commands/Set-PASSafe + https://pspas.pspete.dev/commands/Set-PASSafeMember + https://pspas.pspete.dev/commands/Set-PASSafeMember - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe%20Member.htm + https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe%20Member.htm - Set-PASSafeMember + Set-PASTheme Set - PASSafeMember + PASTheme - Updates a Safe Member + Updates a custom theme - Updates an existing Safe Member's permissions on a safe. - Manage Safe Members permission is required. - Default operation against the Gen2 API requires a minimum version of 12.2 + Updates an existing custom theme. + Requires membership of Vault Admins group - Set-PASSafeMember - - SafeName + Set-PASTheme + + ThemeName - The name of the safe to which the safe member belong + The name of the existing theme to update String @@ -38735,10 +47488,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - MemberName + + borderMain_Dark - Vault or Domain User, or Group, safe member to update. + Dark mode main border color String @@ -38747,240 +47500,250 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - MembershipExpirationDate + + textMain_Dark - Defines when the member's Safe membership expires. + Dark mode main text color - DateTime + String - DateTime + String None - - UseAccounts + + disableMain_Dark - Boolean value defining if UseAccounts permission will be granted to safe member on safe. + Dark mode main disable color - Boolean + String - Boolean + String - False + None - - RetrieveAccounts + + disableTextPrimary_Dark - Boolean value defining if RetrieveAccounts permission will be granted to safe member on safe. + Dark mode primary disable text color - Boolean + String - Boolean + String - False + None - - ListAccounts + + disableBackgroundPrimary_Dark - Boolean value defining if ListAccounts permission will be granted to safe member on safe. + Dark mode primary disable background color - Boolean + String - Boolean + String - False + None - - AddAccounts + + successPrimary_Dark - Boolean value defining if permission will be granted to safe member on safe. - Includes UpdateAccountProperties (when adding or removing permission). + Dark mode primary success color - Boolean + String - Boolean + String - False + None - - UpdateAccountContent + + successSecondary_Dark - Boolean value defining if AddAccounts permission will be granted to safe member on safe. + Dark mode secondary success color - Boolean + String - Boolean + String + + + None + + + warningPrimary_Dark + + Dark mode primary warning color + + String + + String - False + None - - UpdateAccountProperties + + warningSecondary_Dark - Boolean value defining if UpdateAccountProperties permission will be granted to safe member on safe. + Dark mode secondary warning color - Boolean + String - Boolean + String - False + None - - InitiateCPMAccountManagementOperations + + infoPrimary_Dark - Boolean value defining if InitiateCPMAccountManagementOperations permission will be granted to safe member on safe. + Dark mode primary info color - Boolean + String - Boolean + String - False + None - - SpecifyNextAccountContent + + name - Boolean value defining if SpecifyNextAccountContent permission will be granted to safe member on safe. + The theme name to set on the existing theme - Boolean + String - Boolean + String - False + None - - RenameAccounts + + infoSecondary_Dark - Boolean value defining if RenameAccounts permission will be granted to safe member on safe. + Dark mode secondary info color - Boolean + String - Boolean + String - False + None - - DeleteAccounts + + errorPrimary_Dark - Boolean value defining if DeleteAccounts permission will be granted to safe member on safe. + Dark mode primary error color - Boolean + String - Boolean + String - False + None - - UnlockAccounts + + errorSecondary_Dark - Boolean value defining if UnlockAccounts permission will be granted to safe member on safe. + Dark mode secondary error color - Boolean + String - Boolean + String - False + None - - ManageSafe + + backgroundMain_Bright - Boolean value defining if ManageSafe permission will be granted to safe member on safe. + Light mode main background color - Boolean + String - Boolean + String - False + None - - ManageSafeMembers + + borderMain_Bright - Boolean value defining if ManageSafeMembers permission will be granted to safe member on safe. + Light mode main border color - Boolean + String - Boolean + String - False + None - - BackupSafe + + textMain_Bright - Boolean value defining if BackupSafe permission will be granted to safe member on safe. + Light mode main text color - Boolean + String - Boolean + String - False + None - - ViewAuditLog + + disableMain_Bright - Boolean value defining if ViewAuditLog permission will be granted to safe member on safe. + Light mode main disable color - Boolean + String - Boolean + String - False + None - - ViewSafeMembers + + disableTextPrimary_Bright - Boolean value defining if ViewSafeMembers permission will be granted to safe member on safe. + Light mode primary disable text color - Boolean + String - Boolean + String - False + None - - RequestsAuthorizationLevel + + disableBackgroundPrimary_Bright - Integer value defining level assigned to RequestsAuthorizationLevel for safe member. - Valid Values: 0, 1 or 2 + Light mode primary disable background color - Int32 + String - Int32 + String - 0 + None - - AccessWithoutConfirmation + + successPrimary_Bright - Boolean value defining if AccessWithoutConfirmation permission will be granted to safe member on safe. + Light mode primary success color - Boolean + String - Boolean + String - False + None - - CreateFolders + + isDraft - Boolean value defining if CreateFolders permission will be granted to safe member on safe. + Whether the theme is marked as draft Boolean @@ -38989,71 +47752,70 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - DeleteFolders + + successSecondary_Bright - Boolean value defining if DeleteFolders permission will be granted to safe member on safe. + Light mode secondary success color - Boolean + String - Boolean + String - False + None - - MoveAccountsAndFolders + + warningPrimary_Bright - Boolean value defining if MoveAccountsAndFolders permission will be granted to safe member on safe. + Light mode primary warning color - Boolean + String - Boolean + String - False + None - - WhatIf + + warningSecondary_Bright - Shows what would happen if the cmdlet runs. The cmdlet is not run. + Light mode secondary warning color + String - SwitchParameter + String - False + None - - Confirm + + infoPrimary_Bright - Prompts you for confirmation before running the cmdlet. + Light mode primary info color + String - SwitchParameter + String - False + None - - UseGen1API + + infoSecondary_Bright - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 12.2 + Light mode secondary info color + String - SwitchParameter + String - False + None - - - Set-PASSafeMember - - SafeName + + errorPrimary_Bright - The name of the safe to which the safe member belong + Light mode primary error color String @@ -39062,10 +47824,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - MemberName + + errorSecondary_Bright - Vault or Domain User, or Group, safe member to update. + Light mode secondary error color String @@ -39074,258 +47836,257 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - MembershipExpirationDate + + mainColor - Defines when the member's Safe membership expires. + The primary color of the theme - DateTime + String - DateTime + String None - - UseAccounts + + selectedMain - Boolean value defining if UseAccounts permission will be granted to safe member on safe. + The color used for elements in their selected state - Boolean + String - Boolean + String - False + None - - RetrieveAccounts + + hoverMain - Boolean value defining if RetrieveAccounts permission will be granted to safe member on safe. + The color used for elements in their hover state - Boolean + String - Boolean + String - False + None - - ListAccounts + + mainBackgroundImage - Boolean value defining if ListAccounts permission will be granted to safe member on safe. + the main background image - Boolean + String - Boolean + String - False + None - - AddAccounts + + defaultButtonTextPrimary - Boolean value defining if permission will be granted to safe member on safe. - Includes UpdateAccountProperties (when adding or removing permission). + The default text color used on buttons - Boolean + String - Boolean + String - False + None - - UpdateAccountContent + + menuLogoBackground - Boolean value defining if AddAccounts permission will be granted to safe member on safe. + The background color of the menu logo - Boolean + String - Boolean + String - False + None - - UpdateAccountProperties + + menuBackground - Boolean value defining if UpdateAccountProperties permission will be granted to safe member on safe. + The background color of the menu - Boolean + String - Boolean + String - False + None - - InitiateCPMAccountManagementOperations + + menuHoverBackground - Boolean value defining if InitiateCPMAccountManagementOperations permission will be granted to safe member on safe. + The background color of the menu items on hover - Boolean + String - Boolean + String - False + None - - SpecifyNextAccountContent + + menuActiveBackgroundPrimary - Boolean value defining if SpecifyNextAccountContent permission will be granted to safe member on safe. + The primary background color of the menu items when active - Boolean + String - Boolean + String - False + None - - RenameAccounts + + menuActiveBackgroundSecondary - Boolean value defining if RenameAccounts permission will be granted to safe member on safe. + The secondary background color of the menu items when active - Boolean + String - Boolean + String - False + None - - DeleteAccounts + + menuText - Boolean value defining if DeleteAccounts permission will be granted to safe member on safe. + The text color of the menu items - Boolean + String - Boolean + String - False + None - - UnlockAccounts + + menuTextActive - Boolean value defining if UnlockAccounts permission will be granted to safe member on safe. + The text color of the menu items when active - Boolean + String - Boolean + String - False + None - - ManageSafe + + menuIcon - Boolean value defining if ManageSafe permission will be granted to safe member on safe. + The color of the menu icons - Boolean + String - Boolean + String - False + None - - ManageSafeMembers + + backgroundMain - Boolean value defining if ManageSafeMembers permission will be granted to safe member on safe. + The main background color - Boolean + String - Boolean + String - False + None - - BackupSafe + + mainLogoDark - Boolean value defining if BackupSafe permission will be granted to safe member on safe. + the main logo in darker colors - Boolean + String - Boolean + String - False + None - - ViewAuditLog + + borderMain - Boolean value defining if ViewAuditLog permission will be granted to safe member on safe. + The main border color - Boolean + String - Boolean + String - False + None - - ViewSafeMembers + + textMain - Boolean value defining if ViewSafeMembers permission will be granted to safe member on safe. + The main text color - Boolean + String - Boolean + String - False + None - - AccessWithoutConfirmation + + advancedSmallLogo - Boolean value defining if AccessWithoutConfirmation permission will be granted to safe member on safe. + the advanced small logo - Boolean + String - Boolean + String - False + None - - CreateFolders + + advancedSymbolLogo - Boolean value defining if CreateFolders permission will be granted to safe member on safe. + the advanced symbol logo - Boolean + String - Boolean + String - False + None - - DeleteFolders + + colorsStyle - Boolean value defining if DeleteFolders permission will be granted to safe member on safe. + Type of the theme (dark or bright) - Boolean + String - Boolean + String - False + None - - MoveAccountsAndFolders + + backgroundMain_Dark - Boolean value defining if MoveAccountsAndFolders permission will be granted to safe member on safe. + Dark mode main background color - Boolean + String - Boolean + String - False + None WhatIf @@ -39349,39 +48110,169 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector False - - requestsAuthorizationLevel1 - - Boolean value defining if requestsAuthorizationLevel1 permission will be granted to safe member on safe. - Minimum required version 12.2 - - Boolean - - Boolean - - - None - - - requestsAuthorizationLevel2 - - Boolean value defining if requestsAuthorizationLevel2 permission will be granted to safe member on safe. - Minimum required version 12.2 - - Boolean - - Boolean - - - None - - - SafeName + + ThemeName + + The name of the existing theme to update + + String + + String + + + None + + + name + + The theme name to set on the existing theme + + String + + String + + + None + + + isDraft + + Whether the theme is marked as draft + + Boolean + + Boolean + + + False + + + mainBackgroundImage + + the main background image + + String + + String + + + None + + + mainLogoDark + + the main logo in darker colors + + String + + String + + + None + + + advancedSmallLogo + + the advanced small logo + + String + + String + + + None + + + advancedSymbolLogo + + the advanced symbol logo + + String + + String + + + None + + + colorsStyle + + Type of the theme (dark or bright) + + String + + String + + + None + + + backgroundMain_Dark + + Dark mode main background color + + String + + String + + + None + + + borderMain_Dark + + Dark mode main border color + + String + + String + + + None + + + textMain_Dark + + Dark mode main text color + + String + + String + + + None + + + disableMain_Dark + + Dark mode main disable color + + String + + String + + + None + + + disableTextPrimary_Dark + + Dark mode primary disable text color + + String + + String + + + None + + + disableBackgroundPrimary_Dark - The name of the safe to which the safe member belong + Dark mode primary disable background color String @@ -39390,10 +48281,10 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - MemberName + + successPrimary_Dark - Vault or Domain User, or Group, safe member to update. + Dark mode primary success color String @@ -39402,327 +48293,454 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None - - MembershipExpirationDate + + successSecondary_Dark - Defines when the member's Safe membership expires. + Dark mode secondary success color - DateTime + String - DateTime + String None - - UseAccounts + + warningPrimary_Dark - Boolean value defining if UseAccounts permission will be granted to safe member on safe. + Dark mode primary warning color - Boolean + String - Boolean + String - False + None - - RetrieveAccounts + + warningSecondary_Dark - Boolean value defining if RetrieveAccounts permission will be granted to safe member on safe. + Dark mode secondary warning color - Boolean + String - Boolean + String - False + None - - ListAccounts + + infoPrimary_Dark - Boolean value defining if ListAccounts permission will be granted to safe member on safe. + Dark mode primary info color - Boolean + String - Boolean + String - False + None - - AddAccounts + + infoSecondary_Dark - Boolean value defining if permission will be granted to safe member on safe. - Includes UpdateAccountProperties (when adding or removing permission). + Dark mode secondary info color - Boolean + String - Boolean + String - False + None - - UpdateAccountContent + + errorPrimary_Dark - Boolean value defining if AddAccounts permission will be granted to safe member on safe. + Dark mode primary error color - Boolean + String - Boolean + String - False + None - - UpdateAccountProperties + + errorSecondary_Dark - Boolean value defining if UpdateAccountProperties permission will be granted to safe member on safe. + Dark mode secondary error color - Boolean + String - Boolean + String - False + None - - InitiateCPMAccountManagementOperations + + backgroundMain_Bright - Boolean value defining if InitiateCPMAccountManagementOperations permission will be granted to safe member on safe. + Light mode main background color - Boolean + String - Boolean + String - False + None - - SpecifyNextAccountContent + + borderMain_Bright - Boolean value defining if SpecifyNextAccountContent permission will be granted to safe member on safe. + Light mode main border color - Boolean + String - Boolean + String - False + None - - RenameAccounts + + textMain_Bright - Boolean value defining if RenameAccounts permission will be granted to safe member on safe. + Light mode main text color - Boolean + String - Boolean + String - False + None - - DeleteAccounts + + disableMain_Bright - Boolean value defining if DeleteAccounts permission will be granted to safe member on safe. + Light mode main disable color - Boolean + String - Boolean + String - False + None - - UnlockAccounts + + disableTextPrimary_Bright - Boolean value defining if UnlockAccounts permission will be granted to safe member on safe. + Light mode primary disable text color - Boolean + String - Boolean + String - False + None - - ManageSafe + + disableBackgroundPrimary_Bright - Boolean value defining if ManageSafe permission will be granted to safe member on safe. + Light mode primary disable background color - Boolean + String - Boolean + String - False + None - - ManageSafeMembers + + successPrimary_Bright - Boolean value defining if ManageSafeMembers permission will be granted to safe member on safe. + Light mode primary success color - Boolean + String - Boolean + String - False + None - - BackupSafe + + successSecondary_Bright - Boolean value defining if BackupSafe permission will be granted to safe member on safe. + Light mode secondary success color - Boolean + String - Boolean + String - False + None - - ViewAuditLog + + warningPrimary_Bright - Boolean value defining if ViewAuditLog permission will be granted to safe member on safe. + Light mode primary warning color - Boolean + String - Boolean + String - False + None - - ViewSafeMembers + + warningSecondary_Bright - Boolean value defining if ViewSafeMembers permission will be granted to safe member on safe. + Light mode secondary warning color - Boolean + String - Boolean + String - False + None - - RequestsAuthorizationLevel + + infoPrimary_Bright - Integer value defining level assigned to RequestsAuthorizationLevel for safe member. - Valid Values: 0, 1 or 2 + Light mode primary info color - Int32 + String - Int32 + String - 0 + None - - AccessWithoutConfirmation + + infoSecondary_Bright - Boolean value defining if AccessWithoutConfirmation permission will be granted to safe member on safe. + Light mode secondary info color - Boolean + String - Boolean + String - False + None - - CreateFolders + + errorPrimary_Bright - Boolean value defining if CreateFolders permission will be granted to safe member on safe. + Light mode primary error color - Boolean + String - Boolean + String - False + None - - DeleteFolders + + errorSecondary_Bright - Boolean value defining if DeleteFolders permission will be granted to safe member on safe. + Light mode secondary error color - Boolean + String - Boolean + String - False + None - - MoveAccountsAndFolders + + mainColor - Boolean value defining if MoveAccountsAndFolders permission will be granted to safe member on safe. + The primary color of the theme - Boolean + String - Boolean + String - False + None - - WhatIf + + selectedMain - Shows what would happen if the cmdlet runs. The cmdlet is not run. + The color used for elements in their selected state - SwitchParameter + String - SwitchParameter + String - False + None - - Confirm + + hoverMain - Prompts you for confirmation before running the cmdlet. + The color used for elements in their hover state - SwitchParameter + String - SwitchParameter + String - False + None - - requestsAuthorizationLevel1 + + defaultButtonTextPrimary - Boolean value defining if requestsAuthorizationLevel1 permission will be granted to safe member on safe. - Minimum required version 12.2 + The default text color used on buttons - Boolean + String - Boolean + String None - - requestsAuthorizationLevel2 + + menuLogoBackground - Boolean value defining if requestsAuthorizationLevel2 permission will be granted to safe member on safe. - Minimum required version 12.2 + The background color of the menu logo - Boolean + String - Boolean + String None - - UseGen1API + + menuBackground - Specify to force usage the Gen1 API endpoint. - Should be specified for versions earlier than 12.2 + The background color of the menu + + String + + String + + + None + + + menuHoverBackground + + The background color of the menu items on hover + + String + + String + + + None + + + menuActiveBackgroundPrimary + + The primary background color of the menu items when active + + String + + String + + + None + + + menuActiveBackgroundSecondary + + The secondary background color of the menu items when active + + String + + String + + + None + + + menuText + + The text color of the menu items + + String + + String + + + None + + + menuTextActive + + The text color of the menu items when active + + String + + String + + + None + + + menuIcon + + The color of the menu icons + + String + + String + + + None + + + backgroundMain + + The main background color + + String + + String + + + None + + + borderMain + + The main border color + + String + + String + + + None + + + textMain + + The main text color + + String + + String + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. SwitchParameter @@ -39741,29 +48759,21 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector - -------------------------- EXAMPLE 1 -------------------------- - Set-PASSafeMember -SafeName TargetSafe -MemberName TargetUser -AddAccounts $true - - Updates TargetUser's permissions as safe member on TargetSafe to include "Add Accounts" using the Gen2 API. - Minimum required version 12.2 - - - - -------------------------- EXAMPLE 2 -------------------------- - Set-PASSafeMember -SafeName TargetSafe -MemberName TargetUser -AddAccounts $true -UseGen1API + -------------------------- Example 1 -------------------------- + PS C:\> New-PASTheme -ThemeName "Barbie Pink" -name "Pink Pony Club" - Updates TargetUser's permissions as safe member on TargetSafe to include "Add Accounts" using the Gen1 API. + Updates the theme name from "Barbie Pink" to "Pink Pony Club" - https://pspas.pspete.dev/commands/Set-PASSafeMember - https://pspas.pspete.dev/commands/Set-PASSafeMember + https://pspas.pspete.dev/commands/Set-PASTheme + https://pspas.pspete.dev/commands/Set-PASTheme - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe%20Member.htm - https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Update%20Safe%20Member.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/sdk/rest-api-cust-ui-themes-update.htm @@ -40394,6 +49404,19 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Minimum required version 14.4 + + String[] + + String[] + + + None + Set-PASUser @@ -41235,6 +50258,19 @@ Set-PASPlatformPSMConfig -ID 52 -PSMServerID PSM-LoadBalancer-EMEA -PSMConnector None + + allowedAuthenticationMethods + + All the non-Vault authentication methods (specified by ID) that the user can use to log on. + Minimum required version 14.4 + + String[] + + String[] + + + None + @@ -41822,6 +50858,162 @@ Start-PASAccountImportJob -source "SomeSource" -accountsList $Accounts + + + Sync-PASDependentAccount + Sync + PASDependentAccount + + This syncs the dependent account secret with its master account. + + + + Syncs the dependent account secret with its master account. + The user performing this task must have the following permissions in the Safe where the privileged account is stored: + Initiate CPM password management operations + Requires minimum version 14.6. + + + + Sync-PASDependentAccount + + accountId + + The ID of the parent account whose password will be synchronized to the dependent account. + + String + + String + + + None + + + dependentAccountId + + The ID of the dependent account that will receive the synchronized password from the parent account. + Specify multiple values to perform bulk synchronisation in a single request. + + String[] + + String[] + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + + SwitchParameter + + + False + + + + + + accountId + + The ID of the parent account whose password will be synchronized to the dependent account. + + String + + String + + + None + + + dependentAccountId + + The ID of the dependent account that will receive the synchronized password from the parent account. + Specify multiple values to perform bulk synchronisation in a single request. + + String[] + + String[] + + + None + + + WhatIf + + Shows what would happen if the cmdlet runs. The cmdlet is not run. + + SwitchParameter + + SwitchParameter + + + False + + + Confirm + + Prompts you for confirmation before running the cmdlet. + + SwitchParameter + + SwitchParameter + + + False + + + + + + + Requires minimum version 14.6 + + + + + -------------------------- EXAMPLE 1 -------------------------- + PS C:\> Sync-PASDependentAccount -accountId 12_34 -dependentAccountId 56_78 + + Synchronizes the password of dependent account with ID 56_78 with its parent account 12_34. + + + + -------------------------- EXAMPLE 2 -------------------------- + PS C:\> Sync-PASDependentAccount -accountId 12_34 -dependentAccountId 12_78, 12_01, 12_45, 12_89 + + Synchronizes the password of the specified dependent accounts for parent account with id 12_34. + + + + + + https://pspas.pspete.dev/commands/Sync-PASDependentAccount + https://pspas.pspete.dev/commands/Sync-PASDependentAccount + + + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/Dependent-Accounts.htm + https://docs.cyberark.com/PAS/Latest/en/Content/WebServices/Dependent-Accounts.htm + + + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-sync-dependent-account-secret.htm + https://docs.cyberark.com/pam-self-hosted/latest/en/content/webservices/bulk-sync-dependent-account-secret.htm + + + Test-PASPSMRecording diff --git a/psPAS/psPAS.psd1 b/psPAS/psPAS.psd1 index c8f7f851..1f11496e 100644 --- a/psPAS/psPAS.psd1 +++ b/psPAS/psPAS.psd1 @@ -16,7 +16,7 @@ # CompanyName = '' # Copyright statement for this module - Copyright = '(c) 2017-2024 Pete Maan. All rights reserved.' + Copyright = '(c) 2017-2025 Pete Maan. All rights reserved.' # Description of the functionality provided by this module Description = 'Module for CyberArk Privileged Access Security Web Service REST API' @@ -46,7 +46,9 @@ # RequiredAssemblies = @() # Script files (.ps1) that are run in the caller's environment prior to importing this module. - # ScriptsToProcess = @() + ScriptsToProcess = @( + '.\subscriberClasses.ps1' + ) # Type files (.ps1xml) to be loaded when importing this module TypesToProcess = @( @@ -252,7 +254,44 @@ 'Publish-PASDiscoveredLocalAccount', 'Add-PASDiscoveredLocalAccount', 'Clear-PASDiscoveredLocalAccount', - 'Remove-PASDiscoveredLocalAccount' + 'Remove-PASDiscoveredLocalAccount', + 'Enable-PASTheme', + 'Remove-PASTheme', + 'Get-PASStoredPlatform', + 'Remove-PASStoredPlatform', + 'Get-PASUserLicenseReport', + 'Get-PASAccountSearchProperty', + 'Get-PASReport', + 'Get-PASReportSchedule', + 'New-PASReportSchedule', + 'Export-PASReport', + 'Remove-PASUserAllowedAuthenticationMethod', + 'Add-PASUserAllowedAuthenticationMethod', + 'Remove-PASDiscoveredLocalAccount', + 'Remove-PASDependentAccount', + 'Resume-PASDependentAccount', + 'Remove-PASFIDO2Device', + 'Get-PASMasterPolicy', + 'Set-PASMasterPolicy', + 'Get-PASDependentAccount', + 'Sync-PASDependentAccount', + 'Remove-PASPTASecurityConfigurationProperty', + 'Reset-PASPTASecurityConfigurationProperty', + 'Reset-PASPTASecurityConfigurationCategory', + 'Get-PASPTASecurityConfigurationCategory', + 'Set-PASDependentAccount', + 'Add-PASDependentAccount', + 'Import-PASThemeImage', + 'Export-PASThemeImage', + 'Reset-PASTheme', + 'Publish-PASTheme', + 'Get-PASTheme', + 'New-PASTheme', + 'Set-PASTheme', + 'Add-PASPTASyslog', + 'Remove-PASPTASyslog', + 'Set-PASPTASMTP' + ) #AliasesToExport = @() diff --git a/psPAS/subscriberClasses.ps1 b/psPAS/subscriberClasses.ps1 new file mode 100644 index 00000000..1fb3b1a5 --- /dev/null +++ b/psPAS/subscriberClasses.ps1 @@ -0,0 +1,53 @@ +# Class definitions for Report subscribers + +class LdapInfo { + [string]$directoryName + [string]$fullDN + + LdapInfo([string]$directoryName = $null, [string]$fullDN = $null) { + $this.directoryName = $directoryName + $this.fullDN = $fullDN + } +} + +class Subscriber { + [string]$name + [string]$type + [bool]$notifyOnSuccess + [LdapInfo]$ldapInfo + + Subscriber( + [string]$name = $null, + [string]$type = $null, + [bool]$notifyOnSuccess = $false, + [LdapInfo]$ldapInfo = $null + ) { + $this.name = $name + $this.type = $type + $this.notifyOnSuccess = $notifyOnSuccess + $this.ldapInfo = $ldapInfo + } + + static [Subscriber] AddSubscriber() { + $SomeName = Read-Host "Enter subscriber name" + $SomeType = Read-Host "Enter subscriber type" + $notify = Read-Host "Notify on success? (true/false)" + $SomeNotifyOnSuccess = $false + if ($notify -match '^(true|false)$') { + $SomeNotifyOnSuccess = [bool]::Parse($notify) + } + + $useLdap = Read-Host "Add LDAP info? (yes/no)" + $SomeLdapInfo = $null + if ($useLdap -eq "yes") { + $SomeDirectoryName = Read-Host "Enter LDAP directory name" + $SomeFullDN = Read-Host "Enter full DN" + $SomeLdapInfo = [LdapInfo]::new($SomeDirectoryName, $SomeFullDN) + } + + return [Subscriber]::new($SomeName, $SomeType, $SomeNotifyOnSuccess, $SomeLdapInfo) + } +} + + +$null = [Subscriber], [LdapInfo] diff --git a/psPAS/xml/psPAS.CyberArk.Vault.Account.Type.ps1xml b/psPAS/xml/psPAS.CyberArk.Vault.Account.Type.ps1xml index 56487cec..ba18f2af 100644 --- a/psPAS/xml/psPAS.CyberArk.Vault.Account.Type.ps1xml +++ b/psPAS/xml/psPAS.CyberArk.Vault.Account.Type.ps1xml @@ -57,6 +57,34 @@ } + + ToHashtable + + \ No newline at end of file diff --git a/psPAS/xml/psPAS.CyberArk.Vault.Credential.Type.ps1xml b/psPAS/xml/psPAS.CyberArk.Vault.Credential.Type.ps1xml index 7481d95d..a0d2732c 100644 --- a/psPAS/xml/psPAS.CyberArk.Vault.Credential.Type.ps1xml +++ b/psPAS/xml/psPAS.CyberArk.Vault.Credential.Type.ps1xml @@ -9,6 +9,14 @@ $this | Select-Object -ExpandProperty Password | ConvertTo-SecureString -AsPlainText -Force + + ToCredential + + ToPsCredential + + + UserSource + + + + UserType + + + + IsAgentUser + + + + IsExpired + + + + IsDisabled + + + + IsSuspended + + + + Remove + + + + \ No newline at end of file diff --git a/psPAS/xml/psPAS.CyberArk.Vault.User.Formats.ps1xml b/psPAS/xml/psPAS.CyberArk.Vault.User.Formats.ps1xml index 930ebeb3..15cbe811 100644 --- a/psPAS/xml/psPAS.CyberArk.Vault.User.Formats.ps1xml +++ b/psPAS/xml/psPAS.CyberArk.Vault.User.Formats.ps1xml @@ -142,6 +142,12 @@ unAuthorizedInterfaces + + allowedAuthenticationMethods + + + FidoCredentialsIds +