Get users
This method returns a list of all existing users in the Vault except for the Master and Batch built-in users.
The user running this Web service must have Audit users permissions.
Users on the same level as your user or lower in the Vault hierarchy are retrieved.
This Web service returns up to 6000 users in up to 20 seconds. If the number of users is higher, the response time may be higher. |
URL
|
Make sure there are no spaces in the URL. The following characters are not supported in URL values: + & % |
Resource information
HTTP method |
Content type |
---|---|
GET |
application/json |
Header parameter
Parameter |
Description |
---|---|
Authorization |
The token that identifies the session, encoded in BASE 64. Type: String Mandatory: Yes Default value: None |
URL parameters
Parameter |
Description |
---|---|
filter |
Filters according to the REST standard. Search for users using the following filters:
Type: String Default value: None (all users are returned) |
sort |
Property or properties by which to sort returned users, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties.
Type: String |
search |
Search using the following values (search is according to REST standards):
Type: String Default value: None (all users are returned) |
ExtendedDetails |
Returns additional user details as user groups and userDN for LDAP users. Type: Boolean Mandatory: No Default value: False |
Result
{ "Users": [ { "id": 2, "username": "Administrator", "source": "CyberArk", "userType": "Built-InAdmins", "componentUser": false, "groupsMembership": [ { "groupID": 16, "groupName": "PVWAMonitor", "groupType": "Vault" }, { "groupID": 17, "groupName": "PVWAUsers", "groupType": "Vault" }, { "groupID": 11, "groupName": "Vault Admins", "groupType": "Vault" } ], "vaultAuthorization": [ "AddUpdateUsers", "AddSafes", "AddNetworkAreas", "ManageDirectoryMapping", "ManageServerFileCategories", "AuditUsers", "BackupAllSafes", "RestoreAllSafes", "ResetUsersPasswords", "ActivateUsers" ], "location": "\\", "personalDetails": { "firstName": "Jen", "middleName": "R", "lastName": "Grey" } } ], "Total": 1 } |
Parameter |
Description |
||
---|---|---|---|
id |
The unique ID of the user. Type: Number |
||
username |
The name of the user. Type: String |
||
userDN |
The distinguished name of the user. Relevant for LDAP users only. Type: String
|
||
source |
The source of the user. Valid values:
Type: Boolean |
||
userType |
The user type as defined in the license. Type: String |
||
authorizedInterfaces |
The CyberArk interfaces that the user is authorized to use. The following interfaces are possible values:
Type: List of strings |
||
componentUser |
Whether the user is a known component or not. If the user is a component, then the value is true. Otherwise, it is false. The following user types are considered components:
Type: Boolean |
||
vaultAuthorization |
The user permissions. Valid values:
Type: List of strings |
||
groupsMembership |
A list of groups that the user is a member of. See Group membership parameters.
|
||
location |
The location of the Vault. Type: String |
||
enabled |
Whether or not the user is enabled. Type: Boolean
|
||
suspended |
Whether or not the user is suspended after entering incorrect credentials multiple times. Type: Boolean
|
||
personalDetails |
User's personal details, including:
Type: Object
|
Group membership parameters
Parameter |
Description |
---|---|
groupId |
The unique ID of the group. Type: Number |
groupName |
The name of a group in the Vault. Type: String |
groupType |
Whether this is a Vault group or directory group. Possible values: Vault, Directory Type: String |
Return codes
For a complete list of return codes, see Return Codes.