Get users

This method returns a list of all existing users in Privilege Cloud except for the Master and Batch built-in users.

The user running this Web service must have Audit users permissions.

Users on the same level as your user or lower in Privilege Cloud hierarchy are retrieved.

 

This Web service returns up to 6000 users in up to 20 seconds. If the number of users is higher, the response time may be longer.

URL

  
https://<subdomain>.privilegecloud.cyberark.com/PasswordVault/API/Users/

  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

Resource information

HTTP method

 Content type

GET

application/json

Header parameter

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64. See Authentication.

Type: String

Mandatory: Yes

Default value: None

URL parameters

http://localhost/PasswordVault/api/Users?ExtendedDetails=true&componentUser=true

Parameter

Description

filter

Filters according to the REST standard. Search for users using the following filters:

  • userType

  • componentUser

  • userName

Type: String

Default value: None (all users are returned)

sort

Property or properties by which to sort returned users, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties.

  • username

  • source

  • userType

  • location

  • lastname

  • firstname

  • middlename

Type: String

search

Search using the following values (search is according to REST standards):

  • username
  • firstname
  • lastname

Type: String

Default value: None (all users are returned)

ExtendedDetails

Returns additional user details as user groups and userDN for LDAP users.

Type: Boolean

Mandatory: No

Default value: False

Result

  
{
  "Users": [
   {
    "id": 2,
    "username": "Administrator",
    "source": "CyberArk",
    "userType": "Built-InAdmins",
    "componentUser": false,
    "groupsMembership": [
     {
      "groupID": 16,
      "groupName": "PVWAMonitor",
      "groupType": "Vault"
     },
     {
      "groupID": 17,
      "groupName": "PVWAUsers",
      "groupType": "Vault"
     },
     {
      "groupID": 11,
      "groupName": "Vault Admins",
      "groupType": "Vault"
     }
    ],
    "vaultAuthorization": [
     "AddUpdateUsers",
     "AddSafes",
     "AddNetworkAreas",
     "ManageDirectoryMapping",
     "ManageServerFileCategories",
     "AuditUsers",
     "BackupAllSafes",
     "RestoreAllSafes",
     "ResetUsersPasswords",
     "ActivateUsers"
    ],
    "location": "\\",
    "personalDetails": {
     "firstName": "Jen",
     "middleName": "R",
     "lastName": "Grey"
    }
   }
  ],
  "Total": 1
}

Parameter

Description

id

The unique ID of the user.

Type: Number

username

The name of the user.

Type: String

userDN

The distinguished name of the user. Relevant for LDAP users only.

Type: String

 

This information is returned when the ExtendedDetails parameter is set to Yes.

source

The source of the user.

Valid values:

  • CyberArk

  • LDAP

Type: Boolean

userType

The user type as defined in the license.

Type: String

authorizedInterfaces

The CyberArk interfaces that the user is authorized to use.

The following interfaces are possible values:

  • AIMApp

  • PIMSU

  • AppPrv

  • PIMSu

  • CPM

  • PSMP

  • GUI

  • PSMApp

  • EVD

  • PSMPApp

  • HTTPGW

  • PTA

  • NAPI

  • PVWA

  • PACLI

  • PVWAApp

  • PAPI

  • XAPI

  • PSM

  • WINCLIENT

Type: List of strings

componentUser

Whether the user is a known component or not.

If the user is a component, then the value is true. Otherwise, it is false.

The following user types are considered components:

  • AppProvider

  • CIFS

  • CPM

  • DCAInstance

  • ENE

  • FEWA

  • FTP

  • OPMProvider

  • PIMProvider

  • PSM

  • PSMPServer

  • PSMPADBridge

  • PSMHTML5Gateway

  • PVWA

  • SEG

  • SFE

Type: Boolean

vaultAuthorization

The user permissions.

Valid values:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageDirectoryMapping
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

Type: List of strings

groupsMembership

A list of groups that the user is a member of. See Group membership parameters.

 

This information is returned when the ExtendedDetails parameter is set to Yes.

location

The location of the Vault.

Type: String

enabled

Whether or not the user is enabled.

Type: Boolean

 

This information is returned when the ExtendedDetails parameter is set to Yes.

suspended

Whether or not the user is suspended after entering incorrect credentials multiple times.

Type: Boolean

 

This information is returned when the ExtendedDetails parameter is set to Yes.

personalDetails

User's personal details, including:

  • firstName
  • middleName
  • lastName
  • organization
  • department

Type: Object

 

The organization and department information is returned only when the ExtendedDetails parameter is set to Yes.

Group membership parameters

Parameter

Description

groupId

The unique ID of the group.

Type: Number

groupName

The name of a group in the Vault.

Type: String

groupType

Whether this is a Vault group or directory group.

Possible values: Vault, Directory

Type: String

Return codes

For a complete list of return codes, see Return Codes.