Get Safe members

This method returns a list of the members of a Safe. To run this web service, the user must have ViewSafeMembers permissions in the Safe.

Select the method that you want to use:

URL

  
http://<IIS_Server_Ip>/PasswordVault/api/Safes/{SafeUrlId}/Members
 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

Resource information

HTTP method

 Content type

GET

application/json

Header parameter

Parameter

Description
Authorization

The token that identifies the session, encoded in BASE 64.

Type: string

Mandatory: yes

Default value: none

URL parameters

  
https://localhost/passwordvault/api/safes/BZ_I_87/members?limit=4&offset=3

Parameter

Description

safeUrlId

The unique ID of the Safe used when calling Safe APIs.

Type: String

Mandatory: Yes

Default value: None

filter

Filters are according to the REST standard. Search for Safe members using the following filters. Multiple filters can be applied using the AND operator.

  • memberType - returns all members according to the type (user or group)

    Default: both

    Example: filter= memberType eq user

  • membershipExpired - returns either expired members or members that are not expired.

    Default: both

    Example: filter=membershipExpired eq true

  • includePredefinedUsers - includes predefined users in the returned list.

    Default: False, non-predefined users only

    Example: filter=includePredefinedUsers eq true

Type: String

Mandatory: No

Default value: None

search

Searches according to the Safe name. Search is performed according to the REST standard (search="search word").

Type: String

Mandatory: No

Default value: None

offset

Offset of the first member that is returned in the collection of results.

Type: Number

Mandatory: No

Default value: 0

limit

The maximum number of members that are returned.

When used together with the offset parameter, this value determines the number of Safes to return, starting from the first Safe that is returned.

Type: Number

Mandatory: No

Default value: 25

sort

Sorts according to the memberName property in ascending order (default) or descending order to control the sort direction.

  • asc: ascending
  • desc: descending

Type: String

Mandatory: No

Default value: None

Body parameters

None

Result

  
{
"value": [
{
"safeUrlId": "BZ_I_87",
"safeName": "BZ_I_87",
"safeNumber": 37,
"memberId": 0,
"memberName": "Master",
"memberType": "User",
"membershipExpirationDate": null,
"isExpiredMembershipEnable": false,
"isPredefinedUser": true,
"permissions": {
"useAccounts": true,
"retrieveAccounts": true,
"listAccounts": true,
"addAccounts": true,
"updateAccountContent": true,
"updateAccountProperties": true,
"initiateCPMAccountManagementOperations": true,
"specifyNextAccountContent": true,
"renameAccounts": true,
"deleteAccounts": true,
"unlockAccounts": true,
"manageSafe": true,
"manageSafeMembers": true,
"backupSafe": true,
"viewAuditLog": true,
"viewSafeMembers": true,
"accessWithoutConfirmation": true,
"createFolders": true,
"deleteFolders": true,
"moveAccountsAndFolders": true,
"requestsAuthorizationLevel1": false,
"requestsAuthorizationLevel2": false
}
},
{
...
},

],
"count": 8

Parameter

Description

Members

A list of all members of the Safe. See Safe member parameters (user or group).

Count

The number of members returned.

Type: Integer

Safe member parameters (user or group)

Parameter

Description

safeUrlId

The unique ID of the Safe used when calling Safe APIs.

Type: String

safeName

The unique name of the Safe.

Type: String

safeNumber

The unique numerical ID of the Safe.

Type:  Integer

memberId

The Vault user ID, Domain user ID, or group ID of the Safe member.

Type: Integer

memberName

The Vault user name, Domain user name or group name of the Safe member.

Type: String

memberType

The member type.

Type: String

Valid values: user\group

membershipExpirationDate

The member's expiration date for this Safe. For members that do not have an expiration date, this value will be null.

Type: DateTime

isExpiredMembershipEnable

Whether or not the membership for the Safe is expired. For expired members, the value will be True.

Type:  Boolean

isPredefinedUser

Whether the member is a predefined user or group of the Vault.

Type:  Boolean

permissions

The permissions that the user or group has for this Safe.

See Permissions parameters.

Permissions parameters

Parameter

Description

useAccounts

Use accounts but cannot view passwords.

Type: Boolean

retrieveAccounts

Retrieve and view accounts in the Safe.

Type: Boolean

listAccounts

View the Accounts list.

Type: Boolean

addAccounts

Add accounts in the Safe. Users who have this permission automatically have UpdateAccountProperties permissions as well.

Type: Boolean

updateAccountContent

Update existing account content.

Type: Boolean

updateAccountProperties

Update existing account properties.

Type: Boolean

initiateCPMAccountManagementOperations

Initiate password management operations through CPM, such as changing, verifying, and reconciling passwords.

When this parameter is set to False, the SpecifyNextAccountContent parameter is also automatically set to False.

Type: Boolean

specifyNextAccountContent

Specify the password that is used when the CPM changes the password value.

This parameter can only be specified when the InitiateCPMAccountManagementOperations parameter is set to True.

When InitiateCPMAccountManagementOperations is set to False, this parameter is automatically set to False.

Type:  Boolean

renameAccounts

Rename existing accounts in the Safe.

Type:  Boolean

deleteAccounts

Delete existing passwords in the Safe.

Type:  Boolean

unlockAccounts

Unlock accounts that are locked by other users.

Type:  Boolean

manageSafe

Perform administrative tasks in the Safe, including:

  • Update Safe properties
  • Recover the Safe
  • Delete the Safe

Type:  Boolean

manageSafeMembers

Add and remove Safe members, and update their authorizations in the Safe.

Type: Boolean

backupSafe

Create a backup of a Safe and its contents, and store in another location.

Type:  Boolean

viewAuditLog

View account and user activity in the Safe.

Type:  Boolean

viewSafeMembers

View Safe members` permissions.

Type:  Boolean

requestsAuthorizationLevel1

Request Authorization Level 1.

Type:  Boolean

requestsAuthorizationLevel2

Request Authorization Level 2.

Type:  Boolean

accessWithoutConfirmation

Access the Safe without confirmation from authorized users. This overrides the Safe properties that specify that Safe members require confirmation to access the Safe.

Type:  Boolean

createFolders

Create folders in the Safe.

Type:  Boolean

deleteFolders

Delete folders from the Safe.

Type:  Boolean

moveAccountsAndFolders

Move accounts and folders in the Safe to different folders and subfolders.

Type:  Boolean

URL

 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

 

  
https://<IIS_Server_Ip>/PasswordVault/WebServices/PIMServices.svc/Safes/{SafeName}/Members

The following mandatory value is required in the URL:

Parameter

SafeName

Type

String

Description

The name of the Safe whose Safe members will be listed.

Resource information

HTTP method

GET

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Body parameters

None

Result

  
{
"UserName":"<String>",
"Permissions":
{
…
}
"UserName":"<String>",
"Permissions":
{
…
}
}

Return codes

For a complete list of return codes, see Return Codes.