Get users
This method returns a list of all existing users in the Vault except for the Master and Batch built-in users.
The user running this Web service must have Audit users permissions.
Users on the same level as your user or lower in the Vault hierarchy are retrieved.
|
This Web service returns up to 6000 users in up to 20 seconds. If the number of users is higher, the response time may be higher. |
URL
|
-
Make sure there are no spaces in the URL.
-
The following characters are not supported in URL values: + & %
-
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/
Resource information
|
HTTP method |
Content type |
|---|---|
|
GET |
application/json |
Header parameter
|
Parameter |
Description |
|---|---|
|
Authorization |
The token that identifies the session, encoded in BASE 64. See Authentication. Type: String Mandatory: Yes Default value: None |
URL parameters
|
Parameter |
Description |
|---|---|
|
filter |
Filters according to the REST standard. Search for users using the following filters:
Type: String Default value: None (all users are returned) |
|
sort |
Property or properties by which to sort returned users, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties.
Type: String |
|
search |
Search using the following values (search is according to REST standards):
Type: String Default value: None (all users are returned) |
|
ExtendedDetails |
Returns additional user details as user groups and userDN for LDAP users. Type: Boolean Mandatory: No Default value: False |
Result
{
"Users": [
{
"id": 2,
"username": "Administrator",
"source": "CyberArk",
"userType": "Built-InAdmins",
"componentUser": false,
"groupsMembership": [
{
"groupID": 16,
"groupName": "PVWAMonitor",
"groupType": "Vault"
},
{
"groupID": 17,
"groupName": "PVWAUsers",
"groupType": "Vault"
},
{
"groupID": 11,
"groupName": "Vault Admins",
"groupType": "Vault"
}
],
"vaultAuthorization": [
"AddUpdateUsers",
"AddSafes",
"AddNetworkAreas",
"ManageDirectoryMapping",
"ManageServerFileCategories",
"AuditUsers",
"BackupAllSafes",
"RestoreAllSafes",
"ResetUsersPasswords",
"ActivateUsers"
],
"location": "\\",
"personalDetails": {
"firstName": "Jen",
"middleName": "R",
"lastName": "Grey"
}
}
],
"Total": 1
}
|
|
Parameter |
Description |
||
|---|---|---|---|
|
id |
The unique ID of the user. Type: Number |
||
|
username |
The name of the user. Type: String |
||
|
userDN |
The distinguished name of the user. Relevant for LDAP users only. Type: String
|
||
|
source |
The source of the user. Valid values:
Type: Boolean |
||
|
userType |
The user type as defined in the license. Type: String |
||
|
authorizedInterfaces |
The CyberArk interfaces that the user is authorized to use. The following interfaces are possible values:
Type: List of strings |
||
|
componentUser |
Whether the user is a known component or not. If the user is a component, then the value is true. Otherwise, it is false. The following user types are considered components:
Type: Boolean |
||
|
vaultAuthorization |
The user permissions. Valid values:
Type: List of strings |
||
|
groupsMembership |
A list of groups that the user is a member of. See Group membership parameters.
|
||
|
location |
The location of the Vault. Type: String |
||
|
enabled |
Whether or not the user is enabled. Type: Boolean
|
||
|
suspended |
Whether or not the user is suspended after entering incorrect credentials multiple times. Type: Boolean
|
||
|
personalDetails |
User's personal details, including:
Type: Object
|
Group membership parameters
|
Parameter |
Description |
|---|---|
|
groupId |
The unique ID of the group. Type: Number |
|
groupName |
The name of a group in the Vault. Type: String |
|
groupType |
Whether this is a Vault group or directory group. Possible values: Vault, Directory Type: String |
Return codes
For a complete list of return codes, see Return Codes.
