Get users

This method returns a list of all existing users in the Vault except for the Master and the Batch built-in users.

To run this Web service, you must have the following permissions:

  • Audit users

You can retrieve only users on the same level as you or lower in the Vault hierarchy.

 

This Web service returns up to 6000 users in up to 20 seconds. If the number of users is higher, the response time may be higher.

URL

  
https://<IIS_Server_Ip>/PasswordVault/api/Users
 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

The following mandatory value is required in the URL:

Parameter

Description
UserName

The name of the user for which information is returned.

Type: String

Resource information

HTTP method

 Content type

GET

application/json

Header parameter

Parameter

Description
Authorization

The token that identifies the session, encoded in BASE 64.

Type: String

Mandatory: Yes

Default value: None

Body parameters

Parameter

Description

filter

Search for users using the following filters:

  • userType

  • componentUser

Type: String

search

Search using the following values:

  • username
  • first name
  • last name

Type: String

Result

  
{
  "Users": [
   {
    "id": 2,
    "username": "Administrator",
    "source": "CyberArk",
    "userType": "Built-InAdmins",
    "componentUser": false,
    "groupsMembership": [
     {
      "groupID": 16,
      "groupName": "PVWAMonitor",
      "groupType": "Vault"
     },
     {
      "groupID": 17,
      "groupName": "PVWAUsers",
      "groupType": "Vault"
     },
     {
      "groupID": 11,
      "groupName": "Vault Admins",
      "groupType": "Vault"
     }
    ],
    "vaultAuthorization": [
     "AddUpdateUsers",
     "AddSafes",
     "AddNetworkAreas",
     "ManageDirectoryMapping",
     "ManageServerFileCategories",
     "AuditUsers",
     "BackupAllSafes",
     "RestoreAllSafes",
     "ResetUsersPasswords",
     "ActivateUsers"
    ],
    "location": "\\",
    "personalDetails": {
     "firstName": "",
     "middleName": "",
     "lastName": ""
    }
   }
  ],
  "Total": 1
}

Parameter

Description

id

The unique ID of the user.

Type: Number

username

The name of the user.

Type: String

source

The source of the user.

Valid values:

  • CyberArk

  • LDAP

Type: Boolean

userType

The user type as defined in the license.

Type: String

componentUser

Whether the user is a known component or not.

If the user is a component, then the value is true. Otherwise, it is false.

The following user types are considered components:

  • CPM
  • ENE
  • PVWA
  • PSM
  • AppProvider
  • OPMProvider
  • PIMProvider
  • PSMPServer
  • PSMPADBridge
  • PSMHTML5Gateway
  • CIFS
  • FTP
  • SFE
  • DCAInstance
  • FEWA
  • SEG

Type: Boolean

vaultAuthorization

The user permissions.

Valid values:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageDirectoryMapping
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

Type: List of strings

groupsMembership

A list of groups that the user is a member of. See Group membership parameters.

location

The location of the Vault.

Type: String

personalDetails

User's personal details, including:

  • firstName
  • middleName
  • lastName

Type: Object

Group membership parameters

Parameter

Description

groupId

The unique ID of the group.

Type: Number

groupName

The name of a group in the Vault.

Type: String

groupType

Whether this is a Vault group or directory group.

Possible values: Vault, Directory

Type: String

Return codes

For a complete list of return codes, see Return Codes.