Get users

This method returns a list of all existing users in the Vault except for the Master and the Batch built-in users.

 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

To run this Web service, you must have the following permissions:

  • Audit users

You can retrieve only users on the same level as you or lower in the Vault hierarchy.

 

This Web service returns up to 6000 users in up to 20 seconds. If the number of users is higher, the response time may be higher.

URL

  
https://<IIS_Server_Ip>/PasswordVault/api/Users

The following mandatory value is required in the URL:

Parameter

UserName

Type

String

Description

The name of the User for which information is returned.

Resource information

HTTP method

GET

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Valid values

A session token that was returned from the “Logon” method.

Body parameters

Parameter

Description

filter

Retrieve users using filters.

valid values:

  • userType

  • componentUser

Type: string

search

Search by the following values:

  • username
  • first name
  • last name

Type: string

Result

  
{
  "Users": [
    {
      "id": 2,
      "username": "Administrator",
      "source": "CyberArk",
      "userType": "Built-InAdmins",
      "componentUser": false,
      "vaultAuthorization": [
        "AddUpdateUsers",
        "AddSafes",
        "AddNetworkAreas",
        "ManageDirectoryMapping",
        "ManageServerFileCategories",
        "AuditUsers",
        "BackupAllSafes",
        "RestoreAllSafes",
        "ResetUsersPasswords",
        "ActivateUsers"
      ],
      "location": "\\",
      "personalDetails": {
        "firstName": "",
        "middleName": "",
        "lastName": ""
      }
    }
  ],
  "Total": 1
}

 

Parameter

Description

id

The unique ID of the user.

Type: number

username

The name of the user.

Type: string

source

The source of the user.

Valid values:

  • CyberArk

  • LDAP

Type: boolean expression

userType

The user type as defined in the license.

Type: string

componentUser

Whether the user is a known component or not.

if the user is a component, then the value is true. Otherwise, it is false.

The following user types are considered components:

  • CPM
  • ENE
  • PVWA
  • PSM
  • AppProvider
  • OPMProvider
  • PIMProvider
  • PSMPServer
  • PSMPADBridge
  • PSMHTML5Gateway
  • CIFS
  • FTP
  • SFE
  • DCAInstance
  • FEWA
  • SEG

Type: boolean

vaultAuthorization

The user permissions.

Valid values:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageDirectoryMapping
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

Type: list of strings

location

The location of the Vault.

Type: string

personalDetails

User's personal details, including:

  • firstName
  • middleName
  • lastName

Type: object

Return codes

For a complete list of return codes, see Return Codes.