Add-VPASSafeMember

Synopsis
Description
Syntax
Parameters
Examples
Outputs

Supported Environments:

SelfHosted

SharedServices

PCloudStandard

Synopsis:

ADD SAFE MEMBER

Description:

USE THIS FUNCTION TO ADD A SAFE MEMBER TO AN EXISTING SAFE IN CYBERARK WITH SPECIFIED PERMISSIONS

Syntax:

Add-VPASSafeMember [-member] <String> [-safe] <String> [[-searchin] <String>] [[-AllPerms]] [[-AllAccess]] [[-AllAccountManagement]] [[-AllMonitor]] [[-AllSafeManagement]] [[-AllWorkflow]] [[-AllAdvanced]] [[-UseAccounts]] [[-RetrieveAccounts]] [[-ListAccounts]] [[-AddAccounts]] [[-UpdateAccountContent]] [[-UpdateAccountProperties]] [[-InitiateCPMAccountManagementOperations]] [[-SpecifyNextAccountContent]] [[-RenameAccounts]] [[-DeleteAccounts]] [[-UnlockAccounts]] [[-ManageSafe]] [[-ManageSafeMembers]] [[-BackupSafe]] [[-ViewAuditLog]] [[-ViewSafeMembers]] [[-AccessWithoutConfirmation]] [[-CreateFolders]] [[-DeleteFolders]] [[-MoveAccountsAndFolders]] [[-RequestsAuthorizationLevel1]] [[-RequestsAuthorizationLevel2]] [[-MemberType] <String>] [[-SafePermissionHashTable] <Hashtable>] [[-token] <Hashtable>] [<CommonParameters>]

Parameters:

-member <String>
Target unique safe member name

Required: true
Position: 1
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-safe <String>
Target unique safe name

Required: true
Position: 2
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-searchin <String>
Which directory to search in for the target safe member. This value is defined during LDAP integration.
If searching for a user internally use the value "vault"

Required: false
Position: 3
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AllPerms [<SwitchParameter>]
Enables all safe permissions

Required: false
Position: 4
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AllAccess [<SwitchParameter>]
Enables all Access safe permissions (UseAccounts, RetrieveAccounts, ListAccounts)

Required: false
Position: 5
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AllAccountManagement [<SwitchParameter>]
Enables all AccountManagement safe permissions (AddAccounts, UpdateAccountContent, UpdateAccountProperties, InitiateCPMAccountManagementOperations, SpecifyNextAccountContent, RenameAccounts, DeleteAccounts, UnlockAccounts)

Required: false
Position: 6
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AllMonitor [<SwitchParameter>]
Enables all Monitor safe permissions (ViewAuditLog, ViewSafeMembers)

Required: false
Position: 7
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AllSafeManagement [<SwitchParameter>]
Enables all SafeManagement safe permissions (ManageSafe, ManageSafeMembers, BackupSafe)

Required: false
Position: 8
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AllWorkflow [<SwitchParameter>]
Enables all Workflow safe permissions (RequestsAuthorizationLevel1, AccessWithoutConfirmation)

Required: false
Position: 9
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AllAdvanced [<SwitchParameter>]
Enables all Advanced safe permissions (CreateFolders, DeleteFolders, MoveAccountsAndFolders)

Required: false
Position: 10
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-UseAccounts [<SwitchParameter>]
Gives the ability use accounts in a safe (click the connect button)

Required: false
Position: 11
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-RetrieveAccounts [<SwitchParameter>]
Gives the ability to pull accounts credentials in a safe (click the Show/Copy buttons)

Required: false
Position: 12
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-ListAccounts [<SwitchParameter>]
Gives the ability to view accounts in a safe

Required: false
Position: 13
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AddAccounts [<SwitchParameter>]
Gives the ability to add accounts in a safe

Required: false
Position: 14
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-UpdateAccountContent [<SwitchParameter>]
Gives the ability to manually update accounts secrets in a safe

Required: false
Position: 15
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-UpdateAccountProperties [<SwitchParameter>]
Gives the ability to update account properties in a safe (username field, address field, etc)

Required: false
Position: 16
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-InitiateCPMAccountManagementOperations [<SwitchParameter>]
Gives the ability to trigger the CPM to run a change, verify, or reconcile on accounts in a safe

Required: false
Position: 17
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-SpecifyNextAccountContent [<SwitchParameter>]
Gives the ability to specify what the next password the CPM will push to accounts in a safe

Required: false
Position: 18
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-RenameAccounts [<SwitchParameter>]
Gives the ability to modify the ObjectName of accounts in a safe

Required: false
Position: 19
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-DeleteAccounts [<SwitchParameter>]
Gives the ability to delete accounts from a safe

Required: false
Position: 20
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-UnlockAccounts [<SwitchParameter>]
Gives the ability to unlock or check-in locked account on someone else's behalf in a safe

Required: false
Position: 21
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-ManageSafe [<SwitchParameter>]
Gives the ability to modify safe details (DaysRetention, VersionRetention, Description, etc)

Required: false
Position: 22
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-ManageSafeMembers [<SwitchParameter>]
Gives the ability to add, remove, modify safe members on a safe

Required: false
Position: 23
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-BackupSafe [<SwitchParameter>]
Gives the ability to backup a safe

Required: false
Position: 24
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-ViewAuditLog [<SwitchParameter>]
Gives the ability to view the activities performed on accounts in a safe

Required: false
Position: 25
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-ViewSafeMembers [<SwitchParameter>]
Gives the ability to view safe members on a safe

Required: false
Position: 26
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-AccessWithoutConfirmation [<SwitchParameter>]
Gives the ability to access the safe without needing confirmation from an approver

Required: false
Position: 27
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-CreateFolders [<SwitchParameter>]
Gives the ability to create folders in a safe

Required: false
Position: 28
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-DeleteFolders [<SwitchParameter>]
Gives the ability to delete folders from a safe

Required: false
Position: 29
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-MoveAccountsAndFolders [<SwitchParameter>]
Gives the ability to move accounts and folders from one safe to another

Required: false
Position: 30
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-RequestsAuthorizationLevel1 [<SwitchParameter>]
Gives the ability to approve or deny users from using an account (Level1) in a safe

Required: false
Position: 31
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-RequestsAuthorizationLevel2 [<SwitchParameter>]
Gives the ability to approve or deny users from using an account (Level2) in a safe

Required: false
Position: 32
Default value: False
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-MemberType <String>
Specify whether the target safe member is of type User, Group, or Role.
This will save time querying for the targe safe member.
Possible values: "User", "Group", "Role"

Required: false
Position: 33
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-SafePermissionHashTable <Hashtable>
Hashtable that contains the set of safe permissions to be applied to a specific safe member.
Hashtable has priority over the safe permission flags that are passed

Required: false
Position: 34
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

-token <Hashtable>
HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
If -token is not passed, function will use last known hashtable generated by New-VPASToken

Required: false
Position: 35
Default value:
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false

<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug
ErrorAction, ErrorVariable, WarningAction, WarningVariable
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216)

Examples:

$AddSafemember = Add-VPASSafeMember -member {MEMBER VALUE} -searchin (SEARCHIN VALUE} -safe {SAFE VALUE} -AllPerms

Outputs:

If successful:
{
         "safeUrlId": "NewSafeVpas",
         "safeName": "NewSafeVpas",
         "safeNumber": 133,
         "memberId": "1dfc3edf-4564-4abf-9bc1-aa07b8c62afc",
         "memberName": "vadim@vman.pam",
         "memberType": "User",
         "membershipExpirationDate": null,
         "isExpiredMembershipEnable": false,
         "isPredefinedUser": false,
         "isReadOnly": false,
         "permissions": {
                 "useAccounts": true,
                 "retrieveAccounts": true,
                 "listAccounts": true,
                 "addAccounts": false,
                 "updateAccountContent": false,
                 "updateAccountProperties": false,
                 "initiateCPMAccountManagementOperations": false,
                 "specifyNextAccountContent": false,
                 "renameAccounts": false,
                 "deleteAccounts": false,
                 "unlockAccounts": false,
                 "manageSafe": false,
                 "manageSafeMembers": false,
                 "backupSafe": false,
                 "viewAuditLog": false,
                 "viewSafeMembers": false,
                 "accessWithoutConfirmation": false,
                 "createFolders": false,
                 "deleteFolders": false,
                 "moveAccountsAndFolders": false,
                 "requestsAuthorizationLevel1": false,
                 "requestsAuthorizationLevel2": false
         }
}

$false if failed