Functional Accounts

Quick Navigation

GET FunctionalAccounts

Returns a list of Functional Accounts.

Password Safe Account Management (Read)

None

Content-Type: application/json

[
    {
        FunctionalAccountID: int, 
        PlatformID: int, 
        DomainName: string, 
        AccountName: string, 
        DisplayName: string, 
        Description: string, 
        ElevationCommand: string, 
        SystemReferenceCount: int,
    },
    …
]
  • PlatformID: ID of the Platform to which the account belongs.
  • DomainName: Domain Name of the account.
  • AccountName: Name of the account (does not include domain name).
  • DisplayName: The display name or alias for the account.
  • Description: Description of the account.
  • ElevationCommand: Elevation Command used for SSH connections (sudo, pbrun, pmrun).
  • SystemReferenceCount: The count of Managed Systems that reference the Functional Account.

200 - Request successful. Functional Account in the response body.

For more information, please see Common Response Codes.

GET FunctionalAccounts/{id}

Returns a Functional Account by ID.

Password Safe Account Management (Read)

id: ID of the Functional Account.

None

Content-Type: application/json

{
    FunctionalAccountID: int,
    PlatformID: int, DomainName: string, 
    AccountName: string, 
    DisplayName: string, 
    Description: string, 
    ElevationCommand: string, 
    SystemReferenceCount: int,
}
  • PlatformID: ID of the Platform to which the account belongs.
  • DomainName: Domain Name of the account.
  • AccountName: Name of the account (does not include domain name).
  • DisplayName: The display name or alias for the account.
  • Description: Description of the account.
  • ElevationCommand: Elevation Command used for SSH connections (sudo, pbrun, pmrun).
  • SystemReferenceCount: The count of Managed Systems that reference the Functional Account.

200 - Request successful. Functional Account in the response body.

For more information, please see Common Response Codes.

GET FunctionalAccounts/{id}/ManagedSystems

Returns a list of Managed Systems auto-managed by the Functional Account referenced by ID.

  • Password Safe System Management (Read)
  • Password Safe Account Management (Read)

id: ID of the Functional Account.

  • limit: (optional) Number of records to return (default: 1000) .
  • offset: (optional) Number of records to skip before returning <limit> records (default: 0).

None

Content-Type: application/json

[
    {
        ManagedSystemID : int,
        AssetID : int, // can be null
        DatabaseID : int, // can be null
        DirectoryID : int, // can be null
        CloudID : int, // can be null
        SystemName : string,
        PlatformID : int,
        NetBiosName : string,
        ContactEmail : string,
        Description : string,
        Port : int, // can be null
        Timeout : short,
        SshKeyEnforcementMode : int, // can be null
        PasswordRuleID : int,
        DSSKeyRuleID : int, // can be null
        LoginAccountID : int, // can be null 
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,

        AutoManagementFlag : bool,
        FunctionalAccountID : int, // can be null
        ElevationCommand : string, // can be null
        CheckPasswordFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,
    },
    …
]

Content-Type: application/json

{
    TotalCount : int,
    Data :
    [
        {
            ManagedSystemID : int,
            AssetID : int, // can be null
            DatabaseID : int, // can be null
            DirectoryID : int, // can be null
            CloudID : int, // can be null
            SystemName : string,
            PlatformID : int,
            NetBiosName : string,
            ContactEmail : string,
            Description : string,
            Port : int, // can be null
            Timeout : short,
            PasswordRuleID : int,
            DSSKeyRuleID : int, // can be null
            LoginAccountID : int, // can be null 
            ReleaseDuration : int,
            MaxReleaseDuration : int,
            ISAReleaseDuration : int,

            AutoManagementFlag : bool,
            FunctionalAccountID : int, // can be null
            ElevationCommand : string, // can be null
            CheckPasswordFlag : bool,
            ChangePasswordAfterAnyReleaseFlag : bool,
            ResetPasswordOnMismatchFlag : bool,
            ChangeFrequencyType : string,
            ChangeFrequencyDays : int,
            ChangeTime : string,
        },
        …
    ]
}
  • ManagedSystemID: ID of the Managed System.
  • AssetD: Asset ID; set if the Managed System is an Asset or a Database.
  • DatabaseID: Database ID; set if the Managed System is a Database.
  • DirectoryID: Directory ID; set if the Managed System is a Directory.
  • CloudID: Cloud System ID; set if the Managed System is a Cloud System.
  • SystemName: Name of the related entity (Asset, Directory, Database, or Cloud).
  • PlatformID: ID of the Managed System Platform.
  • NetBiosName: (Managed Domains only) Domain NetBIOS name. Setting this value will allow Password Safe to fall back to the NetBIOS name if needed.
  • Port: The port used to connect to the host. If null and the related Platform.PortFlag is true, Password Safe uses Platform.DefaultPort for communication.
  • Timeout: (seconds) Connection timeout - Length of time in seconds before a slow or unresponsive connection to the system fails.
  • SshKeyEnforcementMode: Enforcement mode for SSH host keys
    • 0: None
    • 1: Auto - Auto Accept Initial Key
    • 2: Strict - Manually Accept Keys
  • PasswordRuleID: ID of the default Password Rule assigned to Managed Accounts created under this Managed System.
  • DSSKeyRuleID: ID of the default DSS Key Rule assigned to Managed Accounts created under this Managed System.
  • LoginAccountID: ID of the Functional Account used for SSH Session logins.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • FunctionalAccountID: ID of the Functional Account used for local Managed Account password changes.
    • ElevationCommand: Elevation Command to use (sudo, pbrun, pmrun).
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (see ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is "xdays", password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.

POST FunctionalAccounts

Creates a Functional Account.

Password Safe Account Management (Read/Write)

Content-Type: application/json

  • FunctionalAccountID: (required) ID of the Functional Account.
  • PlatformID: (required) ID of the Platform to which the account belongs.
  • DomainName: (optional) Domain Name of the account. Can be set if Platform.DomainNameFlag is true. Max string length is 50.
  • AccountName: (required) Name of the account (do not include domain name). Max string length is 245.
  • DisplayName: (optional) The display name or alias for the account. If not given, uses the AccountName. Must be unique for the Platform. Max string length is 100.
  • Password: (required) The current account password.
  • PrivateKey: (optional) DSS Private Key. Can be set if Platform.DSSFlag is true.
  • Passphrase: (required when PrivateKey is an encrypted DSS key) DSS Passphrase. Can be set if Platform.DSSFlag is true.
  • Description: (optional) Description of the account. Max string length is 1000.
  • ElevationCommand: (optional) Elevation Command to use for SSH connections. Can be set if Platform.SupportsElevationFlag is true (sudo, pbrun, pmrun). Max string length is 80.

Response Body

Content-Type: application/json

{
    FunctionalAccountID: int,
    PlatformID: int,
    DomainName: string,
    AccountName: string,
    DisplayName: string,
    Password: string,
    PrivateKey : string,
    Passphrase : string,
    Description: string,
    ElevationCommand: string,
}
  • PlatformID: ID of the Platform to which the account belongs.
  • DomainName: Domain Name of the account.
  • AccountName: Name of the account (does not include domain name).
  • DisplayName: The display name or alias for the account.
  • Description: Description of the account.
  • ElevationCommand: Elevation Command used for SSH connections (sudo, pbrun, pmrun).
  • SystemReferenceCount: The count of Managed Systems that reference the Functional Account.

201 - Request successful. Functional Account in the response body.

For more information, please see Common Response Codes.

DELETE FunctionalAccounts/{id}

Deletes a Functional Account by ID.

Password Safe Account Management (Read/Write)

The Functional Account cannot be referenced by any Managed Systems.

id: ID of the Functional Account.

None

None

200 - Request successful.

For more information, please see Common Response Codes.