POST Databases/{databaseID}/ManagedSystems

Purpose

Creates a managed system for the database referenced by ID.

Required permissions

Password Safe System Management (Read/Write).

URL parameters

databaseID: ID of the database.

Request body

Content-Type: application/json

{
    ContactEmail : string,
    Description : string,
    Timeout : short,
    PasswordRuleID : int,
    ReleaseDuration : int,
    MaxReleaseDuration : int,
    ISAReleaseDuration : int,

    AutoManagementFlag : bool,
    FunctionalAccountID : int, // can be null
    CheckPasswordFlag : bool,
    ChangePasswordAfterAnyReleaseFlag : bool,
    ResetPasswordOnMismatchFlag : bool,
    ChangeFrequencyType : string,
    ChangeFrequencyDays : int,
    ChangeTime : string,
}

Request body details

  • ContactEmail: Max string length is 1000.
  • Description: Max string length is 255.
  • Timeout: (seconds, default: 30) Connection timeout. Length of time in seconds before a slow or unresponsive connection to the system fails.
  • PasswordRuleID: (default: 0) ID of the default password rule assigned to managed accounts created under this managed system.
  • ReleaseDuration: (minutes: 1-525600, default: 120) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600, default: 525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600, default: 120) Default Information Systems Administrator (ISA) release duration.
  • AutoManagementFlag: (default: false) True if password auto-management is enabled, otherwise false. Can be set if Platform.AutoManagementFlag is true.
    • FunctionalAccountID: (required if AutoManagementFlag is true) ID of the functional account used for local managed account password changes. FunctionalAccount.PlatformID must either match the ManagedSystem.PlatformID or be a domain platform (AD, LDAP).
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: (default: first) The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month.
      • last: Changes scheduled for the last day of the month.
      • xdays: Changes scheduled every x days (see ChangeFrequencyDays).
    • ChangeFrequencyDays: (days: 1-999, required if ChangeFrequencyType is xdays) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59, default: 23:30) UTC time of day scheduled password changes take place.

Response body

Content-Type: application/json

[
    {
        WorkgroupID : int

        HostName : string

        IPAddress : string
        DNSName : string
        InstanceName : string
        IsDefaultInstance : bool // can be null
        Template : string
        ForestName : string
        UseSSL : bool // can be null

        ManagedSystemID : int,
        EntityTypeID: int,
        AssetID : int, // can be null
        DatabaseID : int, // can be null
        DirectoryID : int, // can be null
        CloudID : int, // can be null
        SystemName : string,
        Timeout : short,
        PlatformID: int,
        NetBiosName : string,
        ContactEmail : string,
        Description : string,
        Port : int, // can be null
        Timeout : short,
        SshKeyEnforcementMode : int, // can be null
        PasswordRuleID : int,
        DSSKeyRuleID : int, // can be null
        LoginAccountID : int, // can be null
        AccountNameFormat : int,
        OracleInternetDirectoryID : guid, // can be null
        OracleInternetDirectoryServiceName : string,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,

        AutoManagementFlag : bool,
        FunctionalAccountID : int, // can be null
        ElevationCommand : string, // can be null
        CheckPasswordFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,
        RemoteClientType : string,
        ApplicationHostID : int, // can be nullIs
        ApplicationHost : bool,
        AccessURL : string
    },
    …
]

Response body details

  • ManagedSystemID: ID of the managed system.
  • AssetD: Asset ID; set if the managed system is an asset or a database.
  • DatabaseID: Database ID; set if the managed system is a database.
  • DirectoryID: Directory ID; set if the managed system is a directory.
  • CloudID: Cloud system ID; set if the managed system is a cloud system.
  • SystemName: Name of the related entity (asset, directory, database, or cloud).
  • PlatformID: ID of the managed system platform.
  • NetBiosName: (Managed domains only) Domain NetBIOS name. Setting this value will allow Password Safe to fall back to the NetBIOS name if needed.
  • Port: The port used to connect to the host. If null and the related Platform.PortFlag is true, Password Safe uses Platform.DefaultPort for communication.
  • Timeout: (seconds) Connection timeout. Length of time in seconds before a slow or unresponsive connection to the system fails.
  • SshKeyEnforcementMode: Enforcement mode for SSH host keys.
    • 0: None.
    • 1: Auto. Auto accept initial key.
    • 2: Strict. Manually accept keys.
  • PasswordRuleID: ID of the default password rule assigned to managed accounts created under this managed system.
  • DSSKeyRuleID: ID of the default DSS key rule assigned to managed accounts created under this managed system.
  • LoginAccountID: ID of the functional account used for SSH session logins.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • FunctionalAccountID: ID of the functional account used for local managed account password changes.
    • ElevationCommand: Elevation command to use (sudo, pbrun, pmrun).
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month.
      • last: Changes scheduled for the last day of the month.
      • xdays: Changes scheduled every x days (see ChangeFrequencyDays).
    • ChangeFrequencyDays: (days: 1-90) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • RemoteClientType: The type of remote client to use.
    • None: No remote client.
    • EPM: Endpoint Privilege Management.
  • ApplicationHostID: Managed system ID of the target application host. Must be an ID of a managed system whose IsApplicationHost = true.
  • IsApplicationHost: True if the managed system can be used as an application host, otherwise false. Can be set when the Platform.ApplicationHostFlag = true, and cannot be set when ApplicationHostID has a value.
  • AccessURL: The URL used for cloud access (applies to cloud systems only).

Response codes

  • 200 - Request successful - Asset was already managed. Managed System in response body.
  • 201 - Request successful - Asset is now managed. Managed System in response body.

For more information, please see Common response codes.