Quick Rule Managed Accounts

Quick Navigation

GET QuickRules/{quickRuleID}/ManagedAccounts

Purpose

Returns a list of managed accounts by Quick Rule ID.

Required Permissions

Read access to the Quick Rule.

URL Parameters

quickRuleID: ID of the Quick Rule.

Request Body

None.

Response Body

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ChangeTasksFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate : datetime, // can be null
        NextChangeDate : datetime, // can be null
        IsChanging : bool,
        ChangeState : int,
        UseOwnCredentials : bool,
        ChangeIISAppPoolFlag : bool,
        RestartIISAppPoolFlag : bool,
        WorkgroupID : int // can be null
        ChangeWindowsAutoLogonFlag : bool,
        ChangeComPlusFlag : bool,
        ChangeDComFlag : bool,
        ChangeSComFlag : bool,            
    },
    …
]

Response Body Details

  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP managed account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the managed system login account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the password rule assigned to this managed account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this managed account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month.
      • last: Changes scheduled for the last day of the month.
      • xdays: Changes scheduled every x days (ChangeFrequencyDays).
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the parent managed account.
  • IsSubscribedAccount: True if the account is a synced or subscribed account, otherwise false.
  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • ChangeState: The change state of the account credentials:
    • 0: Idle / no change taking place or scheduled within 5 minutes.
    • 1: Changing / managed account credential currently changing.
    • 2: Queued / managed account credential is queued to change or scheduled to change within 5 minutes.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • ChangeIISAppPoolFlag: True if IIS application pools run as this user should be updated with the new password after a password change, otherwise false.
  • RestartIISAppPoolFlag: True if IIS application pools should be restarted after the run as password is changed, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup.

For more information, please see Configure Subscriber Accounts.

Response Codes

200 – Request successful. Managed Accounts in the response body.

For more information, please see Common Response Codes.

PUT QuickRules/{quickRuleID}/ManagedAccounts

Purpose

Updates the entire list of managed accounts in a Quick Rule by removing all Managed Account Fields - Quick Group ID filters and adding a new one with the managed accounts referenced by ID.

Required Permissions

  • Password Safe Account Management (Read).
  • Read/Write access to the Quick Rule.

URL Parameters

quickRuleID: ID of the Quick Rule.

Request Body

Content-Type: application/json

{
    AccountIDs: [ int, …]
}

Response Body

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ChangeTasksFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,
        ParentAccountID : int, // can be null

        IsSubscribedAccount : bool,
        LastChangeDate: datetime, // can be null
        NextChangeDate: datetime, // can be null
        IsChanging: bool,
        ChangeState : int,
        UseOwnCredentials : bool,
        ChangeIISAppPoolFlag : bool,
        RestartIISAppPoolFlag : bool,
        WorkgroupID : int // can be null
        ChangeWindowsAutoLogonFlag : bool,
        ChangeComPlusFlag : bool,
        ChangeDComFlag : bool,
        ChangeSComFlag : bool,    
    },
    …
]

Response Body Details

  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP managed account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the managed system login account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the password rule assigned to this managed account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this managed account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month.
      • last: Changes scheduled for the last day of the month.
      • xdays: Changes scheduled every x days (ChangeFrequencyDays).
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the parent managed account.
  • IsSubscribedAccount: True if the account is a synced or subscribed account, otherwise false.
  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • ChangeState: The change state of the account credentials:
    • 0: Idle / no change taking place or scheduled within 5 minutes.
    • 1: Changing / managed account credential currently changing.
    • 2: Queued / managed account credential is queued to change or scheduled to change within 5 minutes.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • ChangeIISAppPoolFlag: True if IIS application pools run as this user should be updated with the new password after a password change, otherwise false.
  • RestartIISAppPoolFlag: True if IIS application pools should be restarted after the run as password is changed, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup.

For more information, please see Configure Subscriber Accounts.

Response Codes

200 – Request successful. Managed Accounts in the response body.

For more information, please see Common Response Codes.

POST QuickRules/{quickRuleID}/ManagedAccounts/{accountID}

Purpose

Adds the managed account referenced by ID to the Quick Rule by adding it to the first Managed Account Fields - Quick Group ID filter found.

Required Permissions

  • Password Safe Account Management (Read).
  • Read/Write access to the Quick Rule.

URL Parameters

  • quickRuleID: ID of the Quick Rule.
  • accountID: ID of the managed account.

Request Body

None.

Response Body

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ChangeTasksFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate : datetime, // can be null
        NextChangeDate : datetime, // can be null
        IsChanging : bool,
        ChangeState : int,
        UseOwnCredentials : bool,
        ChangeIISAppPoolFlag : bool,
        RestartIISAppPoolFlag : bool,
        WorkgroupID : int, // can be null
        ChangeWindowsAutoLogonFlag : bool,
        ChangeComPlusFlag : bool,
        ChangeDComFlag : bool,
        ChangeSComFlag : bool,        
    },
    …
]

Response Body Details

  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP managed account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the managed system login account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the password rule assigned to this managed account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this managed account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month.
      • last: Changes scheduled for the last day of the month.
      • xdays: Changes scheduled every x days (ChangeFrequencyDays).
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the parent managed account.
  • IsSubscribedAccount: True if the account is a synced or subscribed account, otherwise false.
  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • ChangeState: The change state of the account credentials:
    • 0: Idle / no change taking place or scheduled within 5 minutes.
    • 1: Changing / managed account credential currently changing.
    • 2: Queued / managed account credential is queued to change or scheduled to change within 5 minutes.

For more information, please see Configure Subscriber Accounts.

Response Codes

200 – Request successful. Managed Accounts in the response body.

For more information, please see Common Response Codes.

DELETE QuickRules/{quickRuleID}/ManagedAccounts/{accountID}

Purpose

Removes the managed account referenced by ID from the Quick Rule by removing it from all Managed Account Fields - Quick Group ID filters found.

 

A rule cannot be left in an invalid state. If removing the account would result in an empty filter, the filter itself will be removed. If there are no filters left in the rule, a "400 Bad Request" is returned.

Required Permissions

  • Read/Write access to the Quick Rule.

URL Parameters

  • quickRuleID: ID of the Quick Rule.
  • accountID: ID of the managed account.

Request Body

None.

Response Codes

200 – Request successful.

For more information, please see Common Response Codes.