Quick Rule Managed Accounts

Quick Navigation

GET QuickRules/{quickRuleID}/ManagedAccounts

Returns a list of Managed Accounts by Quick Rule ID.

Read access to the Quick Rule

quickRuleID: ID of the Quick Rule.

None

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ChangeTasksFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate: datetime, // can be null
        NextChangeDate: datetime, // can be null
        IsChanging: bool
        UseOwnCredentials : bool,
        ChangeIISAppPoolFlag : bool,
        RestartIISAppPoolFlag : bool,
        WorkgroupID : int // can be null
    },
    …
]
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • ChangeIISAppPoolFlag: True if IIS Application Pools run as this user should be updated with the new password after a password change, otherwise false.
  • RestartIISAppPoolFlag: True if IIS Application Pools should be restarted after the run as password is changed, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup

200 – Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.

PUT QuickRules/{quickRuleID}/ManagedAccounts

Updates the entire list of Managed Accounts in a Quick Rule by removing all Managed Account Fields - Quick Group ID filters and adding a new one with the Managed Accounts referenced by ID.

If the Quick Rule contains complex filters or actions created via the UI, the rule must reprocess before returning. It is better for performance to use a Quick Rule that contains a single filter of type Managed Account Fields - Quick Group ID and a single action of type Show as Smart Group, as is created using POST QuickRules.

  • Password Safe Account Management (Read)
  • Read/Write access to the Quick Rule

quickRuleID: ID of the Quick Rule.

Content-Type: application/json

{
    AccountIDs: [ int, …]
}

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ChangeTasksFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,
        ParentAccountID : int, // can be null

        IsSubscribedAccount : bool,
        LastChangeDate: datetime, // can be null
        NextChangeDate: datetime, // can be null
        IsChanging: bool]]]``
        UseOwnCredentials : bool,
        ChangeIISAppPoolFlag : bool,
        RestartIISAppPoolFlag : bool,
        WorkgroupID : int // can be null
    },
    …
]
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 is unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • ChangeIISAppPoolFlag: True if IIS Application Pools run as this user should be updated with the new password after a password change, otherwise false.
  • RestartIISAppPoolFlag: True if IIS Application Pools should be restarted after the run as password is changed, otherwise false.
  • WorkgroupID: ID of the assigned Workgroup

200 – Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.

POST QuickRules/{quickRuleID}/ManagedAccounts/{accountID}

Adds the Managed Account referenced by ID to the Quick Rule by adding it to the first 'Managed Account Fields - Quick Group ID' filter found.

If the Quick Rule contains complex filters or actions created via the UI, the rule must reprocess before returning. It is better for performance to use a Quick Rule that contains a single filter of type Managed Account Fields - Quick Group ID and a single action of type Show as Smart Group, as is created using POST QuickRules.

  • Password Safe Account Management (Read)
  • Read/Write access to the Quick Rule
  • quickRuleID: ID of the Quick Rule
  • accountID: ID of the Managed Account

None

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ChangeTasksFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate: datetime, // can be null
        NextChangeDate: datetime, // can be null
        IsChanging: bool
        UseOwnCredentials : bool,
        ChangeIISAppPoolFlag: bool,
        RestartIISAppPoolFlag: bool
    },
    …
]
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
  • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.

200 – Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.

DELETE QuickRules/{quickRuleID}/ManagedAccounts/{accountID}

Removes the Managed Account referenced by ID from the Quick Rule by removing it from all Managed Account Fields - Quick Group ID filters found.

 

A rule cannot be left in an invalid state. If removing the account would result in an empty filter, the filter itself will be removed. If there are no filters left in the rule, a "400 Bad Request" is returned.

If the Quick Rule contains complex filters or actions created via the UI, the rule must reprocess before returning. It is better for performance to use a Quick Rule that contains a single filter of type Managed Account Fields - Quick Group ID and a single action of type Show as Smart Group, as is created using POST QuickRules.

  • Read access to the Quick Rule
  • quickRuleID: ID of the Quick Rule
  • accountID: ID of the Managed Account

None

Content-Type: application/json

[
    {
        ManagedAccountID : int,
        ManagedSystemID : int,
        DomainName : string,
        AccountName : string,
        DistinguishedName : string,
        PasswordFallbackFlag : bool,
        LoginAccountFlag : bool,
        Description : string,
        PasswordRuleID : int,
        ApiEnabled : bool,
        ReleaseNotificationEmail : string,
        ChangeServicesFlag : bool,
        RestartServicesFlag : bool,
        ChangeTasksFlag : bool,
        ReleaseDuration : int,
        MaxReleaseDuration : int,
        ISAReleaseDuration : int,
        MaxConcurrentRequests : int,

        AutoManagementFlag : bool,
        DSSAutoManagementFlag : bool,
        CheckPasswordFlag : bool,
        ResetPasswordOnMismatchFlag : bool,
        ChangePasswordAfterAnyReleaseFlag : bool,
        ChangeFrequencyType : string,
        ChangeFrequencyDays : int,
        ChangeTime : string,

        ParentAccountID : int, // can be null
        IsSubscribedAccount : bool,
        LastChangeDate: datetime, // can be null
        NextChangeDate: datetime, // can be null
        IsChanging: bool
    },
    …
]
  • DomainName: The domain name for a domain-type account.
  • AccountName: The name of the account.
  • DistinguishedName: The distinguished name of an LDAP Managed Account.
  • PasswordFallbackFlag: True if failed DSS authentication can fall back to password authentication, otherwise false.
  • LoginAccountFlag: True if the account should use the Managed System Login Account for SSH sessions, otherwise false.
  • Description: A description of the account.
  • PasswordRuleID: ID of the Password Rule assigned to this Managed Account.
  • ApiEnabled: True if the account can be requested through the API, otherwise false.
  • ReleaseNotificationEmail: Email address used for notification emails related to this Managed Account.
  • ChangeServicesFlag: True if services run as this user should be updated with the new password after a password change, otherwise false.
  • RestartServicesFlag: True if services should be restarted after the run as password is changed (ChangeServicesFlag), otherwise false.
  • ChangeTasksFlag: True if scheduled tasks run as this user should be updated with the new password after a password change, otherwise false.
  • ReleaseDuration: (minutes: 1-525600) Default release duration.
  • MaxReleaseDuration: (minutes: 1-525600) Default maximum release duration.
  • ISAReleaseDuration: (minutes: 1-525600) Default Information Systems Administrator (ISA) release duration.
  • MaxConcurrentRequests: (0-999, 0 means unlimited) Maximum number of concurrent password requests for this account.
  • AutoManagementFlag: True if password auto-management is enabled, otherwise false.
    • DSSAutoManagementFlag: True if DSS Key auto-management is enabled, otherwise false.
    • CheckPasswordFlag: True to enable password testing, otherwise false.
    • ChangePasswordAfterAnyReleaseFlag: True to change passwords on release of a request, otherwise false.
    • ResetPasswordOnMismatchFlag: True to queue a password change when scheduled password test fails, otherwise false.
    • ChangeFrequencyType: The change frequency for scheduled password changes:
      • first: Changes scheduled for the first day of the month
      • last: Changes scheduled for the last day of the month
      • xdays: Changes scheduled every x days (ChangeFrequencyDays)
    • ChangeFrequencyDays: (days: 1-999) When ChangeFrequencyType is xdays, password changes take place this configured number of days.
    • ChangeTime: (24hr format: 00:00-23:59) UTC time of day scheduled password changes take place.
    • ParentAccountID: If this is a subscribed account (IsSubscribedAccount), this is the ID of the Parent Managed Account.
  • IsSubscribedAccount: True if the account is a Synced or Subscribed Account, otherwise false.

For more information, please see Configure Subscriber Accounts at https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/managed-accounts.htm#ConfigureAccounts

  • LastChangeDate: The date and time of the last password change.
  • NextChangeDate: The date and time of the next scheduled password change.
  • IsChanging: True if the account credentials are in the process of changing, otherwise false.
  • UseOwnCredentials: True if the current account credentials should be used during change operations, otherwise false.
  • ChangeIISAppPoolFlag: True if IIS Application Pools run as this user should be updated with the new password after a password change, otherwise false.
  • RestartIISAppPoolFlag: True if IIS Application Pools should be restarted after the run as password is changed, otherwise false.

200 – Request successful. Managed Account in the response body.

For more information, please see Common Response Codes.