Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add-PASSafeMember failing to add groups as safe members #545

Open
simbrar49 opened this issue Jul 15, 2024 · 0 comments
Open

Add-PASSafeMember failing to add groups as safe members #545

simbrar49 opened this issue Jul 15, 2024 · 0 comments

Comments

@simbrar49
Copy link

Describe the issue
I have a couple of Federated Directory Service (FDS) groups from Azure AD that I've been able to add as safe members in the Privilege Cloud GUI, but when I try to do the same with Add-PASSafeMember, I receive the following error: Invoke-PASRestMethod : There are some invalid parameters.

To Reproduce
Steps to reproduce the behavior:

  1. Connect to Privilege Cloud with service user credentials:
New-PASSession -TenantSubdomain xyz -Credential $ServiceUserCreds -ServiceUser
  1. Define group permissions:
$fds_group_permissions = @{
    ListAccounts = $TRUE
    UseAccounts = $FALSE
    RetrieveAccounts = $FALSE
    AddAccounts = $TRUE
    UpdateAccountProperties = $TRUE
    UpdateAccountContent = $TRUE
    InitiateCPMAccountManagementOperations = $TRUE
    SpecifyNextAccountContent = $TRUE
    RenameAccounts = $TRUE
    DeleteAccounts = $TRUE
    UnlockAccounts = $TRUE
    ManageSafe = $TRUE
    ManageSafeMembers = $TRUE
    BackupSafe = $FALSE
    ViewAuditLog = $TRUE
    ViewSafeMembers = $TRUE
    requestsAuthorizationLevel1 = $FALSE
    AccessWithoutConfirmation = $FALSE
    MoveAccountsAndFolders = $TRUE
    CreateFolders = $TRUE
    DeleteFolders = $TRUE
}
  1. Execute Add-PASSafeMember (both fail):
Add-PASSafeMember -SafeName xyz_safe -MemberName fds-group-name @fds_group_permissions
Add-PASSafeMember -SafeName xyz_safe -MemberName fds-group-name -SearchIn Vault @fds_group_permissions

Expected behavior
I want the FDS group to be added as a member of the safe with the permissions that I've specified.

Screenshots & Console Output

Invoke-PASRestMethod : There are some invalid parameters
At line:292 char:13
+ ...     $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body
+                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: ({"Details":[{"E...id parameters"}:ErrorRecord) [Invoke-PASRestMethod], Exception
    + FullyQualifiedErrorId : PASWS167E,Invoke-PASRestMethod

Your Environment
Include relevant details about your environment

  • PowerShell Version: 5.1.19041.4522
  • psPAS Version: 6.4.85
  • CyberArk Version: Privilege Cloud
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simbrar49