psPAS

2.6.17

Functions/AccountGroups/Remove-PASAccountGroupMember.ps1

                                function Remove-PASAccountGroupMember {

    <#

.SYNOPSIS

Deletes a member of an account group.

.DESCRIPTION

Removes an account member from an account group.

This account can be either a password account or an SSH Key account.

The following permissions are required on the safe:

 - Add Accounts

 - Update Account Content

 - Update Account Properties

  -Create Folders

.PARAMETER AccountID

The unique ID of the account group.

.PARAMETER GroupID

The unique ID of the account group.

.PARAMETER sessionToken

Hashtable containing the session token returned from New-PASSession

.PARAMETER WebSession

WebRequestSession object returned from New-PASSession

.PARAMETER BaseURI

PVWA Web Address

Do not include "/PasswordVault/"

.PARAMETER PVWAAppName

The name of the CyberArk PVWA Virtual Directory.

Defaults to PasswordVault

.PARAMETER ExternalVersion

The External CyberArk Version, returned automatically from the New-PASSession function from version 9.7 onwards.

If the minimum version requirement of this function is not satisfied, execution will be halted.

Omitting a value for this parameter, or supplying a version of "0.0" will skip the version check.

.EXAMPLE

$token | Remove-PASAccountGroupMember -AccountID 21_7 -GroupID 21_9

Removes member with ID of 21_& from account group with ID of 21_9

.INPUTS

All parameters can be piped by property name

.OUTPUTS

None

.NOTES

Minimum CyberArk version 9.10

.LINK

#>

    [CmdletBinding(SupportsShouldProcess)]

    param(

        [parameter(

            Mandatory = $true,

            ValueFromPipelinebyPropertyName = $true

        )]

        [string]$AccountID,

        [parameter(

            Mandatory = $true,

            ValueFromPipelinebyPropertyName = $true

        )]

        [string]$GroupID,

        [parameter(

            Mandatory = $true,

            ValueFromPipelinebyPropertyName = $true

        )]

        [ValidateNotNullOrEmpty()]

        [hashtable]$sessionToken,

        [parameter(

            ValueFromPipelinebyPropertyName = $true

        )]

        [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession,

        [parameter(

            Mandatory = $true,

            ValueFromPipelinebyPropertyName = $true

        )]

        [string]$BaseURI,

        [parameter(

            Mandatory = $false,

            ValueFromPipelinebyPropertyName = $true

        )]

        [string]$PVWAAppName = "PasswordVault",

        [parameter(

            Mandatory = $false,

            ValueFromPipelinebyPropertyName = $true

        )]

        [System.Version]$ExternalVersion = "0.0"

    )

    BEGIN {

        $MinimumVersion = [System.Version]"9.10"

    }#begin

    PROCESS {

        Assert-VersionRequirement -ExternalVersion $ExternalVersion -RequiredVersion $MinimumVersion

        #Create URL for Request

        $URI = "$baseURI/$PVWAAppName/API/AccountGroups/$GroupID/Members/$AccountID"

        if($PSCmdlet.ShouldProcess($AccountID, "Delete Member from Account Group $($GroupID)")) {

            #send request to PAS web service

            Invoke-PASRestMethod -Uri $URI -Method DELETE -Headers $sessionToken -WebSession $WebSession

        }

    }#process

    END {}#end

}