Functions/AccountACL/Get-PASAccountACL.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
function Get-PASAccountACL {
    <#
.SYNOPSIS
Lists privileged commands rule for an account

.DESCRIPTION
Gets list of all privileged commands associated with an account

.PARAMETER AccountPolicyId
The PolicyID associated with account.

.PARAMETER AccountAddress
The address of the account whose privileged commands will be listed.

.PARAMETER AccountUserName
The name of the account’s user.

.EXAMPLE
Get-PASAccount root | Get-PASAccountACL

Returns Privileged Account Rules for the account root found by Get-PASAccount:

PolicyId Command PermissionType UserName Type IsGroup
-------- ------- -------------- -------- ---- -------
UNIXSSH ifconfig Allow TestUser Account False
UNIXSSH for /l %a in (0,0,0) do start Deny TestUser Account False
UNIXSSH for /l %a in (0,0,0) do xyz Allow TestUser Account False

.INPUTS
All parameters can be piped by property name
Should accept pipeline objects from other *-PASAccount functions

.OUTPUTS
Outputs Object of Custom Type psPAS.CyberArk.Vault.ACL
Output format is defined via psPAS.Format.ps1xml.
To force all output to be shown, pipe to Select-Object *
#>

    [CmdletBinding()]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [Alias("PolicyID")]
        [string]$AccountPolicyId,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [Alias("Address")]
        [ValidateNotNullOrEmpty()]
        [string]$AccountAddress,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [Alias("UserName")]
        [ValidateNotNullOrEmpty()]
        [string]$AccountUserName
    )

    BEGIN {}#begin

    PROCESS {

        #Create URL for request
        $URI = "$Script:BaseURI/WebServices/PIMServices.svc/Account/$($AccountAddress |

            Get-EscapedString)|$($AccountUserName |

                Get-EscapedString)|$($AccountPolicyId |

                    Get-EscapedString)/PrivilegedCommands"


        #Send request to Web Service
        $result = Invoke-PASRestMethod -Uri $URI -Method GET -WebSession $Script:WebSession #DevSkim: ignore DS104456

        if($result) {

            $result.ListAccountPrivilegedCommandsResult |

            Add-ObjectDetail -typename psPAS.CyberArk.Vault.ACL.Account

        }

    }#process

    END {}#end

}