Skip to content

Add-PASSafeMember failing to add groups as safe members #545

New issue
New issue
Open
Open
Add-PASSafeMember failing to add groups as safe members#545
@simbrar49

Description

@simbrar49
simbrar49
opened on Jul 15, 2024

Describe the issue
I have a couple of Federated Directory Service (FDS) groups from Azure AD that I've been able to add as safe members in the Privilege Cloud GUI, but when I try to do the same with Add-PASSafeMember, I receive the following error: Invoke-PASRestMethod : There are some invalid parameters.

To Reproduce
Steps to reproduce the behavior:

  1. Connect to Privilege Cloud with service user credentials:
New-PASSession -TenantSubdomain xyz -Credential $ServiceUserCreds -ServiceUser
  1. Define group permissions:
$fds_group_permissions = @{
    ListAccounts = $TRUE
    UseAccounts = $FALSE
    RetrieveAccounts = $FALSE
    AddAccounts = $TRUE
    UpdateAccountProperties = $TRUE
    UpdateAccountContent = $TRUE
    InitiateCPMAccountManagementOperations = $TRUE
    SpecifyNextAccountContent = $TRUE
    RenameAccounts = $TRUE
    DeleteAccounts = $TRUE
    UnlockAccounts = $TRUE
    ManageSafe = $TRUE
    ManageSafeMembers = $TRUE
    BackupSafe = $FALSE
    ViewAuditLog = $TRUE
    ViewSafeMembers = $TRUE
    requestsAuthorizationLevel1 = $FALSE
    AccessWithoutConfirmation = $FALSE
    MoveAccountsAndFolders = $TRUE
    CreateFolders = $TRUE
    DeleteFolders = $TRUE
}
  1. Execute Add-PASSafeMember (both fail):
Add-PASSafeMember -SafeName xyz_safe -MemberName fds-group-name @fds_group_permissions
Add-PASSafeMember -SafeName xyz_safe -MemberName fds-group-name -SearchIn Vault @fds_group_permissions

Expected behavior
I want the FDS group to be added as a member of the safe with the permissions that I've specified.

Screenshots & Console Output

Invoke-PASRestMethod : There are some invalid parameters
At line:292 char:13
+ ...     $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body
+                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: ({"Details":[{"E...id parameters"}:ErrorRecord) [Invoke-PASRestMethod], Exception
    + FullyQualifiedErrorId : PASWS167E,Invoke-PASRestMethod

Your Environment
Include relevant details about your environment

  • PowerShell Version: 5.1.19041.4522
  • psPAS Version: 6.4.85
  • CyberArk Version: Privilege Cloud

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions