Last active
October 17, 2023 13:13
-
-
Save infamousjoeg/7a434b938c7f456c2f35edd1383377c5 to your computer and use it in GitHub Desktop.
Collection of helpful psPAS one-liners
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Before every one-liner before, remember to import the psPAS module and create a new PAS session (unless you're already logged in.) https://github.com/pspete/psPAS | |
Import-Module psPAS | |
# You no longer have to consume the session token for later use as of psPAS v3+ | |
New-PASSession -BaseURI https://cyberark.joegarcia.dev -Type ldap -Credential $(Get-Credential) | |
########################################### | |
# List Safe Members by Specific Permission | |
########################################### | |
Get-PASSafe -query D-Nix | Get-PASSafeMember | Where-Object { $_.Permissions -contains 'Add' } | |
# Example Response | |
# UserName SafeName Permissions | |
# -------- -------- ----------- | |
# jgarcia D-Nix-AWS-EC2 {Add, AddRenameFolder, BackupSafe, Delete…} | |
# Master D-Nix-AWS-EC2 {Add, AddRenameFolder, BackupSafe, Delete…} | |
# Batch D-Nix-AWS-EC2 {Add, AddRenameFolder, BackupSafe, Delete…} | |
# PasswordManager D-Nix-AWS-EC2 {Add, AddRenameFolder, Delete, DeleteFolder…} | |
# AWSLambda D-Nix-AWS-EC2 {Add, Delete, ListContent, UpdateMetadata} | |
# jgarcia D-Nix-Root {Add, AddRenameFolder, BackupSafe, Delete…} | |
# Master D-Nix-Root {Add, AddRenameFolder, BackupSafe, Delete…} | |
# Batch D-Nix-Root {Add, AddRenameFolder, BackupSafe, Delete…} | |
# PasswordManager D-Nix-Root {Add, AddRenameFolder, Delete, DeleteFolder…} | |
# D-Nix-Root_Adm… D-Nix-Root {Add, BackupSafe, Delete, ListContent…} | |
# Vault Admins D-Nix-Root {Add, AddRenameFolder, BackupSafe, Delete…} | |
# stan D-Nix-Root {Add, ListContent, ManageSafeMembers, Restri… | |
######################################### | |
# List Safes Username is NOT a Member Of | |
######################################### | |
Get-PASSafe | ForEach-Object { if ($(Get-PASSafeMember -SafeName $_.SafeName) -notcontains "Administrator") { Write-Output $_.SafeName } } | |
# Example Response | |
# AccountsFeedADAccounts | |
# AccountsFeedDiscoveryLogs | |
# Notification Engine | |
# PasswordManager | |
# PasswordManager_Info | |
# PasswordManager_Pending | |
# PasswordManagerShared | |
# PVWAConfig | |
# PVWAReports | |
# PVWATaskDefinitions | |
# PVWATicketingSystem | |
# PVWAUserPrefs | |
# VaultInternal |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment