Check out Shared Account Passwords
Checking out a password allows a user to access a resource. To check out a password, you need the ID for the shared user account that has access to the resource. Call /Redrock/Query
with a query similar to the following to retrieve the ID for the account:
/Redrock/Query
{
"Script":"Select Vaultaccount.ID from Vaultaccount, Server
where Server.ID = Vaultaccount.host
and Server.name = 'Win-server123'
and Vaultaccount.user = 'CPSTEST'"
}
The VaultAccount table table holds information for shared accounts. The Vaultaccount.host
column is a foreign key to the Server table, which holds information for managed resources. The Where
clauses limit the response to the ID for a specific server/account combination (Win-server123/CPSTEST
)
The ID
column in the response holds the ID for the CPSTEST shared user account. Save this ID to identify the account to checkout.
The Vaultaccount query response:
{
"success": true,
"Result": {
"IsAggregate": false,
"Count": 1,
"Columns": [
{
"Name": "ID",
"IsHidden": false,
"DDName": "ID",
"Title": "ID",
"DDTitle": "ID",
"Description": "Row Identifier (primary key)",
"Type": 12,
"Format": null,
"Width": 0,
"TableKey": "Primary",
"ForeignKey": null
}
],
"FullCount": 1,
"Results": [
{
"Entities": [
{
"Type": "VaultAccount",
"Key": "3834d122-30cd-4893-8820-41af9447b313",
"IsForeignKey": false
}
],
"Row": {
"ID": "3834d122-30cd-4893-8820-41af9447b313"
}
}
],
"ReturnID": ""
},
"Message": null, "MessageID": null, "Exception": null, "ErrorID": null, "ErrorCode": null, "InnerExceptions": null
}
Call /ServerManage/CheckoutPassword to check out the password. Specify a duration for the check out (in minutes) with the Lifetime
field in the payload.
/ServerManage/CheckoutPassword
{
"ID": "3834d122-30cd-4893-8820-41af9447b313",
"Lifetime": 35
}
The call returns a unique ID (in COID
) that you can save to pass to other functions to manage the Password
checkout response:
{
"success": true,
"Result":
{
"COID": "7d80fb14-1767-4337-a2bf-9c1bd6545f3c",
"Password": "FlK6,.;hf%Hu9PSoz7lT=Dt"
},
"Message": null, "MessageID": null, "Exception": null,
"ErrorID": null, "ErrorCode": null, "InnerExceptions": null
}
For example, you can call ServerManage/ExtendCheckout to provide more time to an account whose checkout is expiring:
/ServerManage/ExtendCheckout
{"ID": "7d80fb14-1767-4337-a2bf-9c1bd6545f3c"}
To check in a password before it expires, call /ServerManage/CheckinPassword and pass the ID for the checkout:
/ServerManage/CheckinPassword
{"ID": "7d80fb14-1767-4337-a2bf-9c1bd6545f3c"}
See Also
Updated almost 5 years ago