Updating a vault account
Users assigned as vault trustees can use the Vault Account: Update request to update a vault account’s password or change disclosure options.
From the home page, click Manage resources.
Select the Vault Account: Update request.
Select a vault account.
Click Next .
Enter the new account password.
Specify the Maximum Concurrent Checkout for the account. If unspecified, this is set to 1.
Click Next .
Change disclosure attributes if required. These are the methods by which users can access the account.
Click Submit.
Bravura Security Fabric notifies authorizers to review the request if required.
Click the View request link at the top of the page to view the status of the request.
API automation for vault account update
Once the API has been configured (See ”SOAP API” in Bravura Security Fabric Remote API (api.pdf) and your script has been authenticated to the API (Login or LoginEx API calls), the WF API calls can be used to create an API request.
Use the WFPDRSubmit function to create a workflow request and submit the request for publishing.
When submitting a request, use ”UPDATE_VAULT_ACCOUNT” as the PDR ID. The request uses the following attributes:
attrkey | value |
|---|---|
MS_NAME | The name of the system the vault account is added to. |
MA_NAME | The name of the vault account. |
MA_PASSWORD | The new password of the account. |
MA_RES_CHECKOUT_LIMIT | The number of concurrent checkouts for the account. |
DISCLOSURE_VIEW | T to enable display disclosure for the account, F to disable. |
DISCLOSURE_COPY | T to enable copy disclosure for the account, F to disable. |
MA_TEAM | The team that the vault account will be assigned to. |
REQUEST_TEAM | The team in which its system trustee(s) will be used to authorize the request. See REQUEST_TEAM attribute for more information. |
UPDATE_VAULT_ACCOUNT batch request sample:
"MS_NAME","MA_NAME","MA_PASSWORD","DISCLOSURE_VIEW","DISCLOSURE_COPY","MA_RES_CHECKOUT_LIMIT" "VAULT-000000","VAULT-ACCOUNT-000004","F00bar567","F","T","2"
The REQUEST_TEAM attribute is the team in which its system trustee(s) will be used to authorize the request. This can be a different value depending on which PDR is used. In some cases, the value is auto filled and in other cases, a value is not required.
PDR ID | API submittable | REQUEST_TEAM required | REQUEST_TEAM auto-filled |
|---|---|---|---|
BATCH_REQUEST | No | N/A | N/A |
CREATE_LARGE_CREDENTIAL | No | N/A | N/A |
UPDATE_LARGE_CREDENTIAL | No | N/A | N/A |
WEBAPP_DISCLOSURE_CREATE | No | N/A | N/A |
WEBAPP_DISCLOSURE_DELETE | Yes | No | N/A |
WEBAPP_DISCLOSURE_UPDATE | No | N/A | N/A |
TEAM-CREATE | Yes | Yes | Yes |
TEAM-DELETE | Yes | Yes | Yes |
TEAM-MEMBERS | Yes | Yes | Yes |
TEAM-UPDATE | Yes | Yes | Yes |
CREATE_VAULT_SYSTEM | Yes | Yes | Not required |
ARCHIVE_VAULT_SYSTEM | Yes | Yes | Yes |
UPDATE_VAULT_SYSTEM (1 - same team) | Yes | Yes | Yes |
UPDATE_VAULT_SYSTEM (2 - transfer) | Yes | Yes | Yes |
CREATE_VAULT_ACCOUNT (1 - team vault) | Yes | Yes | Yes |
CREATE_VAULT_ACCOUNT (2 - system vault - same team) | Yes | Yes | Yes |
CREATE_VAULT_ACCOUNT (3 - system vault - different team) | Yes | Yes | Yes |
ARCHIVE_VAULT_ACCOUNT | Yes | Yes | Yes |
UPDATE_VAULT_ACCOUNT (1 - team vault) | Yes | Yes | Yes |
UPDATE_VAULT_ACCOUNT (2 - system vault - same team) | Yes | Yes | Yes |
UPDATE_VAULT_ACCOUNT (3 - system vault - transfer) | Yes | Yes | Yes |
ONBOARD_SYSTEM | Yes | Yes, but not enforced | No |
ARCHIVE_ONBOARDED_SYSTEM | Yes | Yes, but not enforced | No |
UPDATE_ONBOARDED_SYSTEM | Yes | No | If the destination team is unset or the destination team is the same as the source team |
ONBOARD_ACCOUNT | Yes | Yes, but not enforced | No |
OFFBOARD_ACCOUNT | Yes | Yes | Yes |
UPDATE_ONBOARDED_ACCOUNT | Yes | Yes, but not enforced | No |
CREATE_PAMUTIL_API_USER | Yes | No | Not required |
improper display of the team in update/archive when the destination team's vault trustee is not in a team owning the vault system. This will be fixed in a future release.