public/VAddSafeMember.ps1

<#
.Synopsis
   ADD SAFE MEMBER
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO ADD A SAFE MEMBER TO AN EXISTING SAFE IN CYBERARK WITH SPECIFIED PERMISSIONS
.EXAMPLE
   $SafeMemberJSON = VAddSafeMember -token {TOKEN VALUE} -member {MEMBER VALUE} -searchin (SEARCHIN VALUE} -safe {SAFE VALUE} -AllPerms
.OUTPUTS
   JSON Object (SafeMember) if successful
   $false if failed
#>

function VAddSafeMember{
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=0)][hashtable]$token,
        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=1)][String]$member,
        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=2)][String]$searchin,
        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,Position=3)][String]$safe,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)][Switch]$AllPerms,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)][Switch]$AllAccess,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)][Switch]$AllAccountManagement,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)][Switch]$AllMonitor,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)][Switch]$AllSafeManagement,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)][Switch]$AllWorkflow,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=10)][Switch]$AllAdvanced,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=11)][Switch]$UseAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=12)][Switch]$RetrieveAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=13)][Switch]$ListAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=14)][Switch]$AddAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=15)][Switch]$UpdateAccountContent,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=16)][Switch]$UpdateAccountProperties,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=17)][Switch]$InitiateCPMAccountManagementOperations,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=18)][Switch]$SpecifyNextAccountContent,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=19)][Switch]$RenameAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=20)][Switch]$DeleteAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=21)][Switch]$UnlockAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=22)][Switch]$ManageSafe,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=23)][Switch]$ManageSafeMembers,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=24)][Switch]$BackupSafe,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=25)][Switch]$ViewAuditLog,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=26)][Switch]$ViewSafeMembers,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=27)][Switch]$AccessWithoutConfirmation,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=28)][Switch]$CreateFolders,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=29)][Switch]$DeleteFolders,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=30)][Switch]$MoveAccountsAndFolders,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=31)][ValidateSet(0,1,2)][Int]$RequestsAuthorizationLevel,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=32)][ValidateSet("User","Group","Role")][String]$MemberType,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=33)]
        [Switch]$NoSSL   
    )

    $tokenval = $token.token
    $sessionval = $token.session
    $PVWA = $token.pvwa
    $Header = $token.HeaderType
    $ISPSS = $token.ISPSS

    Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"
    Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"
    Write-Verbose "SUCCESSFULLY PARSED MEMBER VALUE"
    Write-Verbose "SUCCESSFULLY PARSED SEARCHIN VALUE"
    Write-Verbose "SUCCESSFULLY PARSED SAFE VALUE"

    Write-Verbose "INITIALIZING PERMISSIONS"
    $pUseAccounts = $false
    $pRetrieveAccounts = $false
    $pListAccounts = $false
    $pAddAccounts = $false
    $pUpdateAccountContent = $false
    $pUpdateAccountProperties = $false
    $pInitiateCPMAccountManagementOperations = $false
    $pSpecifyNextAccountContent = $false
    $pRenameAccounts = $false
    $pDeleteAccounts = $false
    $pUnlockAccounts = $false
    $pManageSafe = $false
    $pManageSafeMembers = $false
    $pBackupSafe = $false
    $pViewAuditLog = $false
    $pViewSafeMembers = $false
    $pRequestsAuthorizationLevel = 0
    $pAccessWithoutConfirmation = $false
    $pCreateFolders = $false
    $pDeleteFolders = $false
    $pMoveAccountsAndFolders = $false
    $pAllPerms = $false
    $pAllAccess = $false
    $pAllAccountManagement = $false
    $pAllMonitor = $false
    $pAllWorkflow = $false
    $pAllAdvanced = $false


    Write-Verbose "INITIALIZING SET PERMISSIONS"
    $AllPermsChecked = 0
    $AllAccessChecked = 0
    $AllAccountManagementChecked = 0
    $AllMonitorChecked = 0
    $AllWorkflowChecked = 0
    $AllAdvancedChecked = 0
    $AllSafeManagementChecked = 0

    #CHECKING SECTION PERMISSIONS
    Write-Verbose "CHECKING SET PERMISSIONS"
    if($AllPerms){$AllPermsChecked = 1}else{$AllPermsChecked = 0}
    if($AllAccess){$AllAccessChecked = 1}else{$AllAccessChecked = 0}
    if($AllAccountManagement){$AllAccountManagementChecked = 1}else{$AllAccountManagementChecked = 0}
    if($AllMonitor){$AllMonitorChecked = 1}else{$AllMonitorChecked = 0}
    if($AllWorkflow){$AllWorkflowChecked = 1}else{$AllWorkflowChecked = 0}
    if($AllAdvanced){$AllAdvancedChecked = 1}else{$AllAdvancedChecked = 0}
    if($AllSafeManagement){$AllSafeManagementChecked = 1}else{$AllSafeManagementChecked = 0}


    #SETTING SECTION PERMISSIONS
    if($AllPermsChecked -eq 1){
        Write-Verbose "ALL PERMISSIONS CHECKED"
        $pUseAccounts = $true
        $pRetrieveAccounts = $true
        $pListAccounts = $true
        $pAddAccounts = $true
        $pUpdateAccountContent = $true
        $pUpdateAccountProperties = $true
        $pInitiateCPMAccountManagementOperations = $true
        $pSpecifyNextAccountContent = $true
        $pRenameAccounts = $true
        $pDeleteAccounts = $true
        $pUnlockAccounts = $true
        $pManageSafe = $true
        $pManageSafeMembers = $true
        $pBackupSafe = $true
        $pViewAuditLog = $true
        $pViewSafeMembers = $true
        $pRequestsAuthorizationLevel = 1
        $pAccessWithoutConfirmation = $true
        $pCreateFolders = $true
        $pDeleteFolders = $true
        $pMoveAccountsAndFolders = $true
    }
    if($AllAccessChecked -eq 1){
        Write-Verbose "ALL ACCESS PERMISSIONS CHECKED"
        $pUseAccounts = $true
        $pRetrieveAccounts = $true
        $pListAccounts = $true
    }
    if($AllAccountManagementChecked -eq 1){
        Write-Verbose "ALL ACCOUNT MANAGEMENT PERMISSIONS CHECKED"
        $pAddAccounts = $true
        $pUpdateAccountContent = $true
        $pUpdateAccountProperties = $true
        $pInitiateCPMAccountManagementOperations = $true
        $pSpecifyNextAccountContent = $true
        $pRenameAccounts = $true
        $pDeleteAccounts = $true
        $pUnlockAccounts = $true
    }
    if($AllSafeManagementChecked -eq 1){
        Write-Verbose "ALL SAFE MANAGEMENT PERMISSIONS CHECKED"
        $pManageSafe = $true
        $pManageSafeMembers = $true
        $pBackupSafe = $true
    }
    if($AllMonitorChecked -eq 1){
        Write-Verbose "ALL MONITOR PERMISSIONS CHECKED"
        $pViewAuditLog = $true
        $pViewSafeMembers = $true
    }
    if($AllWorkflowChecked -eq 1){
        Write-Verbose "ALL WORKFLOW PERMISSIONS CHECKED"
        $pRequestsAuthorizationLevel = 1
        $pAccessWithoutConfirmation = $true
    }
    if($AllAdvancedChecked -eq 1){
        Write-Verbose "ALL ADVANCED PERMISSIONS CHECKED"
        $pCreateFolders = $true
        $pDeleteFolders = $true
        $pMoveAccountsAndFolders = $true
    }
    
    #CHECKING SINGLE PERMISSIONS
    if($AllPermsChecked -eq 0 -and $AllAccessChecked -eq 0){
        Write-Verbose "ANALYZING USE ACCOUNTS PERMISSION"
        if($UseAccounts){$pUseAccounts = $true}else{$pUseAccounts = $false}
        Write-Verbose "ANALYZING RETRIEVE ACCOUNTS PERMISSION"
        if($RetrieveAccounts){$pRetrieveAccounts = $true}else{$pRetrieveAccounts = $false}
        Write-Verbose "ANALYZING LIST ACCOUNTS PERMISSION"
        if($ListAccounts){$pListAccounts = $true}else{$pListAccounts = $false}
    }
    if($AllPermsChecked -eq 0 -and $AllAccountManagementChecked -eq 0){
        Write-Verbose "ANALYZING ADD ACCOUNTS PERMISSION"
        if($AddAccounts){$pAddAccounts = $true}else{$pAddAccounts = $false}
        Write-Verbose "ANALYZING UPDATE ACCOUNT CONTENT PERMISSION"
        if($UpdateAccountContent){$pUpdateAccountContent = $true}else{$pUpdateAccountContent = $false}
        Write-Verbose "ANALYZING UPDATE ACCOUNT PROPERTIES PERMISSION"
        if($UpdateAccountProperties){$pUpdateAccountProperties = $true}else{$pUpdateAccountProperties = $false}
        Write-Verbose "ANALYZING INITIATE CPM ACCOUNT MANAGEMENT OPERATIONS PERMISSION"
        if($InitiateCPMAccountManagementOperations){$pInitiateCPMAccountManagementOperations = $true}else{$pInitiateCPMAccountManagementOperations = $false}
        Write-Verbose "ANALYZING SPECIFY NEXT ACCOUNT CONTENT PERMISSION"
        if($SpecifyNextAccountContent){$pSpecifyNextAccountContent = $true}else{$pSpecifyNextAccountContent = $false}
        Write-Verbose "ANALYZING RENAME ACCOUNTS PERMISSION"
        if($RenameAccounts){$pRenameAccounts = $true}else{$pRenameAccounts = $false}
        Write-Verbose "ANALYZING DELETE ACCOUNTS PERMISSION"
        if($DeleteAccounts){$pDeleteAccounts = $true}else{$pDeleteAccounts = $false}
        Write-Verbose "ANALYZING UNLOCK ACCOUNTS PERMISSION"
        if($UnlockAccounts){$pUnlockAccounts = $true}else{$pUnlockAccounts = $false}
    }
    if($AllPermsChecked -eq 0 -and $AllSafeManagementChecked -eq 0){
        Write-Verbose "ANALYZING MANAGE SAFE PERMISSION"
        if($ManageSafe){$pManageSafe = $true}else{$pManageSafe = $false}
        Write-Verbose "ANALYZING MANAGE SAFE MEMBERS PERMISSION"
        if($ManageSafeMembers){$pManageSafeMembers = $true}else{$pManageSafeMembers = $false}
        Write-Verbose "ANALYZING BACKUP SAFE PERMISSION"
        if($BackupSafe){$pBackupSafe = $true}else{$pBackupSafe = $false} 
    }
    if($AllPermsChecked -eq 0 -and $AllMonitorChecked -eq 0){
        Write-Verbose "ANALYZING VIEW AUDIT LOG PERMISSION"
        if($ViewAuditLog){$pViewAuditLog = $true}else{$pViewAuditLog = $false}
        Write-Verbose "ANALYZING VIEW SAFE MEMBERS PERMISSION"
        if($ViewSafeMembers){$pViewSafeMembers = $true}else{$pViewSafeMembers = $false}
    }
    if($AllPermsChecked -eq 0 -and $AllWorkflowChecked -eq 0){
        Write-Verbose "ANALYZING ACCESS WITHOUT CONFIRMATION PERMISSION"
        if($AccessWithoutConfirmation){$pAccessWithoutConfirmation = $true}else{$pAccessWithoutConfirmation = $false}
        Write-Verbose "ANALYZING REQUESTS AUTHORIZATION LEVEL PERMISSION"
        if($RequestsAuthorizationLevel -eq 0){$pRequestsAuthorizationLevel = 0}
        elseif($RequestsAuthorizationLevel -eq 1){$pRequestsAuthorizationLevel = 1}
        elseif($RequestsAuthorizationLevel -eq 2){$pRequestsAuthorizationLevel = 2}
    }
    if($AllPermsChecked -eq 0 -and $AllAdvancedChecked -eq 0){
        Write-Verbose "ANALYZING CREATE FOLDERS PERMISSION"
        if($CreateFolders){$pCreateFolders = $true}else{$pCreateFolders = $false}
        Write-Verbose "ANALYZING DELETE FOLDERS PERMISSION"
        if($DeleteFolders){$pDeleteFolders = $true}else{$pDeleteFolders = $false}
        Write-Verbose "ANALYZING MOVE ACCOUNTS AND FOLDERS PERMISSION"
        if($MoveAccountsAndFolders){$pMoveAccountsAndFolders = $true}else{$pMoveAccountsAndFolders = $false}
    }

    Write-Verbose "INITIALIZING PARAMETERS FOR API CALL"
    $permissions = @{
        UseAccounts = $pUseAccounts
        RetrieveAccounts = $pRetrieveAccounts
        ListAccounts = $pListAccounts
        AddAccounts = $pAddAccounts
        UpdateAccountContent = $pUpdateAccountContent
        UpdateAccountProperties = $pUpdateAccountProperties
        InitiateCPMAccountManagementOperations = $pInitiateCPMAccountManagementOperations
        SpecifyNextAccountContent = $pSpecifyNextAccountContent
        RenameAccounts = $pRenameAccounts
        DeleteAccounts = $pDeleteAccounts
        UnlockAccounts = $pUnlockAccounts
        ManageSafe = $pManageSafe
        ManageSafeMembers = $pManageSafeMembers
        BackupSafe = $pBackupSafe
        ViewAuditLog = $pViewAuditLog
        ViewSafeMembers = $pViewSafeMembers
        AccessWithoutConfirmation = $pAccessWithoutConfirmation
        CreateFolders = $pCreateFolders
        DeleteFolders = $pDeleteFolders
        MoveAccountsAndFolders = $pMoveAccountsAndFolders
    }
    if($pRequestsAuthorizationLevel -eq 1){
        $permissions += @{
            requestsAuthorizationLevel1 = $true
        }
    }
    elseif($pRequestsAuthorizationLevel -eq 2){
        $permissions += @{
            requestsAuthorizationLevel2 = $true
        }
    }

    if($ISPSS){
        if([String]::IsNullOrEmpty($MemberType)){
            Write-Host "ENTER MEMBER TYPE (User, Group, Role): " -ForegroundColor Yellow -NoNewline
            $MemberType = read-host 
        }

        $params = @{
            MemberName = $member
            SearchIn = $searchin
            Permissions = $permissions
            memberType = $MemberType
        } | ConvertTo-Json
    }
    else{
        $params = @{
            MemberName = $member
            SearchIn = $searchin
            Permissions = $permissions
        } | ConvertTo-Json
    }

    try{

        Write-Verbose "MAKING API CALL TO CYBERARK"
        if($NoSSL){
            Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
            $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members"
        }
        else{
            Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
            $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members"
        }

        if($sessionval){
            $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval
        }
        else{
            $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json"  
        }
        Write-Verbose "PARSING DATA FROM CYBERARK"
        Write-Verbose "RETURNING JSON OBJECT"
        return $response
    }catch{
        Write-Verbose "UNABLE TO ADD SAFE MEMBER TO SAFE"
        Vout -str $_ -type E
        return $false
    }
}