public/Update-VPASSafeMember.ps1

<#
.Synopsis
   UPDATE SAFE MEMBER
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO UPDATE A SAFE MEMBER OF A SAFE IN CYBERARK
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER member
   Target unique safe member name
.PARAMETER safe
   Target unique safe name
.PARAMETER AllPerms
   Enables all safe permissions
.PARAMETER AllAccess
   Enables all Access safe permissions (UseAccounts, RetrieveAccounts, ListAccounts)
.PARAMETER AllAccountManagement
   Enables all AccountManagement safe permissions (AddAccounts, UpdateAccountContent, UpdateAccountProperties, InitiateCPMAccountManagementOperations, SpecifyNextAccountContent, RenameAccounts, DeleteAccounts, UnlockAccounts)
.PARAMETER AllMonitor
   Enables all Monitor safe permissions (ViewAuditLog, ViewSafeMembers)
.PARAMETER AllSafeManagement
   Enables all SafeManagement safe permissions (ManageSafe, ManageSafeMembers, BackupSafe)
.PARAMETER AllWorkflow
   Enables all Workflow safe permissions (RequestsAuthorizationLevel(1), AccessWithoutConfirmation)
.PARAMETER AllAdvanced
   Enables all Advanced safe permissions (CreateFolders, DeleteFolders, MoveAccountsAndFolders)
.PARAMETER UseAccounts
   Gives the ability use accounts in a safe (click the connect button)
.PARAMETER RetrieveAccounts
   Gives the ability to pull accounts credentials in a safe (click the Show/Copy buttons)
.PARAMETER ListAccounts
   Gives the ability to view accounts in a safe
.PARAMETER AddAccounts
   Gives the ability to add accounts in a safe
.PARAMETER UpdateAccountContent
   Gives the ability to manually update accounts secrets in a safe
.PARAMETER UpdateAccountProperties
   Gives the ability to update account properties in a safe (username field, address field, etc)
.PARAMETER InitiateCPMAccountManagementOperations
   Gives the ability to trigger the CPM to run a change, verify, or reconcile on accounts in a safe
.PARAMETER SpecifyNextAccountContent
   Gives the ability to specify what the next password the CPM will push to accounts in a safe
.PARAMETER RenameAccounts
   Gives the ability to modify the ObjectName of accounts in a safe
.PARAMETER DeleteAccounts
   Gives the ability to delete accounts from a safe
.PARAMETER UnlockAccounts
   Gives the ability to unlock or check-in locked account on someone else's behalf in a safe
.PARAMETER ManageSafe
   Gives the ability to modify safe details (DaysRetention, VersionRetention, Description, etc)
.PARAMETER ManageSafeMembers
   Gives the ability to add, remove, modify safe members on a safe
.PARAMETER BackupSafe
   Gives the ability to backup a safe
.PARAMETER ViewAuditLog
   Gives the ability to view the activities performed on accounts in a safe
.PARAMETER ViewSafeMembers
   Gives the ability to view safe members on a safe
.PARAMETER AccessWithoutConfirmation
   Gives the ability to access the safe without needing confirmation from an approver
.PARAMETER CreateFolders
   Gives the ability to create folders in a safe
.PARAMETER DeleteFolders
   Gives the ability to delete folders from a safe
.PARAMETER MoveAccountsAndFolders
   Gives the ability to move accounts and folders from one safe to another
.PARAMETER RequestsAuthorizationLevel1
   Gives the ability to approve or deny users from using an account (Level1) in a safe
.PARAMETER RequestsAuthorizationLevel2
   Gives the ability to approve or deny users from using an account (Level2) in a safe
.PARAMETER SafePermissionHashTable
   Hashtable that contains the set of safe permissions to be applied to a specific safe member.
   Hashtable has priority over the safe permission flags that are passed
.EXAMPLE
   $UpdateSafeMemberJSON = Update-VPASSafeMember -member {MEMBER VALUE} -safe {SAFE VALUE} -AllPerms
.EXAMPLE
   $UpdateSafeMemberJSON = Update-VPASSafeMember -member {MEMBER VALUE} -safe {SAFE VALUE} -AllAccess -AllMonitor
.EXAMPLE
   $UpdateSafeMemberJSON = Update-VPASSafeMember -member {MEMBER VALUE} -safe {SAFE VALUE} -UseAccounts -RetrieveAccounts -AllMonitor
.OUTPUTS
   If successful:
   {
        "safeUrlId": "NewSafeVpas",
        "safeName": "NewSafeVpas",
        "safeNumber": 133,
        "memberId": "1dfc3edf-4564-4abf-9bc1-1234",
        "memberName": "vadim@vman.pam",
        "memberType": "User",
        "membershipExpirationDate": null,
        "isExpiredMembershipEnable": false,
        "isPredefinedUser": false,
        "isReadOnly": false,
        "permissions": {
                            "useAccounts": true,
                            "retrieveAccounts": true,
                            "listAccounts": true,
                            "addAccounts": true,
                            "updateAccountContent": true,
                            "updateAccountProperties": true,
                            "initiateCPMAccountManagementOperations": true,
                            "specifyNextAccountContent": true,
                            "renameAccounts": true,
                            "deleteAccounts": true,
                            "unlockAccounts": true,
                            "manageSafe": true,
                            "manageSafeMembers": true,
                            "backupSafe": true,
                            "viewAuditLog": true,
                            "viewSafeMembers": true,
                            "accessWithoutConfirmation": true,
                            "createFolders": true,
                            "deleteFolders": true,
                            "moveAccountsAndFolders": true,
                            "requestsAuthorizationLevel1": true,
                            "requestsAuthorizationLevel2": false
                        }
   }
   ---
   $false if failed
#>

function Update-VPASSafeMember{
    [OutputType('System.Object',[bool])]
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target SafeMember to update (for example: 'Vault Admins')",Position=0)][String]$member,
        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter safe of target SafeMember to update (for example: TestSafe1)",Position=1)][String]$safe,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)][Switch]$AllPerms,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)][Switch]$AllAccess,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)][Switch]$AllAccountManagement,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)][Switch]$AllMonitor,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)][Switch]$AllSafeManagement,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)][Switch]$AllWorkflow,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)][Switch]$AllAdvanced,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=9)][Switch]$UseAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=10)][Switch]$RetrieveAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=11)][Switch]$ListAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=12)][Switch]$AddAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=13)][Switch]$UpdateAccountContent,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=14)][Switch]$UpdateAccountProperties,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=15)][Switch]$InitiateCPMAccountManagementOperations,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=16)][Switch]$SpecifyNextAccountContent,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=17)][Switch]$RenameAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=18)][Switch]$DeleteAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=19)][Switch]$UnlockAccounts,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=20)][Switch]$ManageSafe,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=21)][Switch]$ManageSafeMembers,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=22)][Switch]$BackupSafe,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=23)][Switch]$ViewAuditLog,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=24)][Switch]$ViewSafeMembers,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=25)][Switch]$AccessWithoutConfirmation,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=26)][Switch]$CreateFolders,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=27)][Switch]$DeleteFolders,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=28)][Switch]$MoveAccountsAndFolders,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=29)][Switch]$RequestsAuthorizationLevel1,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=30)][Switch]$RequestsAuthorizationLevel2,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=31)][hashtable]$SafePermissionHashTable,
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=32)][hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    process{
        Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE"
        Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE"
        Write-Verbose "SUCCESSFULLY PARSED MEMBER VALUE"
        Write-Verbose "SUCCESSFULLY PARSED SAFE VALUE"

        Write-Verbose "INITIALIZING PERMISSIONS"
        $pUseAccounts = $false
        $pRetrieveAccounts = $false
        $pListAccounts = $false
        $pAddAccounts = $false
        $pUpdateAccountContent = $false
        $pUpdateAccountProperties = $false
        $pInitiateCPMAccountManagementOperations = $false
        $pSpecifyNextAccountContent = $false
        $pRenameAccounts = $false
        $pDeleteAccounts = $false
        $pUnlockAccounts = $false
        $pManageSafe = $false
        $pManageSafeMembers = $false
        $pBackupSafe = $false
        $pViewAuditLog = $false
        $pViewSafeMembers = $false
        $pRequestsAuthorizationLevel1 = $false
        $pRequestsAuthorizationLevel2 = $false
        $pAccessWithoutConfirmation = $false
        $pCreateFolders = $false
        $pDeleteFolders = $false
        $pMoveAccountsAndFolders = $false
        $pAllPerms = $false
        $pAllAccess = $false
        $pAllAccountManagement = $false
        $pAllMonitor = $false
        $pAllWorkflow = $false
        $pAllAdvanced = $false

        Write-Verbose "INITIALIZING SET PERMISSIONS"
        $AllPermsChecked = 0
        $AllAccessChecked = 0
        $AllAccountManagementChecked = 0
        $AllMonitorChecked = 0
        $AllWorkflowChecked = 0
        $AllAdvancedChecked = 0
        $AllSafeManagementChecked = 0


        if($SafePermissionHashTable.Count -eq 0){

            #CHECKING SECTION PERMISSIONS
            Write-Verbose "CHECKING SET PERMISSIONS"
            if($AllPerms){$AllPermsChecked = 1}else{$AllPermsChecked = 0}
            if($AllAccess){$AllAccessChecked = 1}else{$AllAccessChecked = 0}
            if($AllAccountManagement){$AllAccountManagementChecked = 1}else{$AllAccountManagementChecked = 0}
            if($AllMonitor){$AllMonitorChecked = 1}else{$AllMonitorChecked = 0}
            if($AllWorkflow){$AllWorkflowChecked = 1}else{$AllWorkflowChecked = 0}
            if($AllAdvanced){$AllAdvancedChecked = 1}else{$AllAdvancedChecked = 0}
            if($AllSafeManagement){$AllSafeManagementChecked = 1}else{$AllSafeManagementChecked = 0}


            #SETTING SECTION PERMISSIONS
            if($AllPermsChecked -eq 1){
                Write-Verbose "ALL PERMISSIONS CHECKED"
                $pUseAccounts = $true
                $pRetrieveAccounts = $true
                $pListAccounts = $true
                $pAddAccounts = $true
                $pUpdateAccountContent = $true
                $pUpdateAccountProperties = $true
                $pInitiateCPMAccountManagementOperations = $true
                $pSpecifyNextAccountContent = $true
                $pRenameAccounts = $true
                $pDeleteAccounts = $true
                $pUnlockAccounts = $true
                $pManageSafe = $true
                $pManageSafeMembers = $true
                $pBackupSafe = $true
                $pViewAuditLog = $true
                $pViewSafeMembers = $true
                $pRequestsAuthorizationLevel1 = $true
                $pRequestsAuthorizationLevel2 = $false
                $pAccessWithoutConfirmation = $true
                $pCreateFolders = $true
                $pDeleteFolders = $true
                $pMoveAccountsAndFolders = $true
            }
            if($AllAccessChecked -eq 1){
                Write-Verbose "ALL ACCESS PERMISSIONS CHECKED"
                $pUseAccounts = $true
                $pRetrieveAccounts = $true
                $pListAccounts = $true
            }
            if($AllAccountManagementChecked -eq 1){
                Write-Verbose "ALL ACCOUNT MANAGEMENT PERMISSIONS CHECKED"
                $pAddAccounts = $true
                $pUpdateAccountContent = $true
                $pUpdateAccountProperties = $true
                $pInitiateCPMAccountManagementOperations = $true
                $pSpecifyNextAccountContent = $true
                $pRenameAccounts = $true
                $pDeleteAccounts = $true
                $pUnlockAccounts = $true
            }
            if($AllSafeManagementChecked -eq 1){
                Write-Verbose "ALL SAFE MANAGEMENT PERMISSIONS CHECKED"
                $pManageSafe = $true
                $pManageSafeMembers = $true
                $pBackupSafe = $true
            }
            if($AllMonitorChecked -eq 1){
                Write-Verbose "ALL MONITOR PERMISSIONS CHECKED"
                $pViewAuditLog = $true
                $pViewSafeMembers = $true
            }
            if($AllWorkflowChecked -eq 1){
                Write-Verbose "ALL WORKFLOW PERMISSIONS CHECKED"
                $pRequestsAuthorizationLevel1 = $true
                $pRequestsAuthorizationLevel2 = $false
                $pAccessWithoutConfirmation = $true
            }
            if($AllAdvancedChecked -eq 1){
                Write-Verbose "ALL ADVANCED PERMISSIONS CHECKED"
                $pCreateFolders = $true
                $pDeleteFolders = $true
                $pMoveAccountsAndFolders = $true
            }

            #CHECKING SINGLE PERMISSIONS
            if($AllPermsChecked -eq 0 -and $AllAccessChecked -eq 0){
                Write-Verbose "ANALYZING USE ACCOUNTS PERMISSION"
                if($UseAccounts){$pUseAccounts = $true}else{$pUseAccounts = $false}
                Write-Verbose "ANALYZING RETRIEVE ACCOUNTS PERMISSION"
                if($RetrieveAccounts){$pRetrieveAccounts = $true}else{$pRetrieveAccounts = $false}
                Write-Verbose "ANALYZING LIST ACCOUNTS PERMISSION"
                if($ListAccounts){$pListAccounts = $true}else{$pListAccounts = $false}
            }
            if($AllPermsChecked -eq 0 -and $AllAccountManagementChecked -eq 0){
                Write-Verbose "ANALYZING ADD ACCOUNTS PERMISSION"
                if($AddAccounts){$pAddAccounts = $true}else{$pAddAccounts = $false}
                Write-Verbose "ANALYZING UPDATE ACCOUNT CONTENT PERMISSION"
                if($UpdateAccountContent){$pUpdateAccountContent = $true}else{$pUpdateAccountContent = $false}
                Write-Verbose "ANALYZING UPDATE ACCOUNT PROPERTIES PERMISSION"
                if($UpdateAccountProperties){$pUpdateAccountProperties = $true}else{$pUpdateAccountProperties = $false}
                Write-Verbose "ANALYZING INITIATE CPM ACCOUNT MANAGEMENT OPERATIONS PERMISSION"
                if($InitiateCPMAccountManagementOperations){$pInitiateCPMAccountManagementOperations = $true}else{$pInitiateCPMAccountManagementOperations = $false}

                Write-Verbose "ANALYZING SPECIFY NEXT ACCOUNT CONTENT PERMISSION"
                if($SpecifyNextAccountContent){
                    $pSpecifyNextAccountContent = $true
                    if(!$pInitiateCPMAccountManagementOperations){
                        Write-VPASOutput -str "In order to enable `"SpecifyNextAccountContent`" permission, this command will also enable `"InitiateCPMAccountManagementOperations`" permission" -type M
                        $pInitiateCPMAccountManagementOperations = $true
                    }
                }
                else{
                    $pSpecifyNextAccountContent = $false
                }

                Write-Verbose "ANALYZING RENAME ACCOUNTS PERMISSION"
                if($RenameAccounts){$pRenameAccounts = $true}else{$pRenameAccounts = $false}
                Write-Verbose "ANALYZING DELETE ACCOUNTS PERMISSION"
                if($DeleteAccounts){$pDeleteAccounts = $true}else{$pDeleteAccounts = $false}
                Write-Verbose "ANALYZING UNLOCK ACCOUNTS PERMISSION"
                if($UnlockAccounts){$pUnlockAccounts = $true}else{$pUnlockAccounts = $false}
            }
            if($AllPermsChecked -eq 0 -and $AllSafeManagementChecked -eq 0){
                Write-Verbose "ANALYZING MANAGE SAFE PERMISSION"
                if($ManageSafe){$pManageSafe = $true}else{$pManageSafe = $false}
                Write-Verbose "ANALYZING MANAGE SAFE MEMBERS PERMISSION"
                if($ManageSafeMembers){$pManageSafeMembers = $true}else{$pManageSafeMembers = $false}
                Write-Verbose "ANALYZING BACKUP SAFE PERMISSION"
                if($BackupSafe){$pBackupSafe = $true}else{$pBackupSafe = $false}
            }
            if($AllPermsChecked -eq 0 -and $AllMonitorChecked -eq 0){
                Write-Verbose "ANALYZING VIEW AUDIT LOG PERMISSION"
                if($ViewAuditLog){$pViewAuditLog = $true}else{$pViewAuditLog = $false}
                Write-Verbose "ANALYZING VIEW SAFE MEMBERS PERMISSION"
                if($ViewSafeMembers){$pViewSafeMembers = $true}else{$pViewSafeMembers = $false}
            }
            if($AllPermsChecked -eq 0 -and $AllWorkflowChecked -eq 0){
                Write-Verbose "ANALYZING ACCESS WITHOUT CONFIRMATION PERMISSION"
                if($AccessWithoutConfirmation){$pAccessWithoutConfirmation = $true}else{$pAccessWithoutConfirmation = $false}
                Write-Verbose "ANALYZING REQUESTS AUTHORIZATION LEVEL PERMISSION"
                if($RequestsAuthorizationLevel1){$pRequestsAuthorizationLevel1 = $true}else{$pRequestsAuthorizationLevel1 = $false}
                if($RequestsAuthorizationLevel2){$pRequestsAuthorizationLevel2 = $true}else{$pRequestsAuthorizationLevel2 = $false}
                if($pRequestsAuthorizationLevel1 -and $pRequestsAuthorizationLevel2){$pRequestsAuthorizationLevel2 = $false}
            }
            if($AllPermsChecked -eq 0 -and $AllAdvancedChecked -eq 0){
                Write-Verbose "ANALYZING CREATE FOLDERS PERMISSION"
                if($CreateFolders){$pCreateFolders = $true}else{$pCreateFolders = $false}
                Write-Verbose "ANALYZING DELETE FOLDERS PERMISSION"
                if($DeleteFolders){$pDeleteFolders = $true}else{$pDeleteFolders = $false}
                Write-Verbose "ANALYZING MOVE ACCOUNTS AND FOLDERS PERMISSION"
                if($MoveAccountsAndFolders){$pMoveAccountsAndFolders = $true}else{$pMoveAccountsAndFolders = $false}
            }
        }
        else{
            $AcceptableKeys = @("useaccounts","retrieveaccounts","listaccounts","addaccounts","updateaccountcontent","updateaccountproperties","initiatecpmaccountmanagementoperations","specifynextaccountcontent","renameaccounts","deleteaccounts","unlockaccounts","managesafe","managesafemembers","backupsafe","viewauditlog","viewsafemembers","accesswithoutconfirmation","createfolders","deletefolders","moveaccountsandfolders","requestsauthorizationlevel1","requestsauthorizationlevel2")
            foreach($key in $SafePermissionHashTable.Keys){
                $tempkey = $key.toLower()
                if(!$AcceptableKeys.Contains($tempkey)){
                    $log = Write-VPASTextRecorder -inputval "UNKNOWN KEY IN SafePermissionHashTable: $key" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "PLEASE PROVIDE A HASHTABLE WITH THESE POSSIBLE KEY VALUES: useAccounts,retrieveAccounts,listAccounts,addAccounts,updateAccountContent,updateAccountProperties,initiateCPMAccountManagementOperations,specifyNextAccountContent,renameAccounts,deleteAccounts,unlockAccounts,manageSafe,manageSafeMembers,backupSafe,viewAuditLog,viewSafeMembers,accessWithoutConfirmation,createFolders,deleteFolders,moveAccountsAndFolders,requestsAuthorizationLevel1,requestsAuthorizationLevel2" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-Verbose "UNABLE TO UPDATE SAFE MEMBER TO SAFE"
                    Write-Verbose "UNKNOWN KEY IN SafePermissionHashTable: $key"
                    Write-VPASOutput -str "UNKNOWN KEY IN SafePermissionHashTable: $key" -type E
                    Write-VPASOutput -str "PLEASE PROVIDE A HASHTABLE WITH THESE POSSIBLE KEY VALUES: useAccounts,retrieveAccounts,listAccounts,addAccounts,updateAccountContent,updateAccountProperties,initiateCPMAccountManagementOperations,specifyNextAccountContent,renameAccounts,deleteAccounts,unlockAccounts,manageSafe,manageSafeMembers,backupSafe,viewAuditLog,viewSafeMembers,accessWithoutConfirmation,createFolders,deleteFolders,moveAccountsAndFolders,requestsAuthorizationLevel1,requestsAuthorizationLevel2" -type E
                    return $false
                }
            }

            if($SafePermissionHashTable.useAccounts){$pUseAccounts = $true}else{$pUseAccounts = $false}
            if($SafePermissionHashTable.retrieveAccounts){$pRetrieveAccounts = $true}else{$pRetrieveAccounts = $false}
            if($SafePermissionHashTable.listAccounts){$pListAccounts = $true}else{$pListAccounts = $false}
            if($SafePermissionHashTable.addAccounts){$pAddAccounts = $true}else{$pAddAccounts = $false}
            if($SafePermissionHashTable.updateAccountContent){$pUpdateAccountContent = $true}else{$pUpdateAccountContent = $false}
            if($SafePermissionHashTable.updateAccountProperties){$pUpdateAccountProperties = $true}else{$pUpdateAccountProperties = $false}
            if($SafePermissionHashTable.initiateCPMAccountManagementOperations){$pInitiateCPMAccountManagementOperations = $true}else{$pInitiateCPMAccountManagementOperations = $false}
            if($SafePermissionHashTable.specifyNextAccountContent){
                $pSpecifyNextAccountContent = $true
                if(!$pInitiateCPMAccountManagementOperations){
                    Write-VPASOutput -str "In order to enable `"SpecifyNextAccountContent`" permission, this command will also enable `"InitiateCPMAccountManagementOperations`" permission" -type M
                    $pInitiateCPMAccountManagementOperations = $true
                }
            }else{
                $pSpecifyNextAccountContent = $false
            }
            if($SafePermissionHashTable.renameAccounts){$pRenameAccounts = $true}else{$pRenameAccounts = $false}
            if($SafePermissionHashTable.deleteAccounts){$pDeleteAccounts = $true}else{$pDeleteAccounts = $false}
            if($SafePermissionHashTable.unlockAccounts){$pUnlockAccounts = $true}else{$pUnlockAccounts = $false}
            if($SafePermissionHashTable.manageSafe){$pManageSafe = $true}else{$pManageSafe = $false}
            if($SafePermissionHashTable.manageSafeMembers){$pManageSafeMembers = $true}else{$pManageSafeMembers = $false}
            if($SafePermissionHashTable.backupSafe){$pBackupSafe = $true}else{$pBackupSafe = $false}
            if($SafePermissionHashTable.viewAuditLog){$pViewAuditLog = $true}else{$pViewAuditLog = $false}
            if($SafePermissionHashTable.viewSafeMembers){$pViewSafeMembers = $true}else{$pViewSafeMembers = $false}
            if($SafePermissionHashTable.requestsAuthorizationLevel1){$pRequestsAuthorizationLevel1 = $true}else{$pRequestsAuthorizationLevel1 = $false}
            if($SafePermissionHashTable.requestsAuthorizationLevel2){$pRequestsAuthorizationLevel2 = $true}else{$pRequestsAuthorizationLevel2 = $false}
            if($SafePermissionHashTable.accessWithoutConfirmation){$pAccessWithoutConfirmation = $true}else{$pAccessWithoutConfirmation = $false}
            if($SafePermissionHashTable.createFolders){$pCreateFolders = $true}else{$pCreateFolders = $false}
            if($SafePermissionHashTable.deleteFolders){$pDeleteFolders = $true}else{$pDeleteFolders = $false}
            if($SafePermissionHashTable.moveAccountsAndFolders){$pMoveAccountsAndFolders = $true}else{$pMoveAccountsAndFolders = $false}

            if($pRequestsAuthorizationLevel1 -and $pRequestsAuthorizationLevel2){$pRequestsAuthorizationLevel2 = $false}
        }

        Write-Verbose "INITIALIZING PARAMETERS FOR API CALL"
        $permissions = @{
            UseAccounts = $pUseAccounts
            RetrieveAccounts = $pRetrieveAccounts
            ListAccounts = $pListAccounts
            AddAccounts = $pAddAccounts
            UpdateAccountContent = $pUpdateAccountContent
            UpdateAccountProperties = $pUpdateAccountProperties
            InitiateCPMAccountManagementOperations = $pInitiateCPMAccountManagementOperations
            SpecifyNextAccountContent = $pSpecifyNextAccountContent
            RenameAccounts = $pRenameAccounts
            DeleteAccounts = $pDeleteAccounts
            UnlockAccounts = $pUnlockAccounts
            ManageSafe = $pManageSafe
            ManageSafeMembers = $pManageSafeMembers
            BackupSafe = $pBackupSafe
            ViewAuditLog = $pViewAuditLog
            ViewSafeMembers = $pViewSafeMembers
            AccessWithoutConfirmation = $pAccessWithoutConfirmation
            CreateFolders = $pCreateFolders
            DeleteFolders = $pDeleteFolders
            MoveAccountsAndFolders = $pMoveAccountsAndFolders
            RequestsAuthorizationLevel1 = $pRequestsAuthorizationLevel1
            RequestsAuthorizationLevel2 = $pRequestsAuthorizationLevel2
        }

        $params = @{
            MemberName = $member
            Permissions = $permissions
        }
        $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
        $params = $params | ConvertTo-Json

        try{
            Write-Verbose "MAKING API CALL TO CYBERARK"

            if($ISPSS){
                if($NoSSL){
                    Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                    $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members/$member/"
                }
                else{
                    Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                    $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members/$member/"
                }
            }
            else{
                if($NoSSL){
                    Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                    $uri = "http://$PVWA/PasswordVault/api/Safes/$safe/Members/$member"
                }
                else{
                    Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                    $uri = "https://$PVWA/PasswordVault/api/Safes/$safe/Members/$member"
                }
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "PUT" -token $token -LogType METHOD

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method PUT -Body $params -ContentType "application/json"
            }
            $outputlog = $response
            $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN
            Write-Verbose "PARSING DATA FROM CYBERARK"
            Write-Verbose "RETURNING JSON OBJECT"
            return $response
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO UPDATE SAFE MEMBER"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}