Edit-SafeguardUserGroup cannot remove members #526
Comments
|
@itd-walli Thank you for contacting us. I am not able to reproduce this behavior when using the current of safeguard-ps (v7.5.146913 in PowerShell v7.4.4). Could you provide more details including versions of safeguard-ps and powershell you're using, and maybe a sample command line and results? My results below: Add new users and retrieve membership. Both new users show as members. Remove the newly added users and relist. User membership for both users has been removed. |
|
@JeffHarkavy Thank you for the check. Looks like a problem with the Safeguard-Version. Added the verbose output for the remove to the command. Test1 (not working)
Problem occures: PS C:\Users\tw> Edit-SafeguardUserGroup -GroupToEdit 28 -Operation Add -UserList 8
Id : 28
Name : LUG_Enterprise Admins
Description :
IdentityProvider : @{Id=-1; Name=Local; TypeReferenceName=Local; IdentityId=LUG_Enterprise Admins}
IsReadOnly : False
CreatedDate : 2024-07-04T13:40:30Z
CreatedByUserId : 8
CreatedByUserDisplayName : tw
ModifiedDate : 2024-08-01T09:11:41Z
ModifiedByUserId : 8
ModifiedByUserDisplayName : tw
DirectoryProperties :
Members : {@{AdminRoles=System.Object[]; Id=8; Name=tw; Description=; DisplayName=tw; LastName=;
FirstName=tw; EmailAddress=; WorkPhone=; MobilePhone=; PrimaryAuthenticationProvider=;
SecondaryAuthenticationProvider=; IdentityProvider=; Disabled=False; TimeZoneId=UTC;
TimeZoneDisplayName=(UTC) Coordinated Universal Time; TimeZoneIanaName=Etc/UTC;
IsPartitionOwner=False; DirectoryProperties=; CloudAssistantApproveEnabled=False;
CloudAssistantRecipientId=; AllowPersonalAccounts=True; Locked=False;
PasswordNeverExpires=True; ChangePasswordAtNextLogin=False; Base64PhotoData=;
IsSystemOwned=False; LastLoginDate=; CreatedDate=2024-03-18T15:37:42Z; CreatedByUserId=1;
CreatedByUserDisplayName=pam-admin; ModifiedDate=2024-03-18T15:37:42Z; ModifiedByUserId=1;
ModifiedByUserDisplayName=pam-admin; RequireCertificateAuthentication=False;
DirectoryRequireCertificateAuthentication=False; LinkedAccountsCount=4}}
DirectoryGroupSyncProperties : @{PrimaryAuthenticationProviderId=; PrimaryAuthenticationProviderTypeReferenceName=Unknown;
PrimaryAuthenticationProviderName=; RequireCertificateAuthentication=False;
SecondaryAuthenticationProviderId=;
SecondaryAuthenticationProviderTypeReferenceName=Unknown;
SecondaryAuthenticationProviderName=; LinkDirectoryAccounts=False;
AllowPersonalAccounts=False; AdminRoles=System.Object[]}
PS C:\Users\tw> Edit-SafeguardUserGroup -GroupToEdit 28 -Operation Remove -UserList 8
VERBOSE: Insecure=True
VERBOSE: Configuring SSL version support to be secure
VERBOSE: Disabling SSL on Windows platform
VERBOSE: Adding the trust everything callback
VERBOSE: ---Request---
VERBOSE: Headers={
"Accept": "application/json",
"Content-type": "application/json"
}
VERBOSE: Url=https://spp1-demo48.demo48.reportit.at/service/core/v4/Users/8?fields=Id%2CName%2CPrimaryAuthenticationProvider.Id
VERBOSE: Parameters={
"fields": "Id,Name,PrimaryAuthenticationProvider.Id"
}
VERBOSE: GET https://spp1-demo48.demo48.reportit.at/service/core/v4/Users/8?fields=Id,Name,PrimaryAuthenticationProvider.Id with 0-byte payload
VERBOSE: received 61-byte response of content type application/json; charset=utf-8
VERBOSE: Enabling SSL on Windows platform
VERBOSE: Removing the trust everything callback
VERBOSE: Insecure=True
VERBOSE: Configuring SSL version support to be secure
VERBOSE: Disabling SSL on Windows platform
VERBOSE: Adding the trust everything callback
VERBOSE: ---Request---
VERBOSE: Headers={
"Accept": "application/json",
"Content-type": "application/json"
}
VERBOSE: Url=https://spp1-demo48.demo48.reportit.at/service/core/v4/UserGroups/28/Members/Remove
VERBOSE: Parameters=
VERBOSE: ---Request Body---
VERBOSE: [
{
"Id": 8,
"Name": "tw",
"PrimaryAuthenticationProvider": {
"Id": 1
}
}
]
VERBOSE: POST https://spp1-demo48.demo48.reportit.at/service/core/v4/UserGroups/28/Members/Remove with -1-byte payload
VERBOSE: received 2-byte response of content type application/json; charset=utf-8
VERBOSE: Enabling SSL on Windows platform
VERBOSE: Removing the trust everything callback
VERBOSE: Insecure=True
VERBOSE: Configuring SSL version support to be secure
VERBOSE: Disabling SSL on Windows platform
VERBOSE: Adding the trust everything callback
VERBOSE: ---Request---
VERBOSE: Headers={
"Accept": "application/json",
"Content-type": "application/json"
}
VERBOSE: Url=https://spp1-demo48.demo48.reportit.at/service/core/v4/UserGroups/28
VERBOSE: Parameters=
VERBOSE: GET https://spp1-demo48.demo48.reportit.at/service/core/v4/UserGroups/28 with 0-byte payload
VERBOSE: received 2500-byte response of content type application/json; charset=utf-8
Id : 28
Name : LUG_Enterprise Admins
Description :
IdentityProvider : @{Id=-1; Name=Local; TypeReferenceName=Local; IdentityId=LUG_Enterprise Admins}
IsReadOnly : False
CreatedDate : 2024-07-04T13:40:30Z
CreatedByUserId : 8
CreatedByUserDisplayName : tw
ModifiedDate : 2024-08-01T09:11:50Z
ModifiedByUserId : 8
ModifiedByUserDisplayName : tw
DirectoryProperties :
Members : {@{AdminRoles=System.Object[]; Id=8; Name=tw; Description=; DisplayName=tw; LastName=;
FirstName=tw; EmailAddress=; WorkPhone=; MobilePhone=; PrimaryAuthenticationProvider=;
SecondaryAuthenticationProvider=; IdentityProvider=; Disabled=False; TimeZoneId=UTC;
TimeZoneDisplayName=(UTC) Coordinated Universal Time; TimeZoneIanaName=Etc/UTC;
IsPartitionOwner=False; DirectoryProperties=; CloudAssistantApproveEnabled=False;
CloudAssistantRecipientId=; AllowPersonalAccounts=True; Locked=False;
PasswordNeverExpires=True; ChangePasswordAtNextLogin=False; Base64PhotoData=;
IsSystemOwned=False; LastLoginDate=; CreatedDate=2024-03-18T15:37:42Z; CreatedByUserId=1;
CreatedByUserDisplayName=pam-admin; ModifiedDate=2024-03-18T15:37:42Z; ModifiedByUserId=1;
ModifiedByUserDisplayName=pam-admin; RequireCertificateAuthentication=False;
DirectoryRequireCertificateAuthentication=False; LinkedAccountsCount=4}}
DirectoryGroupSyncProperties : @{PrimaryAuthenticationProviderId=; PrimaryAuthenticationProviderTypeReferenceName=Unknown;
PrimaryAuthenticationProviderName=; RequireCertificateAuthentication=False;
SecondaryAuthenticationProviderId=;
SecondaryAuthenticationProviderTypeReferenceName=Unknown;
SecondaryAuthenticationProviderName=; LinkDirectoryAccounts=False;
AllowPersonalAccounts=False; AdminRoles=System.Object[]}Test2 (working)
working: PS C:\Users\tw> Edit-SafeguardUserGroup -GroupToEdit 3 -Operation Add -UserList 1
Id : 3
Name : Test
Description :
IdentityProvider : @{Id=-1; Name=Local; TypeReferenceName=Local; IdentityId=Test}
IsReadOnly : False
CreatedDate : 2024-08-01T09:04:40Z
CreatedByUserId : 2
CreatedByUserDisplayName : svc_idm
ModifiedDate : 2024-08-01T09:09:03Z
ModifiedByUserId : 2
ModifiedByUserDisplayName : svc_idm
DirectoryProperties :
Members : {@{AdminRoles=System.Object[]; Id=1; Name=tw; Description=; DisplayName=tw; LastName=;
FirstName=; EmailAddress=; WorkPhone=; MobilePhone=; PrimaryAuthenticationProvider=;
SecondaryAuthenticationProvider=; IdentityProvider=; Disabled=False; TimeZoneId=UTC;
TimeZoneDisplayName=(UTC) Coordinated Universal Time; TimeZoneIanaName=Etc/UTC;
IsPartitionOwner=False; DirectoryProperties=; CloudAssistantApproveEnabled=False;
CloudAssistantRecipientId=; AllowPersonalAccounts=False; Locked=False;
PasswordNeverExpires=True; ChangePasswordAtNextLogin=False; Base64PhotoData=;
IsSystemOwned=False; LastLoginDate=; CreatedDate=2024-07-23T14:08:11Z;
CreatedByUserId=-2; CreatedByUserDisplayName=Bootstrap Administrator;
ModifiedDate=2024-07-23T14:56:45Z; ModifiedByUserId=-3;
ModifiedByUserDisplayName=Automated System; RequireCertificateAuthentication=False;
DirectoryRequireCertificateAuthentication=False; LinkedAccountsCount=0}}
DirectoryGroupSyncProperties : @{PrimaryAuthenticationProviderId=;
PrimaryAuthenticationProviderTypeReferenceName=Unknown;
PrimaryAuthenticationProviderName=; RequireCertificateAuthentication=False;
SecondaryAuthenticationProviderId=;
SecondaryAuthenticationProviderTypeReferenceName=Unknown;
SecondaryAuthenticationProviderName=; LinkDirectoryAccounts=False;
AllowPersonalAccounts=False; AdminRoles=System.Object[]}
PS C:\Users\tw> Edit-SafeguardUserGroup -GroupToEdit 3 -Operation Remove -UserList 1
VERBOSE: Insecure=True
VERBOSE: Configuring SSL version support to be secure
VERBOSE: Disabling SSL on Windows platform
VERBOSE: Adding the trust everything callback
VERBOSE: ---Request---
VERBOSE: Headers={
"Accept": "application/json",
"Content-type": "application/json"
}
VERBOSE: Url=https://192.168.50.40/service/core/v4/Users/1?fields=Id%2CName%2CPrimaryAuthenticationProvider.Id
VERBOSE: Parameters={
"fields": "Id,Name,PrimaryAuthenticationProvider.Id"
}
VERBOSE: GET https://192.168.50.40/service/core/v4/Users/1?fields=Id,Name,PrimaryAuthenticationProvider.Id with 0-byte payload
VERBOSE: received 62-byte response of content type application/json; charset=utf-8
VERBOSE: Enabling SSL on Windows platform
VERBOSE: Removing the trust everything callback
VERBOSE: Insecure=True
VERBOSE: Configuring SSL version support to be secure
VERBOSE: Disabling SSL on Windows platform
VERBOSE: Adding the trust everything callback
VERBOSE: ---Request---
VERBOSE: Headers={
"Accept": "application/json",
"Content-type": "application/json"
}
VERBOSE: Url=https://192.168.50.40/service/core/v4/UserGroups/3/Members/Remove
VERBOSE: Parameters=
VERBOSE: ---Request Body---
VERBOSE: [
{
"Id": 1,
"Name": "tw",
"PrimaryAuthenticationProvider": {
"Id": -1
}
}
]
VERBOSE: POST https://192.168.50.40/service/core/v4/UserGroups/3/Members/Remove with -1-byte payload
VERBOSE: received 2-byte response of content type application/json; charset=utf-8
VERBOSE: Enabling SSL on Windows platform
VERBOSE: Removing the trust everything callback
VERBOSE: Insecure=True
VERBOSE: Configuring SSL version support to be secure
VERBOSE: Disabling SSL on Windows platform
VERBOSE: Adding the trust everything callback
VERBOSE: ---Request---
VERBOSE: Headers={
"Accept": "application/json",
"Content-type": "application/json"
}
VERBOSE: Url=https://192.168.50.40/service/core/v4/UserGroups/3
VERBOSE: Parameters=
VERBOSE: GET https://192.168.50.40/service/core/v4/UserGroups/3 with 0-byte payload
VERBOSE: received 817-byte response of content type application/json; charset=utf-8
Id : 3
Name : Test
Description :
IdentityProvider : @{Id=-1; Name=Local; TypeReferenceName=Local; IdentityId=Test}
IsReadOnly : False
CreatedDate : 2024-08-01T09:04:40Z
CreatedByUserId : 2
CreatedByUserDisplayName : svc_idm
ModifiedDate : 2024-08-01T09:09:06Z
ModifiedByUserId : 2
ModifiedByUserDisplayName : svc_idm
DirectoryProperties :
Members : {}
DirectoryGroupSyncProperties : @{PrimaryAuthenticationProviderId=;
PrimaryAuthenticationProviderTypeReferenceName=Unknown;
PrimaryAuthenticationProviderName=; RequireCertificateAuthentication=False;
SecondaryAuthenticationProviderId=;
SecondaryAuthenticationProviderTypeReferenceName=Unknown;
SecondaryAuthenticationProviderName=; LinkDirectoryAccounts=False;
AllowPersonalAccounts=False; AdminRoles=System.Object[]} |
|
After running the script against the appliance that doesn't work (the 7.5.0.20689 appliance), what does the Safeguard Audit Log (Activity Center Reports) say happened? Is there an audit of the member being removed? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
There is a problem removing member from a Safeguard user group.
Adding of members is ok, removing is not working and doesn't throw any exception. The member is still in the group after removal.
I can fix the issue by removing the whole fields parameter in the following line.
safeguard-ps/src/groups.psm1
Line 637 in 071e54e
It looks like the delete operation needs more data of the user.
The text was updated successfully, but these errors were encountered: