Symantec Privileged Access Management

Hi there,

Does anyone know the format of the "Group.permissions" parameter to CLI command "updateGroup"?

The online document only says that it is "Array list object of filters, or XML encoded ArrayList of filters. If not set, the filters are cleared."

Regards,
Jiangping Li

Group.permissions would contain the filters for a Target Group. These would be listed as a Java ArrayList. Are you trying to update a Target Group through the CLI?
Original Message:
Sent: 07-08-2020 04:03 AM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hi there,

Does anyone know the format of the "Group.permissions" parameter to CLI command "updateGroup"?

The online document only says that it is "Array list object of filters, or XML encoded ArrayList of filters. If not set, the filters are cleared."

Regards,
Jiangping Li

Hello, Can you clarify what you are trying to achieve? If you are trying to add filters to an existing target group, use command addFilter. You can use the searchFilter command to look for existing filters for a group, including the filter IDs, which you could then use with a deleteFilter command to delete filters that you no longer want in the group. I couldn't figure out the Group.permissions syntax on a modest attempt, but I would be using the addFilter/searchFilter/deleteFilter commands to manage group filters even if I knew the syntax. Having all filters wiped out if you make a mistake in the Group.permissions value would be a concern. There may be a problem in PAM, because the searchGroup command returns an empty list even when filters are defined.
Original Message:
Sent: 07-08-2020 04:03 AM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hi there,

Does anyone know the format of the "Group.permissions" parameter to CLI command "updateGroup"?

The online document only says that it is "Array list object of filters, or XML encoded ArrayList of filters. If not set, the filters are cleared."

Regards,
Jiangping Li

Thanks Guys for your reply.

I am trying to updateGroup, maybe the description of the group.
The problem with the updateGroup command is that if you don't provide a list of Group.permissions, then the existing ones will be wiped out. This is why I am trying to figure out the format of it.

Regards,
Jiangping Li
Original Message:
Sent: 07-09-2020 07:35 PM
From: Ralf Prigl
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hello, Can you clarify what you are trying to achieve? If you are trying to add filters to an existing target group, use command addFilter. You can use the searchFilter command to look for existing filters for a group, including the filter IDs, which you could then use with a deleteFilter command to delete filters that you no longer want in the group. I couldn't figure out the Group.permissions syntax on a modest attempt, but I would be using the addFilter/searchFilter/deleteFilter commands to manage group filters even if I knew the syntax. Having all filters wiped out if you make a mistake in the Group.permissions value would be a concern. There may be a problem in PAM, because the searchGroup command returns an empty list even when filters are defined.
Original Message:
Sent: 07-08-2020 04:03 AM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hi there,

Does anyone know the format of the "Group.permissions" parameter to CLI command "updateGroup"?

The online document only says that it is "Array list object of filters, or XML encoded ArrayList of filters. If not set, the filters are cleared."

Regards,
Jiangping Li

Ok, good point. We'll figure it out and get back to you.
Original Message:
Sent: 07-09-2020 07:55 PM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Thanks Guys for your reply.

I am trying to updateGroup, maybe the description of the group.
The problem with the updateGroup command is that if you don't provide a list of Group.permissions, then the existing ones will be wiped out. This is why I am trying to figure out the format of it.

Regards,
Jiangping Li
Original Message:
Sent: 07-09-2020 07:35 PM
From: Ralf Prigl
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hello, Can you clarify what you are trying to achieve? If you are trying to add filters to an existing target group, use command addFilter. You can use the searchFilter command to look for existing filters for a group, including the filter IDs, which you could then use with a deleteFilter command to delete filters that you no longer want in the group. I couldn't figure out the Group.permissions syntax on a modest attempt, but I would be using the addFilter/searchFilter/deleteFilter commands to manage group filters even if I knew the syntax. Having all filters wiped out if you make a mistake in the Group.permissions value would be a concern. There may be a problem in PAM, because the searchGroup command returns an empty list even when filters are defined.
Original Message:
Sent: 07-08-2020 04:03 AM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hi there,

Does anyone know the format of the "Group.permissions" parameter to CLI command "updateGroup"?

The online document only says that it is "Array list object of filters, or XML encoded ArrayList of filters. If not set, the filters are cleared."

Regards,
Jiangping Li

This has not been forgotten, but turned out to be rather complicated with no readily available answer. We are still trying to figure a way to do this, but have not found the time yet. You may need to open a support case if this is pressing.
Original Message:
Sent: 07-09-2020 10:52 PM
From: Ralf Prigl
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Ok, good point. We'll figure it out and get back to you.
Original Message:
Sent: 07-09-2020 07:55 PM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Thanks Guys for your reply.

I am trying to updateGroup, maybe the description of the group.
The problem with the updateGroup command is that if you don't provide a list of Group.permissions, then the existing ones will be wiped out. This is why I am trying to figure out the format of it.

Regards,
Jiangping Li
Original Message:
Sent: 07-09-2020 07:35 PM
From: Ralf Prigl
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hello, Can you clarify what you are trying to achieve? If you are trying to add filters to an existing target group, use command addFilter. You can use the searchFilter command to look for existing filters for a group, including the filter IDs, which you could then use with a deleteFilter command to delete filters that you no longer want in the group. I couldn't figure out the Group.permissions syntax on a modest attempt, but I would be using the addFilter/searchFilter/deleteFilter commands to manage group filters even if I knew the syntax. Having all filters wiped out if you make a mistake in the Group.permissions value would be a concern. There may be a problem in PAM, because the searchGroup command returns an empty list even when filters are defined.
Original Message:
Sent: 07-08-2020 04:03 AM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hi there,

Does anyone know the format of the "Group.permissions" parameter to CLI command "updateGroup"?

The online document only says that it is "Array list object of filters, or XML encoded ArrayList of filters. If not set, the filters are cleared."

Regards,
Jiangping Li

Thanks Ralf for your help.

Yeah, I have opened a support case with Broadcom.

Regards,
Jiangping Li
Original Message:
Sent: 08-02-2020 01:19 PM
From: Ralf Prigl
Subject: "Group.permissions" parameter to CLI command "updateGroup"

This has not been forgotten, but turned out to be rather complicated with no readily available answer. We are still trying to figure a way to do this, but have not found the time yet. You may need to open a support case if this is pressing.
Original Message:
Sent: 07-09-2020 10:52 PM
From: Ralf Prigl
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Ok, good point. We'll figure it out and get back to you.
Original Message:
Sent: 07-09-2020 07:55 PM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Thanks Guys for your reply.

I am trying to updateGroup, maybe the description of the group.
The problem with the updateGroup command is that if you don't provide a list of Group.permissions, then the existing ones will be wiped out. This is why I am trying to figure out the format of it.

Regards,
Jiangping Li
Original Message:
Sent: 07-09-2020 07:35 PM
From: Ralf Prigl
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hello, Can you clarify what you are trying to achieve? If you are trying to add filters to an existing target group, use command addFilter. You can use the searchFilter command to look for existing filters for a group, including the filter IDs, which you could then use with a deleteFilter command to delete filters that you no longer want in the group. I couldn't figure out the Group.permissions syntax on a modest attempt, but I would be using the addFilter/searchFilter/deleteFilter commands to manage group filters even if I knew the syntax. Having all filters wiped out if you make a mistake in the Group.permissions value would be a concern. There may be a problem in PAM, because the searchGroup command returns an empty list even when filters are defined.
Original Message:
Sent: 07-08-2020 04:03 AM
From: Jiangping Li
Subject: "Group.permissions" parameter to CLI command "updateGroup"

Hi there,

Does anyone know the format of the "Group.permissions" parameter to CLI command "updateGroup"?

The online document only says that it is "Array list object of filters, or XML encoded ArrayList of filters. If not set, the filters are cleared."

Regards,
Jiangping Li