Python SDK API Samples
All PAM360 APIs can be accessed through the Python SDK based the provided user role in PAM360, empowering the development of custom applications to perform data synchronization efficiently.
Sample codes for all available API methods within the PAM360 Python SDK are provided here for reference along with the relevant SDK exceptions.
You can also refer to the to the Python document to learn more about in detail.
Sample Codes for REST API using Python SDK
1. Resource Operations
Class - Resource
Constructor - Resource(service:PAMService)
Description - Creates a Resource entity class instance containing resource related functions with the PAMService.
Method |
Description |
create create_resource_model = ResourceModel( resource_name="CHTOW-T11-1108", dns_name="manageengine.com", resource_type="Windows", resource_group_name="Privileged Resources", resource_description="Workstation - 1108J6 - Virtual", domain_name="acme.com", department="System Administration", location="California", resource_password_policy="Strong", resource_custom_field={ "SERIES": "A" }, account_name="sysadmin", account_password="$rgvhTnCSD7h%", enable_private_key=True, owner_name="Anderson", notes="Auditing purpose", account_custom_field={ "LOCAL": True } ) resource_id: int = resource_entity.create(create_resource_model) print(f"Resource ID of the created Resource is {resource_id}") |
To create a new resource in PAM360 repository with the provided attributes. |
delete
resource_deletion_status: bool = resource_entity.delete(resource="CHTOW-T11-1108")
print(f"Resource Deletion Status is {resource_deletion_status}")
|
To delete a resource from the PAM360 repository with the provided resource ID or resource name as input. |
edit edit_resource_model = ResourceModel( resource_name="CHTOW-T11-1105", dns_name="gofrugal.com", resource_custom_field={ "SERIES": "B" }, ) print(resource_entity.edit(resource="CHTOW-T11-1109", resource_model=edit_resource_model)) |
To edit a resource in the PAM360 repository with the provided attributes. |
get_all_resource_types
resource_types_list: list[ResourceTypeDetails] = resource_entity.get_all_resource_types(
resource_type_filter_list=["Win"])
for resource_type in resource_types_list:
print(resource_type)
|
To get all resource types using a resource filter. |
get_associated_resource_groups
associated_resource_group_list: list[dict] = resource_entity.get_associated_resource_groups(resource="CHTOW-T11-1109")
for details in associated_resource_group_list:
print(details)
|
To fetch the list of resource groups associated with a resource using the resource name. |
get_resources_of_user
resource_details_list: list[ResourceDetails] = resource_entity.get_resources_of_user()
for details in resource_details_list:
print(details)
|
To fetch the list of resources that are shared or owned by the user. |
shareToUser resource_share_to_user_status: bool = (resource_entity.share_to_user(resource="CHTOW-65H3", user="john", access_type=ResourceConstant.AccessPermission.MODIFY)) print(f"Resource Share to User Status is {resource_share_to_user_status}") |
To share a resource to a user using the resource name and username as the input. |
sharetoUsergroups resource_share_to_user_group_status: bool = (resource_entity.share_to_user_group(resource="CHTOW-65H3", user_group="System Administration", access_type=ResourceConstant.AccessPermission.MODIFY)) print(f"Resource Share to User Group Status is {resource_share_to_user_group_status}") |
To share a resource to the user groups using the resource name and user group names as the input. |
2. Access Control Operations
Class - AccessControl
Constructor - AccessControl(service)
Description - Creates an Access Control entity class instance containing access control related functions.
Method |
Description |
approve_password_requests account_access_approval_status: bool = access_control_entity.approve_password_requests(account_name="sysadmin", resource_name="CHTOW-T11-1109", requester="Anderson") print(f"Account Access approval Status is {account_access_approval_status}") |
To approve a password access request raised by an user using the resource name and the requested username. |
check_in_admin account_checkin_by_admin_status: bool = access_control_entity.check_in_admin(account_name="aut-2k19", resource_name="CHTOW-T11-1109", requester="guest") print(f"Account Checkin by Admin Status is {account_checkin_by_admin_status}") |
To check in a password requested for an account as an administrator using the resource name, account name, and requester name. |
check_in_user account_checkin_by_user_status: bool = access_control_entity.check_in_user(account_name="sysadmin", resource_name="CHTOW-T11-1109") print(f"Account Checkin by User Status is {account_checkin_by_user_status}") |
To check in a password requested for an account as a user using the resource name and the account name. |
check_out_user account_checkout_status: bool = access_control_entity.check_out_user(account_name="sysadmin", resource_name="CHTOW-T11-1109") print(f"Account Checkout Status is {account_checkout_status}") |
To check out the password requested for an account post approval using the resource name and a reason. |
get_password_requests
password_requests_list: list[PasswordRequestDetails] = access_control_entity.get_password_requests()
for requests in password_requests_list:
print(requests)
|
To fetch the list of password access requests awaiting approval. |
reject_password_requests account_access_rejection_status: bool = access_control_entity.reject_password_requests(account_name="sysadmin", resource_name="CHTOW-T11-1109", requester="guest") print(f"Account Access rejection Status is {account_access_rejection_status}") |
To reject the password access request raised by an user using the resource name and the requested username. |
request_password_approval password_request_approval_status: str = access_control_entity.request_password_approval(account_name="sysadmin", resource_name="CHTOW-T11-1109", reason="Access to a Software") print(f"Password Request Approval Status is {password_request_approval_status}") |
To request password access to an account using the account name with the request reason. |
3. Account Operations
Class - Account
Constructor - Account(service)
Description - Creates an Account entity class instance containing accounts related operations.
Method |
Description |
create account_creation_status_list: list[dict] = account_entity.create(resource="CHTOW-T11-1109", account_model_list=[AccountModel(account_name="aud-2024", password="JhfEr54#*hb", account_password_policy="Strong", notes="Account for auditing purpose", record_rdp_sessions=True)]) for status in account_creation_status_list: print(status) |
To create a new account in a resource with the provided account attributes and the resource name. |
delete account_deletion_status: bool = account_entity.delete(resource_name="CHTOW-T11-1109", account_name="guest") print(f"Account Deletion Status is {account_deletion_status}") |
To delete an account in the resource with the provided resource name and account name as input. |
edit account_editing_status: bool = account_entity.edit(resource_name="CHTOW-T12-1106", account_name="guest", account_model=AccountModel(account_name="aut-2k23", notes="Account maintained in VM")) print(f"Account Editing Status is {account_editing_status}") |
To edit an account in a resource with the provided account attributes and the resource name. |
get_accounts_of_resource
account_details_list: list[AccountsOfResourceDetails] = account_entity.get_accounts_of_resource(resource="CHTOW-T12-1106")
for account in account_details_list:
print(account)
|
To fetch the list of accounts under a resource with the provided resource ID or resource name as input. |
get_details account_details: AccountDetails = account_entity.get_details(resource_name="CHTOW-T12-1106", account_name="sysadmin") print(account_details) |
To fetch the details of an account in a resource using the resource name and the account name. |
get_resource_and_accounts_id resource_and_account_id_details: ResourceAndAccountIdDetails = account_entity.get_resource_and_account_id(resource_name="CHTOW-T12-1106", account_name="guest") print(resource_and_account_id_details) |
To fetch the account ID and the relevant resource ID using the resource name and account name. |
shareToUser account_share_to_user_status: bool = account_entity.share_to_user(resource_name="CHTOW-T12-1106", account_name="aut-2k23", user="anderson", access_type=AccountConstant.AccessPermission.VIEW) print(f"Account Share to User Status is {account_share_to_user_status}") |
To share an account to a user using the resource name, account name, and username as the input. |
shareToUserGroup account_share_to_user_group_status: bool = ( account_entity.share_to_user_group(resource_name="CHTOW-T12-1106", account_name="aut-2k23", user_group="System Administration", access_type=AccountConstant.AccessPermission.MODIFY)) print(f"Account Share to User Group Status is {account_share_to_user_group_status}") |
To share a resource to the user groups using the resource name, account name, and user group names as the input. |
4. Password Operations
Class - Password
Constructor - Password(service)
Description - Creates a Password entity class instance containing the password related operations.
Method |
Description |
change_password_account resource_name = "CHTOW-T12-1106" account_name = "aut-2k23" new_password = "Drg56&*hjk$" password_reset_type = PasswordConstant.ResetType.LOCAL password_change_status: bool = password_entity.change_password_account(resource=resource_name, account=account_name, new_password=new_password, reset_type=password_reset_type) print(f"Password Changed Status is {password_change_status}") |
To change the password of an account using the resource name and account name |
generate_password
policy = "Strong>"
password = password_entity.generate_password(policy=policy)
print(f"Generated Password for Policy {policy} is {password}")
|
To generate a new password based on the provided policy. |
get_password_account resource_name = "CHTOW-T12-1106" account_name = "aut-2k23" password = password_entity.get_password_account(resource=resource_name, account=account_name) print(f"Password of Account {account_name} under Resource {resource_name} is {password}") |
To fetch the password of an account using the provided resource name and account name. |
get_password_policies print(password_entity.get_password_policies()) |
To fetch all the available password policies in the organization. |
validate_password policy_name = "Strong" password = "fyuiKEFD34#%" password_validation_status: bool = password_entity.validate_password(policy=policy_name, password=password) print(f"Validation Status of Password {password} against Policy {policy_name} is {password_validation_status}") |
To validate if the password is adhered to the password policy. |
5. User Operations
Class - User
Constructor - User(PAMService service, APIRequestHandler rest)
Description - Creates a User entity class instance containing the user related operations.
Method |
Description |
add_to_user_group user_to_user_group_addition_status: bool = user_entity.add_to_user_group(user_name="anderson", user_group_name="SDP Group") print(f"User to User Group Addition Status is {user_to_user_group_addition_status}") |
To add a user to a user group using the username and user group name as input. |
create_user create_user_model = UserModel( first_name="Samuel", last_name="Anderson", user_name="sam-anderson", password="WrE#RTgHBj%6", password_policy="Strong", role="Administrator", email="sam.anderson@zykler.com", department="System Administration", location="Noida", web_access=True, language_code="english", mobile_access=True, addon_access=True, restapi_access=True, auth_token_validity=datetime.today() + timedelta(days=180), hostcheck=True, hostname="sam-7276" ) created_user_details: UserDetails = user_entity.create_user(user_model=create_user_model) print(f"User Creation Status message: {created_user_details.message}") print(f"User API Auth Token: {created_user_details.auth_token}") |
To create a new user account for PAM360 access with the provided user attributes as the input. |
delete_user
deletion_status: bool = user_entity.delete_user(user="sam-anderson")
print(f"User Deletion Status is {deletion_status}")
|
To delete a user account using the username. |
delete_user_groups user_group_deletion_status_list: list[dict] = user_entity.delete_user_groups(user_group_list=["System Administration", "Interns and Trainees"]) for status in user_group_deletion_status_list: print(status) |
To delete a user group using the user group name or user group ID. |
edit_user edit_user_model = UserModel(auth_token_validity=datetime.today() + timedelta(days=90), ) edited_user_details: UserDetails = user_entity.edit_user(user="sam-anderson", user_model=edit_user_model) print(f"Edited User Status message: {edited_user_details.message}") |
To edit the PAM360 user account with the provided user attributes as the input. |
get_user_group_id
user_group_id: int = user_entity.get_user_group_id(user_group_name="SDP Group")
print(f"User Group ID is {user_group_id}")
|
To fetch the user group ID of a user group using the user group name. |
get_user_id
user_id: int = user_entity.get_user_id(user_name="sam-anderson")
print(f"User ID of the User is {user_id}")
|
To fetch the user ID of a user using the username from a specified organization. |
lock
user_lock_statu: bool = user_entity.lock(user_name="sam-anderson")
print(f"User Lock Status is {user_lock_statu}")
|
To lock a user account using the username. |
auth_token
auth_token: str = user_entity.regenerate_auth_token(expiry_date=datetime.today() + timedelta(days=28))
print(f"Regenerated User RestAPI Auth Token is {auth_token}")
|
To regenerate the authentication token of the current SDK user. |
remove_from_user_group user_removal_from_user_group_status_list: list[dict] = user_entity.remove_from_user_group(user_list=["sam-anderson", 1], user_group="SDP Group") for status in user_removal_from_user_group_status_list: print(status) |
To remove a user from a user group using the username and user ID with the user group name or user group ID. |
reset_multi_factor_authentication
mfa_reset_status: bool = user_entity.reset_multi_factor_authentication(user_name="sam-anderson")
print(f"MFA Reset Status is {mfa_reset_status}")
|
To reset the Multi-Factor Authentication of a user using the username. |
unlock
user_unlock_status: bool = user_entity.unlock(user_name="sam-anderson")
print(f"User Unlock Status is {user_unlock_status}")
|
To unlock a user account using the username. |
6. Resource Group Operations
Class - ResourceGroup
Constructor - ResourceGroup(service:PAMService)
Description - Creates a Resource Group class instance containing the resource group related operations.
Method |
Description |
associate_resources resource_group_association_status_list: list[dict] = resource_group_entity.associate_resources( resources_list=["CHTOW-T12-1106", "CHTOW-T09-1109"], resource_group="sysadmin resources", resource_group_owner="sam-anderson") for status in resource_group_association_status_list: print(status) |
To associate resources to a static resource group using the resource ID and resource group ID or resource name and resource group name. |
create create_resource_group = ResourceGroupModel( resource_group_name="VM Windows Resources", parent_group="VM Instance Resources", group_type=ResourceGroupConstant.GroupType.DYNAMIC, description="Resources maintained in Virtual Machines", password_policy="Strong", dynamic_group_criteria_list=[DynamicGroupCriteria(condition=ResourceGroupConstant.Condition.RESOURCE_NAME, value="VM"), DynamicGroupCriteria(condition=ResourceGroupConstant.Condition.RESOURCE_TYPE, value="Windows")], match_all_criteria=True ) resource_group_creation_status: bool = resource_group_entity.create(resource_group_model=create_resource_group, user="sam-anderson") print(f"Resource Group Creation Status is {resource_group_creation_status}") |
To create a dynamic resource group with the provided attributes. |
delete resource_group_deletion_status: bool = resource_group_entity.delete(resource_group="Intern Resources", resource_group_owner="sam-anderson") print(f"Resource Group Deletion Status is {resource_group_deletion_status}") |
To delete a resource group using the resource name. |
disassociate_resources resource_group_dissociation_status_list: list[dict] = resource_group_entity.dissociate_resources( resources_list=["CHTOW-T12-1106", "CHTOW-T08-1109"], resource_group="Intern Resources", resource_group_owner="sam-anderson") for status in resource_group_dissociation_status_list: print(status) |
To dissociate resources to a static resource group using the resource ID and resource group ID or resource name and resource group name. |
get_id resource_group_id: int = resource_group_entity.get_id(resource_group_name="VM Windows Resources", user="sam-anderson") print(f"Resource Group ID is {resource_group_id}") |
To fetch the resource group ID using the resource group name. |
get_resource_groups_of_user resource_group_details_list: list[ResourceGroupDetails] = resource_group_entity.get_resource_groups_of_user() for details in resource_group_details_list: print(details) |
To fetch all resource groups owned or shared to your user account. |
7. Audit Operations
Class - Audit
Constructor - Audit(service:PAMService)
Description - Creates an Audit entity class instance with the audit related operation.
Method |
Description |
get_details
audit_model = AuditModel(audit_type=AuditConstant.Type.RESOURCE, date=datetime.datetime.today())
print(audit_entity.get_details(audit_model=audit_model))
|
To fetch the resource and user audit details from the PAM360 repository. |
Python SDK Exceptions
Whenever the API returns an error response, the response will be an instance of any one of the exception classes based on the type of exception.
- SDKConnectionError - Exception occurs when the PAM360 SDK fails to connect with the PAM360 server.
- SDKRegistrationError - Occurs when there is an issue while registering the Python application/services with the PAM360 SDK in the PAM360 application.
- SDKOperationFailedError - This exception occurs when an intended API operation fails after passing the necessary inputs.
- SDKInvalidArgumentError - Exception occurs when an API input is parsed with an invalid data type.
All other exceptions such as SDK anomalies and other unexpected behaviors are thrown under the SDKError class.