Closed SecurityAura closed 5 years ago
pspete
commented
5 years ago Hi @Aurakal .
it looks like you have discovered that you can use the parameters available to work past your issue - you can likely combine -limit with -offset to get more results too.
SecurityAura
commented
5 years ago Hi @pspete
Yup, I did. Maybe this default limit should be documented somehow though, or at least dropped (in that case, take that "Issue" as an enhancement request if that's okay with you).
pspete
commented
5 years ago I'll add a clarification to the help text for the parameter in the next release of the module
SecurityAura
commented
5 years ago Awesome, thank you.
Expected Behaviour
When using the Get-PASAccount on CyberArk v10.4 and above, if multiple accounts are found in a search, all of them should be returned, and the exact number of matching accounts should be returned as well.
Current Behaviour
At the moment, when using Get-PASAccount on CyberArk v10.8, multiple accounts are found in a search, however, it seems to cap the limit of accounts returned at 100.
Possible Solution
Could be a limitation with either the CyberArk API itself, or psPAS.
Steps to Reproduce (for bug reports)
1 . Import-Module psPAS 2 . $creds = Get-Credential 3 . $token = New-PASSession -Credential $creds -BaseURI https://PVWA-URL-REDACTED.com -Verbose 4 . $accounts = $token | Get-PASAccount -Search "$SEARCH_TERM_OF_ABOVE_100_RESULTS"
Sample Output
Context
I'm trying to get a list of all the accounts in the Vault that matches a certain keyword (search), however, if there are more than 100 accounts in that search, I need all of them.
Edit: I just checked in the API documentation, and assuming that Get-PASAccount uses "Get accounts", the limit should be 1,000.
That 1,000 limit is also seen in the Get-PASAccount method.
Edit 2: Seems that if I use the "-Limit" parameter and set it to 1000, it works. However, I think that by defaults, all accounts should be returned, and not just the first 100 as it can be misleading.