Skip to main content

Find User Account Mappings

Find user-to-account mappings in the identity store. The command uses the PV_USER_ACCOUNT_MAPPING public view to find data. Any filters passed should apply to this public view.

GET https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings

Request

Parameters

findUserAccountMappings
formatproperties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.

json - Returns the response as JSON.

csv - Returns the response as comma-separated values.

tsv - Returns the response as tab-separated values.

xml - Returns the response as XML.
delimiterThe delimiter to use between values for csv and properties formats
returnColumns

The names of the columns to return. returnColumns may be a CSV list of multiple column names. The parameter may also be listed multiple times (ie returnColumns=col1,col2&returnColumns=col3,col4)

Refer to Columns table below.
returnMaxRowsThe maximum number of objects to return
distincttrue, false Returns only distinct values, equivalent to the distinct keyword in SQL.
sortByColumns

The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified.

Refer to Columns table below.
sortDirectionDetermines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used.
includeHeaderRowtrue, false Include column headers when the return format is csv or tsv. (Default) true
ignoreCasetrue, false Returns case-insensitive search results for specified filter parameters. (Default) false

Filter Parameters

Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_USER_ACCOUNT_MAPPING public view.

Query logic

ScenarioBehavior
Two different parameters: state=Valid&adc_id=1AND. Returns valid mappings from collector 1.
Same parameter repeated: adc_id=1&adc_id=4OR within that field. Returns mappings from collector 1 or 4.
Mixed: state=Valid&adc_id=1&adc_id=4(state is Valid) AND (adc_id is 1 or 4)
OR logic across different parameters is not supported

A single API call cannot return mappings where state=Valid OR adc_id=1. OR logic between different filter parameters is not supported.

Workaround: Make separate requests for each filter condition. Merge and deduplicate the results client-side.

Columns

account_id[Foreign Key referencing ACCOUNT.ID] Account linked to the user
user_id[Foreign Key referencing USERS.ID] User the account is mapped to
adc_id[Foreign Key referencing the Account Collector] Collector that owns this account
stateCurrent state of the mapping. Valid = active and confirmed mapping
commentsComments about this mapping
creation_dateDate and time the mapping was created
created_by[Foreign Key referencing USERS.ID] User ID of who created the mapping
deletion_dateDate and time the mapping was removed
deleted_by[Foreign Key referencing USERS.ID] User ID of who removed the mapping
is_deleted_usery, n Whether the mapped user has been deleted
add_statePending add workflow state. 0 = no pending add
remove_statePending remove workflow state. 0 = no pending remove
is_maskedN, Y Whether this mapping record is masked for privacy
masking_run_idID of the masking run that anonymized this record
last_reviewed_dateDate the mapping was last reviewed
property_a_map_1Custom property mapping field
cas3 … casNCustom string-type attribute values. Reference names are configured per instance.

Headers

Bearer token
Acceptapplication/json
Content-Typeapplication/json

Response

Parameters

The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.

Examples

All columns

Omit returnColumns to return every field for each mapping.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"

Response

{
"findUserAccountMappings": [
{
"account_id": "55",
"user_id": "31",
"adc_id": "4",
"comments": "",
"creation_date": "2024-03-19 21:20:36.0",
"created_by": "",
"deletion_date": "2026-06-05 08:36:37.0",
"deleted_by": "",
"state": "Valid",
"is_deleted_user": "n",
"add_state": "0",
"remove_state": "0",
"is_masked": "N",
"masking_run_id": "",
"property_a_map_1": "",
"last_reviewed_date": "",
"cas3": ""
},
{
"account_id": "75",
"user_id": "35",
"adc_id": "1",
"comments": "",
"creation_date": "2024-04-04 12:40:20.0",
"created_by": "",
"deletion_date": "",
"deleted_by": "",
"state": "Valid",
"is_deleted_user": "n",
"add_state": "0",
"remove_state": "0",
"is_masked": "N",
"masking_run_id": "",
"property_a_map_1": "",
"last_reviewed_date": "",
"cas3": ""
}
]
}

Specific columns

Use returnColumns to limit the response to the fields you need.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=json&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state,creation_date" \
-H "Authorization: Bearer <token>"

Response

{
"findUserAccountMappings": [
{
"account_id": "55",
"user_id": "31",
"adc_id": "4",
"state": "Valid",
"creation_date": "2024-03-19 21:20:36.0"
},
{
"account_id": "75",
"user_id": "35",
"adc_id": "1",
"state": "Valid",
"creation_date": "2024-04-04 12:40:20.0"
},
{
"account_id": "42564",
"user_id": "0",
"adc_id": "95",
"state": "Valid",
"creation_date": "2024-04-29 16:09:51.0"
}
]
}

Filter by a single value

Pass any column name as a query parameter to filter results. The example returns mappings where state is Valid.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=json&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state&state=Valid" \
-H "Authorization: Bearer <token>"

Response

{
"findUserAccountMappings": [
{
"account_id": "55",
"user_id": "31",
"adc_id": "4",
"state": "Valid"
},
{
"account_id": "75",
"user_id": "35",
"adc_id": "1",
"state": "Valid"
},
{
"account_id": "42564",
"user_id": "0",
"adc_id": "95",
"state": "Valid"
}
]
}

Filter with OR logic

Repeat the same parameter with different values to match any of them. The example returns mappings where adc_id is 1 or 4.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=json&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state&adc_id=1&adc_id=4" \
-H "Authorization: Bearer <token>"

Response

{
"findUserAccountMappings": [
{
"account_id": "75",
"user_id": "35",
"adc_id": "1",
"state": "Valid"
},
{
"account_id": "1693289",
"user_id": "48",
"adc_id": "1",
"state": "Valid"
},
{
"account_id": "1694515",
"user_id": "3",
"adc_id": "1",
"state": "Valid"
}
]
}

Case-insensitive filter

Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The example passes state=valid in lowercase and still returns mappings with the stored value Valid.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=json&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state&state=valid&ignoreCase=true" \
-H "Authorization: Bearer <token>"

Response

{
"findUserAccountMappings": [
{
"account_id": "55",
"user_id": "31",
"adc_id": "4",
"state": "Valid"
},
{
"account_id": "75",
"user_id": "35",
"adc_id": "1",
"state": "Valid"
},
{
"account_id": "42564",
"user_id": "0",
"adc_id": "95",
"state": "Valid"
}
]
}

Sort ascending

Use sortByColumns with a column name and sortDirection=asc to sort results from lowest to highest. The example sorts by account_id.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=json&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state&sortByColumns=account_id&sortDirection=asc" \
-H "Authorization: Bearer <token>"

Response

{
"findUserAccountMappings": [
{
"account_id": "1",
"user_id": "12",
"adc_id": "4",
"state": "Valid"
},
{
"account_id": "2",
"user_id": "9",
"adc_id": "4",
"state": "Valid"
},
{
"account_id": "3",
"user_id": "40",
"adc_id": "4",
"state": "Valid"
}
]
}

Sort descending

Set sortDirection=desc to reverse the order.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=json&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state&sortByColumns=account_id&sortDirection=desc" \
-H "Authorization: Bearer <token>"

Response

{
"findUserAccountMappings": [
{
"account_id": "2894792",
"user_id": "36291",
"adc_id": "815",
"state": "Valid"
},
{
"account_id": "2892434",
"user_id": "48667",
"adc_id": "876",
"state": "Valid"
},
{
"account_id": "2891734",
"user_id": "46579",
"adc_id": "876",
"state": "Valid"
}
]
}

CSV with custom delimiter

Set format=csv for a comma-separated response. Use delimiter to change the separator character.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=csv&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state&delimiter=~" \
-H "Authorization: Bearer <token>"

Response

account_id~user_id~adc_id~state
55~31~4~Valid
75~35~1~Valid
42564~0~95~Valid

CSV without header row

Set includeHeaderRow=false when your downstream system expects raw data rows without a header.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUserAccountMappings&format=csv&returnMaxRows=3&returnColumns=account_id,user_id,adc_id,state&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"

Response

55,31,4,Valid
75,35,1,Valid
42564,0,95,Valid

Error responses

A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_USER_ACCOUNT_MAP public view.

<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findUserAccountMappings'. Token is invalid or expired</body>
</html>

Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.