# Compliance command
### Overview
This is the set of commands which we use related to sharing with user
1. [Compliance Report](#compliance-report)
2. [Compliance Team Report](#compliance-team-report)
3. [Compliance Record Access Report](#compliance-record-access-report)
4. [Compliance Summary Report](#compliance-summary-report)
5. [Compliance Shared Folder Report](#compliance-shared-folder-report)
### Compliance Report
The `compliance-report` command allows administrators to generate compliance reports from the command line just as they would in the Keeper Admin Console. It provides visibility into record permissions by node, user, and record title, supports filtering by owned or shared records, and enables exporting the results to a file for auditing, analysis, or record-keeping purposes.
DotNet CLI
**Command:** Coming Soon
DotNet SDK
**Function:** Coming Soon
Power Commander
**Command:** Coming Soon
Python CLI
**Command:** `compliance report`
**Flags:**
`--format` : Format of output `{table,csv,json}.`\
`--output` : Output path to resulting output file (ignored for "table" format).\
`--rebuild`, `-r` : rebuild local data from source.\
`--no-rebuild`, `-nr` : prevent remote data fetching if local cache present.\
`--no-cache`, `-nc` : remove any local non-memory storage of data after report is generated.\
`--node` : Node ID or name of node (defaults to root node).\
`--regex` : Allow use of regular expressions in search criteria.\
`--username,` `-u` : Username user(s) whose records are to be included in report.\
`--job-title`, `-jt` : JOB\_TITLE job title(s) of users whose records are to be included in report.\
`--team` : Team name or UID of team(s) whose members' records are to be included in report.\
`--record` : Record UID or title of record(s) to include in report.\
`--url URL` : URL of record(s) to include in report.\
`--shared` : Show shared records only.\
`--deleted-items` : Show deleted records only.\
`--active-items` : Show active records only.
**Example:**
```
My Vault> compliace report
Record UID Title Record Type Username Permissions URL In Trash Shared Folder UID
---------------------- -------------------------------------------------- ----------------------- --------------------------------------- ---------------------------- ----------------------------------------------- ---------- ----------------------
0PrTTeT6kvFiX26iT44LXA L login ujjwalkr@metronlabs.com owner,edit,share,share_admin True
0Whot6iNYx9nIFNZu3QP1A Gateway test - VNC Machine pamMachine anita.pohane@metronlabs.com owner,edit,share,share_admin True
0hm9atvqJI5sHI61r1NJZQ Facebook login prathmesh.vagare@metronlabs.com owner,edit,share,share_admin facebook.com False
0oPd6C358MuQT-GzOvlA8Q Workflow - VNC Machine pamMachine anita.pohane@metronlabs.com owner,edit,share,share_admin False t5qV_CaToHs7sOFmyUdbaQ
```
Python SDK
**Function:**
```python
def generate_default_report(self) -> List[ComplianceReportEntry]:
```
### Compliance Team Report
Shared folders can be shared with both Keeper Teams and individual users. The compliance report provides visibility into shared folder access, allowing administrators to view the permissions and access levels that each team has to these shared folders.
DotNet CLI
**Command:** Coming Soon
DotNet SDK
**Function:** Coming Soon
Power Commander
**Command:** Coming Soon
Python CLI
**Command:** `compliance team-report`
**Flags:**
`--format` : Format of output `{table,csv,json}.`\
`--output` : Output path to resulting output file (ignored for "table" format).\
`--rebuild`, `-r` : Rebuild local data from source.\
`--no-rebuild`, `-nr` : Prevent remote data fetching if local cache present.\
`--no-cache`, `-nc` : Remove any local non-memory storage of data after report is generated.\
`--node` : Node ID or name of node (defaults to root node).\
`--regex` : Allow use of regular expressions in search criteria.\
`--show-team-users`, `-tu` : show all members of each team.
**Example:**
```
My Vault> compliance team-report
Team Access Report
Team Name Team UID Shared Folder Name Shared Folder UID Permissions Records
----------- ---------- -------------------- ------------------- ------------- ---------
```
Python SDK
**Function:**
```python
def generate_team_report(self) -> List[TeamReportEntry]:
```
### Compliance Record Access Report
The compliance record-access report provides a list of all records that have either (a) been accessed by or (b) are currently accessible to specified user(s). The report also includes relevant event details such as the application used, IP address, timestamp, and other associated access information for auditing and compliance purposes.
DotNet CLI
**Command:** Coming Soon
DotNet SDK
**Function:** Coming Soon
Power Commander
**Command:** Coming Soon
Python CLI
**Command:** `compliance record-access-report`
**Flags:**
`--format` : Format of output `{table,csv,json}.`\
`--output` : Output path to resulting output file (ignored for "table" format).\
`--rebuild`, `-r` : Rebuild local data from source.\
`--no-rebuild`, `-nr` : Prevent remote data fetching if local cache present.\
`--no-cache`, `-nc` : Remove any local non-memory storage of data after report is generated.\
`--node` : Node ID or name of node (defaults to root node).\
`--regex` : Allow use of regular expressions in search criteria.\
`--username,` `-u` : Username user(s) whose records are to be included in report.\
`--email`, `-e` : Email username(s) or ID(s), use "@all" for all users.\
`--report-type` : Type of record-access data: "history" or "vault" `{history,vault}.`\
`--aging` : Include record-aging data.
**Example:**
```
My Vault> compliance record-access-report
Record Access Report (history)
Vault Owner Record UID Record Title Record Type Record URL Has Attachments In Trash Record Owner IP Address Device Last Access
--------------------------------- ---------------------- --------------------------------- ----------------------- ------------- ----------------- ---------- --------------------------------- ------------ ---------------- -------------------
anant.mangalampalli+test@metro... ZMwO7u9zJ9bpgmKHDND7WA PAM Test - MySQL Database pamDatabase False False anant.mangalampalli@metronlabs... 10.15.12.71 Web App 17.6.0 2026-02-12 12:16:13
anant.mangalampalli@metronlabs... 2-_yTwwBwcKVU6NmmmShjg PAM Test Dev - VNC Admin pamUser False False anant.mangalampalli@metronlabs... 10.15.12.71 Web App 17.6.0 2026-02-13 16:45:21
2HnszgPlJ0sZ-tmfXPMglw PAM Test Dev - RDP Admin pamUser False False anant.mangalampalli@metronlabs... 10.15.12.71 Web App 17.6.0 2026-02-13 16:45:23
2fD3NGhYtxHlYMc3Q8byCw Commander Service Mode login True False anant.mangalampalli@metronlabs... 10.15.11.145 Web App 17.4.1 2025-10-10 15:20:26
6pQAU-fq-oF-fikPZm7wHQ PAM Test Dev - SSH Machine wit... pamMachine False False anant.mangalampalli@metronlabs... 10.15.12.71 Commander 17.2.0 2026-02-13 16:51:49
My Vault> compliance record-access-report --aging
Record Access Report (history)
Vault Owner Record UID Record Title Record Type Record URL Has Attachments In Trash Record Owner IP Address Device Last Access Created Last Pw Change Last Modified Last Rotation
--------------------------------- ---------------------- --------------------------------- ----------------------- ------------- ----------------- ---------- --------------------------------- ------------ ---------------- ------------------- ------------------- ------------------- ------------------- ---------------
anant.mangalampalli+test@metro... ZMwO7u9zJ9bpgmKHDND7WA PAM Test - MySQL Database pamDatabase False False anant.mangalampalli@metronlabs... 10.15.12.71 Web App 17.6.0 2026-02-12 12:16:13 2026-02-12 01:15:33 2026-02-12 01:15:33 2026-02-12 21:45:39
anant.mangalampalli@metronlabs... 2-_yTwwBwcKVU6NmmmShjg PAM Test Dev - VNC Admin pamUser False False anant.mangalampalli@metronlabs... 10.15.12.71 Web App 17.6.0 2026-02-13 16:45:21 2026-02-13 16:45:21 2026-02-13 16:45:21 2026-02-13 16:45:21
2HnszgPlJ0sZ-tmfXPMglw PAM Test Dev - RDP Admin pamUser False False anant.mangalampalli@metronlabs... 10.15.12.71 Web App 17.6.0 2026-02-13 16:45:23 2026-02-13 16:45:23 2026-02-13 16:45:23 2026-02-13 16:45:23
```
Python SDK
**Function:**
```python
def generate_record_access_report(self, report_type: str = REPORT_TYPE_HISTORY) -> List[RecordAccessReportEntry]:
```
### Compliance Summary Report
The compliance summary report displays aggregated information about records within the enterprise, grouped by record owner by default. Support for grouping by additional entities may be added in future enhancements to this feature.
DotNet CLI
**Command:** Coming Soon
DotNet SDK
**Function:** Coming Soon
Power Commander
**Command:** Coming Soon
Python CLI
**Command:** `compliance summary-report`
**Flags:**
`--format` : Format of output `{table,csv,json}.`\
`--output` : Output path to resulting output file (ignored for "table" format).\
`--rebuild`, `-r` : Rebuild local data from source.\
`--no-rebuild`, `-nr` : Prevent remote data fetching if local cache present.\
`--no-cache`, `-nc` : Remove any local non-memory storage of data after report is generated.\
`--node` : Node ID or name of node (defaults to root node).\
`--regex` : Allow use of regular expressions in search criteria.
**Example:**
```
My Vault> compliance summary-report --rebuild
Compliance Summary Report
Email Total Items Total Owned Active Owned Deleted Owned
--------------------------------------- ------------- ------------- -------------- ---------------
prathmesh.vagare@metronlabs.com 29 26 26 0
anant.mangalampalli@metronlabs.com 46 43 21 22
sharad.dubey@metronlabs.com 2 2 2 0
ujjwalkr@metronlabs.com 25 23 14 9
srujan.kachhwaha@metronlabs.com 0 0 0 0
satish.gaddala@metronlabs.com 0 0 0 0
ujjwal.kumar@metronlabs.com 25 22 21 1
anita.pohane@metronlabs.com 105 101 44 57
zoro@metronlabs.com 0 0 0 0
test@demo.com 0 0 0 0
anita.pohane+test@metronlabs.com 0 0 0 0
anant.mangalampalli+test@metronlabs.com 1 0 0 0
nomahod300@homuno.com 6 0 0 0
abdul.deshmukh@metronlabs.com 0 0 0 0
talir60426@esyline.com 0 0 0 0
aditya.muley+32@gmail.com 0 0 0 0
TOTAL 239 217 128 89
```
Python SDK
**Function:**
```python
def generate_summary_report(self) -> List[SummaryReportEntry]:
```
### Compliance Shared Folder Report
Similar to the `compliance team-report` command, this command generates a report detailing the access that all entities—both teams and individual users—have to all shared folders across the enterprise.
DotNet CLI
**Command:** Coming Soon
DotNet SDK
**Function:** Coming Soon
Power Commander
**Command:** Coming Soon
Python CLI
**Command:** `compliance shared-folder-report`
**Flags:**\
`--format` : Format of output `{table,csv,json}.`\
`--output` : Output path to resulting output file (ignored for "table" format).\
`--rebuild`, `-r` : Rebuild local data from source.\
`--no-rebuild`, `-nr` : Prevent remote data fetching if local cache present.\
`--no-cache`, `-nc` : Remove any local non-memory storage of data after report is generated.\
`--node` : Node ID or name of node (defaults to root node).\
`--regex` : Allow use of regular expressions in search criteria.\
`--show-team-users`, `-tu` : Show all members of each team.
**Example:**
```
My Vault> compliance shared-folder-report --no-rebuild
Shared Folder Report
Shared Folder UID Team UID Team Name Record UID Record Title Email
---------------------- ---------- ----------- ---------------------- -------------------------------------------------- ----------------------------------
GJCmJHY9a05AzaPpsJivkA bV41wijyqUqpoxk4QBShVw Test Configuration prathmesh.vagare@metronlabs.com
XtxaE5xeF6E5_qpLtkKuMA Test - MySQL Admin User
io74G1PolvKpeJ4o6rSFQA Test - MySQL Rotation User
tiSBTPbX0l-LropVz_yOwA Test - VNC Admin
rMcu4KrG7fPngpzOG0whig Test - SSH Admin with Private Key
s9lDKvwGOT9xIwkhAeuxxg Test - RDP User
AW9fRQkNVN1ud_SADgU2JA Test - RDP Admin
VEP5gFHUFsZPNGzSjWaL0Q Test - SSH Admin with Password
usvKj4LuyMqVqShQRip_Uw 6pQAU-fq-oF-fikPZm7wHQ PAM Test Dev - SSH Machine with Password Access anant.mangalampalli@metronlabs.com
BwZWlg_2hdACmIh6_ZW3Qg PAM Test Dev - RDP Machine
sCM-ej35HG1ZmmLu8bwUyw PAM Test Dev - MySQL Database
OtR_D2g2pUCRg1yeoSR2Ww PAM Test Dev - SSH Machine with Private Key Access
c-P7AHK38i-guOS5dT8tww PAM Test Dev - Bing Remote Browser
76GpFaYlejEq2Mks7UKSoA PAM Test Dev - VNC Machine
```
Python SDK
**Function:**
```python
def generate_shared_folder_report(self) -> List[SharedFolderReportEntry]:
```