> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/keeperpam/jp/commander-sdk/keeper-commander-sdks/sdk-command-reference/pedm-commands/pedm-approval-commands.md).

# KEPM承認コマンド

### 概要

ここでは、KEPMの特権昇格承認リクエストを管理するKeeperコマンダーのコマンドを扱います。承認では、実行前に管理者の承認が必要な特権昇格リクエストを扱います。これらのコマンドで、保留中のリクエストの確認や、承認・却下・削除による対応が行えます。

このセクションで扱うコマンドは以下のとおりです。

* [**承認リクエスト一覧コマンド**](#approval-list-command)
* [**承認対応コマンド**](#approval-action-command)

### 使い方

`pedm approval command [--options]`

***

### 承認リクエスト一覧コマンド <a href="#approval-list-command" id="approval-list-command"></a>

特権昇格の承認リクエストを、ステータス、詳細、有効期限の情報とともにすべて表示します。承認ステータスで絞り込み、保留、承認済み、却下済み、または期限切れのリクエストを確認できます。

<details>

<summary>DotNet CLI</summary>

**コマンド:** `epm-approval list`

**パラメータ**:

<table><thead><tr><th width="220.99993896484375">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><code>--expired</code></td><td>期限切れの承認のみ一覧表示</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```bash
My Vault > epm-approval
```

{% endcode %}

**コマンド**: `epm-approval view`

**パラメータ**:

<table><thead><tr><th width="194">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><em>(positional)</em></td><td>承認UID</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```bash
My Vault > epm-approval view abc123uid
```

{% endcode %}

</details>

<details>

<summary>DotNet SDK</summary>

**関数:**

{% code expandable="true" %}

```csharp
// Get status as int (0=Pending, 1=Approved, 2=Denied)
int? status = plugin.GetApprovalStatus(approvalUid);

// List all approvals
IEnumerable<EpmApproval> approvals = plugin.Approvals.GetAll();

// Get single approval
EpmApproval approval = plugin.Approvals.GetEntity(approvalUid);

// Check if expired locally
bool isExpired = approval.ExpireIn > 0 
    && DateTimeOffset.UtcNow.ToUnixTimeSeconds() > (approval.Created + approval.ExpireIn);
```

{% endcode %}

</details>

<details>

<summary>Power Commander</summary>

**コマンド:** `Get-KeeperEpmApprovalList`

**エイリアス**: `kepm-approval-list`

**パラメータ**:

| パラメータ   | 説明                                                                |
| ------- | ----------------------------------------------------------------- |
| `-Type` | 承認ステータスで絞り込み: `approved`、`denied`、`pending`、`expired`、`escalated` |

**例**:

{% code expandable="true" %}

```ps1
PS > Get-KeeperEpmApprovalList

Approval UID           Approval Type Status  Agent UID              Account Info          Application Info
------------           ------------- ------  ---------              ------------          ----------------                         
bYEWk2Ido0mcPMoASh9mgw CommandLine   EXPIRED xerWlrlsaF_YLdHDx75c-g Username: mohsinnaqvi FileName: sudo, Description: sudo, FileP…
fKaUe6VE3ESDk0oXSCVIIg CommandLine   EXPIRED xerWlrlsaF_YLdHDx75c-g Username: mohsinnaqvi FileName: sudo, Description: sudo, FileP…
```

{% endcode %}

**コマンド**: `Get-KeeperEpmApproval`

**エイリアス**: `kepm-approval-view`

**パラメータ**:

<table><thead><tr><th width="233.00006103515625">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><code>-ApprovalUid</code></td><td>承認レコードUID</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```ps
PS > Get-KeeperEpmApproval ovhhkpsKak6xExtREkSroA
Approval: ovhhkpsKak6xExtREkSroA
  Type: CommandLine
  Status: DENIED
  Agent UID: xerWlrlsaF_YLdHDx75c-g
  Account Info: Username: mohsinnaqvi
  Application Info: FileName: sudo, Description: sudo, FilePath: /usr/bin...
  Justification: text: test jira, timestamp: 05/11/2026 23:10:20
  Expire In: N/A
  Created: 2026-05-11 17:40:21
```

{% endcode %}

</details>

<details>

<summary>Python CLI</summary>

**コマンド:** `pedm approval list`

**エイリアス:** `pedm approval l`

**フラグ:**

| フラグ        | 説明                                                  |
| ---------- | --------------------------------------------------- |
| `--type`   | 承認ステータスで絞り込み (選択肢: approved、denied、pending、expired) |
| `--format` | 出力形式 - json、csv、tableのいずれか                          |
| `--output` | 指定ファイルに保存する                                         |

**例:**

```
My Vault> pedm approval list --type pending

Approval UID: approval_abc123
Approval Type: PrivilegeElevation
Status: Pending
Agent UID: agent_xyz789
Account Info: User=john.doe
Application Info: Process=powershell.exe
Justification: System maintenance
Expire In: 300
Created: 2024-11-05 10:30:00
```

</details>

<details>

<summary>Python SDK</summary>

**関数:**

```python
from keepersdk.plugins.pedm import admin_plugin

plugin = admin_plugin.PedmPlugin(enterprise_loader)
approval_list = plugin.approvals.get_all_entities()
```

</details>

### 承認対応コマンド <a href="#approval-action-command" id="approval-action-command"></a>

特権昇格の承認リクエストに対し、承認・却下・削除の操作を行います。一括操作に対応し、`@approved`、`@denied`、`@expired`、`@pending` などの特殊値でリクエスト群を指定できます。

<details>

<summary>DotNet CLI</summary>

**コマンド:** `epm-approval approve`

**パラメータ**:

<table><thead><tr><th width="193">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><em>(positional)</em></td><td>承認UID</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```bash
My Vault > epm-approval approve abc123uid
```

{% endcode %}

**コマンド**: `epm-approval deny`

**パラメータ**:

<table><thead><tr><th width="211.99993896484375">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><em>(positional)</em></td><td>承認UID</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```bash
My Vault > epm-approval deny abc123uid
```

{% endcode %}

**コマンド**: `epm-approval remove`

**パラメータ**:

<table><thead><tr><th width="206">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><em>(positional)</em></td><td>承認UID</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```bash
My Vault > epm-approval remove abc123uid
```

{% endcode %}

</details>

<details>

<summary>DotNet SDK</summary>

**関数:**

{% code expandable="true" %}

```csharp
public Task<ModifyStatus> ModifyApprovals(
    IEnumerable<string> toApproveUids = null,
    IEnumerable<string> toDenyUids = null,
    IEnumerable<string> toRemoveUids = null)
```

{% endcode %}

</details>

<details>

<summary>Power Commander</summary>

**コマンド:** `Approve-KeeperEpmApproval`

**エイリアス**: `kepm-approval-approve`

**パラメータ**:

<table><thead><tr><th width="161.99993896484375">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><code>-ApprovalUid</code></td><td>承認レコードUID</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```ps1
PS > Approve-KeeperEpmApproval "abc123uid"
```

{% endcode %}

**コマンド**: `Deny-KeeperEpmApproval`

**エイリアス**: `kepm-approval-deny`

**パラメータ**:

<table><thead><tr><th width="161.99993896484375">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><code>-ApprovalUid</code></td><td>承認レコードUID</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```ps1
PS > Deny-KeeperEpmApproval "abc123uid"
```

{% endcode %}

**コマンド**: `Remove-KeeperEpmApproval`

**エイリアス**: `kepm-approval-remove`

**パラメータ**:

<table><thead><tr><th width="187">パラメータ</th><th>説明</th></tr></thead><tbody><tr><td><code>-ApprovalUid</code></td><td>承認レコードUID</td></tr><tr><td><code>-Force</code></td><td>削除前の確認プロンプトをスキップ</td></tr></tbody></table>

**例**:

{% code expandable="true" %}

```ps1
PS > Remove-KeeperEpmApproval "abc123uid"
```

{% endcode %}

</details>

<details>

<summary>Python CLI</summary>

**コマンド:** `pedm approval action`

**エイリアス:** `pedm approval a`

**フラグ:**

| フラグ         | 説明                                                                 |
| ----------- | ------------------------------------------------------------------ |
| `--approve` | 承認するリクエストUID (繰り返し指定可)                                             |
| `--deny`    | 却下するリクエストUID (繰り返し指定可)                                             |
| `--remove`  | 削除するリクエストUID、または特殊値: @approved、@denied、@expired、@pending (繰り返し指定可) |

**例:**

```
My Vault> pedm approval action --approve approval_abc123

Approval request approved successfully
```

```
My Vault> pedm approval action --deny approval_def456

Approval request denied successfully
```

```
My Vault> pedm approval action --remove @expired

All expired approval requests removed successfully
```

</details>

<details>

<summary>Python SDK</summary>

**関数:**

```python
from keepersdk.plugins.pedm import admin_plugin

plugin = admin_plugin.PedmPlugin(enterprise_loader)

def verify_uid(uids: Any) -> Optional[List[bytes]]:
    if isinstance(uids, str):
        uids = [uids]
    if isinstance(uids, list):
        to_uid = []
        for uid in uids:
            approve_uid = utils.base64_url_decode(uid)
            if len(approve_uid) == 16:
                to_uid.append(approve_uid)
            else:
                logger.warning(f'Invalid UID: {uid}')
        if len(to_uid) > 0:
            return to_uid
    return None

list_approve = ['names or uids of approval requests to approve']
list_deny = ['names or uids of approval requests to deny']
list_remove = ['names or uids of approval requests to remove']
to_approve = verify_uid([list('')])
to_deny = verify_uid(kwargs.get('deny'))
to_remove = kwargs.get('remove')
if to_remove:
    if isinstance(to_remove, str):
        to_remove = [to_remove]
    to_remove_set: Set[bytes] = set()
    to_resolve = []
    for uid in to_remove:
        if uid == '@approved':
            to_remove_set.update(
                (utils.base64_url_decode(x.approval_uid) for x in plugin.storage.approval_status.get_all_entities() if x.approval_status == NotificationCenter_pb2.NAS_APPROVED))
        elif uid == '@denied':
            to_remove_set.update(
                (utils.base64_url_decode(x.approval_uid) for x in plugin.storage.approval_status.get_all_entities() if x.approval_status == NotificationCenter_pb2.NAS_DENIED))
        elif uid == '@pending':
            to_remove_set.update(
                (utils.base64_url_decode(x.approval_uid) for x in plugin.storage.approval_status.get_all_entities() if x.approval_status == NotificationCenter_pb2.NAS_UNSPECIFIED))
        else:
            to_resolve.append(uid)
    if len(to_resolve) > 0:
        to_remove = verify_uid(to_resolve)
        if isinstance(to_remove, list):
            to_remove_set.update(to_remove)
    to_remove = list(to_remove_set)

status_rs = plugin.modify_approvals(to_approve=to_approve, to_deny=to_deny, to_remove=to_remove)
```

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.keeper.io/keeperpam/jp/commander-sdk/keeper-commander-sdks/sdk-command-reference/pedm-commands/pedm-approval-commands.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.