Create or Edit Transactions

When Dual Control is activated, the maker needs to create transactions before these are processed by a checker.
capamsc141
When Dual Control is activated, the maker needs to create transactions before these are processed by a checker.
To create a transaction
  1. Ensure that the following is true:
    • You (as a maker) have the ADMIN authority.
    • None of the commands pertain to you. (You cannot enter commands that change yourself.)
    • None of the objects in the commands are already part of another transaction that has not been processed by a checker yet.
    • All the objects in the commands exist.
    • You are not editing an existing transaction that another maker invoked. (You can only edit your own transactions.)
  2. Connect to the maker PMDB:
    hosts maker@
    The hosts command connects you to the PMDB (maker). When Dual Control is activated, the name of the PMDB is always maker. After you enter the hosts command, a message reports whether the connection to the host is successful or not.
  3. Start the transaction:
    start_transaction transactionName
    Use start_transaction command as the first step when entering or updating a transaction. You can describe the transaction or can give it any name that you want, up to 256 alphanumeric characters.
  4. Enter your transaction.
    This is a list of commands. For example:
    newusr mary owner(bob) audit(failure,loginfailure)
    chres TERMINAL tty30 defaccess(read) \ restrictions(days(weekdays)time(0800:1800))
  5. End the transaction:
    end_transaction
    The transaction is complete; you are presented with the unique ID number assigned to your transaction. The commands are placed in a file, where you can still access and change them until a checker, in preparation for processing, locks them.
    Make sure you record the transaction ID number if you want to be able to edit the transaction later.
To edit a transaction
  • When you enter the end_transaction command, an ID number displays. This is a unique number that identifies the transaction. If you want to overwrite your transaction later, then the process is the same as creating a transaction, except that you add to the file the transaction's ID number after the name. You can enter to the file any changes you want to make. For example:
    hosts maker@
    start_transaction transactionName transactionId
    You can then enter the appropriate commands to update the transaction:
    chusr mary category (FINANCIAL)
    end_transaction
  • View specific unprocessed transactions with the following parameters.
    Make sure you are in the
    ACInstallDir
    /bin path (where
    ACInstallDir
    is the installation directory for
    Privileged Access Manager
    , by default /opt/CA/PAMSC).
Command with Parameter
Description
sepmd -m l
Lists the unprocessed transactions of the user who invoked the parameter.
sepmd -m la
Lists all the transactions of all the makers that are waiting to be processed.
sepmd -m lo
Lists the transactions of all the makers except those of the user who invoked the parameter
Each transaction in the list includes the name of the maker, the ID number of the transaction, and a description of the transaction, if the maker entered one.
  • Retrieve a specific transaction to the standard output with the following command:
    sepmd -m r transactionId
  • Delete a specific transaction with this command:
    sepmd -m d transactionId