start_transaction Command Start Recording Dual Control Transactions
Valid on UNIX hosts in the AC environment
capamsc141
Valid on UNIX hosts in the AC environment
The start_transaction and end_transaction commands create a file that contains an unprocessed transaction for Dual Control PMDB processes, with one or more commands. The administrator (any user with the ADMIN attribute) who entered the commands in the transaction is called a Maker. The commands must be authorized by a Checker (any administrator who is
not
the Maker) before they are executed in the PMDB.The Checker must lock transactions before they can be processed. Until the transaction is locked by the Checker, the Maker can retrieve it, change the commands, or delete it. (See the sepmd utility in the
Reference Guide
for details.) When the Maker enters the end_transaction command, the transaction receives a unique id number. If the Maker wants to edit or retrieve the transaction later, this identifying number must be added after the transaction's name in the start_transaction command. When the Maker retrieves the transaction, the name of the Maker, the id number of the transaction, and a short description are displayed (if the Maker entered a description in the transactionName
parameter).A Maker cannot change the transactions of other Makers. The objects used in a transaction cannot be used by other Makers in different transactions until the commands have been processed.
Each unprocessed transaction stays in a separate file until a Checker processes it. The Checker can authorize or reject a transaction. If the transaction is authorized, the commands are executed and the PMDB is changed accordingly. If the Checker rejects the transaction, the commands are deleted and the PMDB is not changed.
When the end_transaction command is entered at the end of the Maker's work, the numeric id of the transaction appears. The commands can fail for the following reasons:
- if a command refers to an object that has been used in a different transaction which has not been processed yet
- if a command pertains to the Maker-you cannot change yourself
- if a command contains invalid syntax
- if a command refers to objects that do not exist (in this case a warning message appears)
- You can execute the start_transaction and end_transaction commands if you have the ADMIN attribute.
- Since the hosts command must be executed before invoking the start_transaction and end_transaction commands, you must be authorized to use the hosts command.
Note:
For more information on Dual Control, see the Endpoint Administration Guide for UNIX
.Usage notes:
- The hosts command must be executed before invoking the start_transaction and end_transaction commands, and the name of the PMDB must be maker.
- In order for the start_transaction and end_transaction commands to function, the value for the is_maker_checker token in the pmd.ini file and in the [pmd] section of the seos.ini file must be set to yes.
This command has the following format:
start_transaction transactionName [transactionId] . . . end_transaction
- transactionNameSpecifies the name or a description of the transaction. You can enter a string of up to 256 alphanumeric characters.
- transactionIdSpecifies the unique number given to the transaction when it is created. This numeric id appears automatically when you create a transaction. You must specify this id number when you update the same transaction.
Examples
- The Maker Sally wants to add user Anne to the PMDB, and restrict their access to the system to weekdays between 8:00 a.m. and 8:00 p.m. Then Sally wants to change the default access to the tty30 terminal to read only. Sally wants to call this transaction general.
- The Maker has the ADMIN attribute.
hosts maker@ start_transaction general newusr anne (days(weekdays)time(0800:2000)) chres TERMINAL tty30 defaccess(read) end_transactionWhen Sally enters the end_transaction command, the transaction is assigned an ID number, such as seven. - The Maker Sally wants to add the FINANCIAL category to the user Anne. Sally added the user Anne record earlier the same day, and the command has not yet been processed or implemented on the PMDB.
- The Maker has the ADMIN attribute.
hosts maker@ start_transaction general 7 chusr anne category(FINANCIAL) end_transaction