Check and Process Transactions

When Dual Control is activated, the checker needs process transactions created by a maker.
capamsc141
When Dual Control is activated, the checker needs process transactions created by a maker.
To check a transaction:
  1. Make sure that the following conditions are true:
    • You (as the checker) have ADMIN authority.
    • Another Checker does not lock the transaction.
    • None of the commands pertain to you. (You cannot process commands that involve yourself.)
  2. Navigate to the
    ACInstallDir
    /bin path
    where
    ACInstallDir
    is the installation directory for
    Privileged Access Manager
    , by default /opt/CA/PAMSC.
  3. View the transactions that are waiting to be processed before execution:
    sepmd -m la
    Or, view all the transactions except the transactions that you yourself created:
    sepmd -m lo
    Each transaction includes the name of the maker, the ID number of the transaction, and the name or description of the transaction.
  4. Lock the transactions before processing them:
    sepmd -m r transactionId
    A locked transaction cannot be changed.
  5. Process the transaction:
    sepmd -m p transactionIdcode
    codeCan be one of the following:0—The transaction is rejected.In this case, all the commands in the transaction are deleted and no changes are implemented in the PMDB.1—The transaction is authorized.The commands in the transaction are immediately implemented in the PMDB.2—The transaction is unlocked.The transaction returns to the queue of waiting transactions and can be processed later, perhaps by a different checker.
    sepmd -m p
    transactionId
    code
    • code
      Can be
      one
      of the following:
      • 0
        The transaction is rejected.
        In this case, all the commands in the transaction are deleted and no changes are implemented in the PMDB.
      • 1
        The transaction is authorized.
        The commands in the transaction are immediately implemented in the PMDB.
      • 2
        The transaction is unlocked.
        The transaction returns to the queue of waiting transactions and can be processed later, perhaps by a different checker.
    A message appears stating which commands were successful and which failed.
For more information on makers and checkers, see the sepmd utility in the
Reference Guide
and the start_transaction command in the
selang Reference section
.