How to export and import rules safely and rebuild the database from scratch with Access Control.
search cancel

How to export and import rules safely and rebuild the database from scratch with Access Control.

book

Article ID: 54174

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC) CA Virtual Privilege Manager

Issue/Introduction

This article describes the steps for backup and restore of seosdb for Unix/Linux and Windows environments.

Environment

Privileged Identity Manager 12.x
PAM Server Control 14.x

Resolution

The procedure will be the following in your UNIX / LINUX environment as "root":

  1. Check if Access Control is running: Run: 'issec'
  • Stop Access Control: Run: 'secons -s'
    • You need to be inside the 'seosdb' directory: Run: 'cd /opt/CA/eTrustAccessControl/seosdb'
    • Export the existing rules: Run: 'dbmgr -e -l -f /tmp/dbrules.txt'
    • Export user-related data: Run: 'dbmgr -m -r /tmp/pmdb.pwd'
    • One level up from 'seosdb': Run: 'cd ..'
    • Create a new directory 'seosdb_new': Run: 'mkdir seosdb_new'
    • You need to be inside the new directory 'seosdb_new': Run: 'cd seosdb_new' Run: 'mkdir seosdb_new'
    • Create the new database files from scratch: Run: 'dbmgr -create -cq' (-cq does not prompt for verification)
    • Import the rule set exported at the step D) Run: 'selang -l -d . -f /tmp/dbrules.txt'
    • Import user-related data exported at the step E) Run: 'dbmgr -m -w /tmp/pmdb.pwd'
    • One level up from 'seosdb_new': Run: 'cd ..'
    • Rename the previous seosdb directory from 'seosdb' to 'seosdb_old': Run: 'mv seosdb seosdb_old'
    • Rename the new seosdb directory created at the step G) from 'seosdb_new' to 'seosdb': Run: 'mv seosdb_new seosdb'
    • Restart Access Control: Run: 'seload'

The procedure will be the following in your WINDOWS environment as "Administrator":

    1. Check if Access Control is running: Run: 'net start|find "Access Control"
    2. Stop Access Control: Run: 'secons -s'
    3. You need to be inside the 'seosdb' directory: Run: 'cd \Program Files\CA\eTrustAccessControl\data\seosdb'
    4. Export the existing rules: Run: 'dbmgr -e -l -f C:\TEMP\dbrules.txt'
    5. Export user-related data: Run: 'dbmgr -m -r C:\TEMP\pmdb.pwd'
    6. One level up from 'seosdb': Run: 'cd ..'
    7. Create a new directory 'seosdb_new': Run: 'mkdir seosdb_new'
    8. You need to be inside the new directory 'seosdb_new': Run: 'cd seosdb_new'
    9. Create the new database files from scratch: Run: 'dbmgr -create -cq' (-cq does not prompt for verification)
    10. Import the rule set exported at the step D): Run: 'selang -l -f C:\TEMP\dbrules.txt'
    11. Import user-related data exported at the step E) Run: 'dbmgr -m -w C:\TEMP\pmdb.pwd'
    12. One level up from 'seosdb_new': Run: 'cd ..'
    13. Rename the previous seosdb directory from 'seosdb' to 'seosdb_old': Run: 'ren seosdb seosdb_old'
    14. Rename the new seosdb directory created at the step G) from 'seosdb_new' to 'seosdb': Run: 'ren seosdb_new seosdb'
    15. Restart Access Control: run 'seosd -start'
Powered by Wolken Software