Hi Sergio,
Since this is happening to root, it sounds like you may have changed the hostname or domain of this server after installing PIM. When you first install some default terminal rules are created to allow access, but it does not pay attention to changes to hostname or domain. You should be able to get into selang using the local option when the PIM agent is down. You will need to login using the selang local instance, then change your terminal rules to allow access.
Examples steps:
Shut down PIM:
# secons -S
Enter local selang:
# selang -l
Search for the terminal rules:
AC> SR TERMINAL *
This will output a list of all terminal rules. Find the rules related to this terminal, exatly as noted in the error you see (ts-lin-jenk-app-01.local).
Sample:
Data for TERMINAL 'lutch01-rh7301.ca.com'
-----------------------------------------------------------
Defaccess : R
ACLs :
Accessor Access
+devcalc (USER ) W
+policyfetcher(USER ) W
root (USER ) R, W
Audit mode : Failure
Owner : root (USER )
Create time : 11-Apr-2018 11:51
Update time : 11-Apr-2018 11:51
Updated by : root (USER )
If this doesn't exist you will need to create one, example:
AC> NR TERMINAL ts-lin-jenk-app-01.local defacc(R) owner(root)
Once this does exist, we can update its ACL to allow the user selang access:
AC> authorize TERMINAL ts-lin-jenk-app-01.local uid(root) access(r w)
Note: the user (uid) should already exist in selang, you can search users with: AC> su <uid>
Exist selang and Start PIM services back up:
# seload
Confirm access by entering normal selang:
# selang
More info on TERMINAL class:
https://docops.ca.com/ca-privileged-identity-management/12-8/en/reference/selang-reference-guide/classes-in-the-ac-environment/terminal-class
Hope this helps,
Christian Lutz
Support Engineer
CA Technologies - North America