poldbg

Policy language debugging can be enabled, disabled, and reviewed using the poldbg option. With this command, you can list policy debugging entries in an attempt to identify and resolve issues that may have occurred within a policy. In addition, you can specify users whose policy is debugged, and can even specify the amount of time that debugging is enabled for that user and policy. The user executes the pbrun command, and the administrator can then review the debugging information.

Policy debugging is only available for if statements and switch case statements.

Run to list debugging policy entries.

--poldbg -l

Run to identity users who can debug entries. You can also designate how long the user has access.

--poldbg -u

Run to view and print a clean output of events for policy debugging in JSON-equivalent format.

pbadmin	-P --evt -s '{taxonomy" : policydbg" }'

Run to view and print events for policy debugging in a CSV-type format.

pbadmin	-C --evt -s '{taxonomy" : policydbg" }'
pbadmin --poldbg -u rjones 2h

In this example, the user rjones is specifically allowed to debugging access for two hours.

pbadmin	-C --evt -s '{taxonomy" : policydbg", "rowid" : 3 }'

In this example, the events are going to be provided in a CSV-type format in which the information specifically in row three is expanded.