This is assuming you're using the profile based policy and the "UPM def"s are referring to entries in the authCmds list. We've been able to successfully run the pmrun commands using the following authCmds definition:
authCmds={
'/bin/awk -F: $3=="*" {print $1":"$2":"$3":"$4} /etc/group',
'/bin/sed -i.oim /-:bin/i ?+:@*:ALL /etc/security/access.conf'
};
We've used single quotes to delimit the entries so that we didn't have to precede the double quotes with a backslash character. The single quotes on the command line appear to be processed by the shell interpreter, so should not be included in the entry. In the 'sed' entry, we could not get the backslash character does not match, so we've had to replace with a ? wildcard.