Host authorization is to associate users with host assets in Bastionhost. If you authorize
hosts by user group, users in a user group can access only the hosts authorized to
the user group. This topic describes how to authorize hosts and their accounts by
user group. This topic also describes how to maintain these hosts and accounts.
Background information
The differences between host authorization by user and host authorization by user
group are described as follows:
- Host authorization by user: Hosts and their accounts are authorized for a single user.
- Host authorization by user group: A user group is a collection of users. Authorization
for a user group is to authorize multiple hosts and their accounts for all the users
in this user group at a time.
Authorize hosts
To authorize hosts for a user group, follow these steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user group and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, click Authorize Hosts.
- In the Authorize Hosts pane that appears, select one or more hosts that you want to authorize for the user
group to maintain and click OK.

Remove authorized hosts
If a user group does not need to maintain certain hosts, follow these steps to remove
the authorized hosts to achieve the principle of least privilege:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user group and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, select the authorized hosts you want to
remove and click Remove in the lower-left corner.
- In the message that appears, click Remove.
Authorize the accounts of a single host
To authorize the accounts of a single host for a user group, follow these steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user group and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, find the target host and click the information in the Authorized
Accounts column.
- In the Select Accounts pane that appears, select one or more accounts and click Update.
Note If the host does not have an account, you can click Create Host Account in the Select Accounts pane to create one first.
Authorize the accounts of multiple hosts
To authorize the accounts of multiple hosts for a user group at a time, follow these
steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user group and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, select the target hosts and select Batch Authorize Accounts from the Batch drop-down list.
- In the Batch Authorize Accounts pane that appears, specify Accounts.
Note Currently, you can select only one host account at a time during the authorization
of host accounts.
- Click Update.
Remove the authorized accounts of multiple hosts
To remove the authorized accounts of multiple hosts from a user group at a time, follow
these steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user group and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, select the target hosts and select Batch Remove Authorized Accounts from the Batch drop-down list.
- In the Batch Remove Authorized Accounts pane that appears, specify Accounts.
Note Currently, you can select only one host account at a time during the removal of authorized
host accounts.
- Click Update.