Host authorization is to associate users with host assets in Bastionhost. If you authorize
hosts by user, a user can access only the hosts authorized to the user. This topic
describes how to authorize hosts and their accounts by user. This topic also describes
how to maintain these hosts and accounts.
Authorize hosts
To authorize hosts for a user, follow these steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, click Authorize Hosts.
- In the Authorize Hosts pane that appears, select one or more hosts you want to authorize
for the user to maintain and click OK.
Remove authorized hosts
If a user does not need to maintain certain hosts, follow these steps to remove the
authorized hosts to achieve the principle of least privilege:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, select the authorized hosts you want to
remove and click Remove in the lower-left corner.
- In the message that appears, click Remove.
Authorize the accounts of a single host
To authorize the accounts of a single host for a user, follow these steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, find the target host and click the information in the Authorized Accounts column.
- In the Select Accounts pane that appears, select one or more accounts and click Update.
Note If the host does not have an account, you can click Create Host Account in the Select Accounts pane to create one first.
Authorize the accounts of multiple hosts
To authorize the accounts of multiple hosts for a user at a time, follow these steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, select the target hosts and select Batch Authorize Accounts from the Batch drop-down list.

- In the Batch Authorize Accounts pane that appears, specify Accounts.
Note Currently, you can select only one host account at a time during the authorization
of host accounts.
- Click Update.
Remove the authorized accounts of multiple hosts
To remove the authorized accounts of multiple hosts for a user at a time, follow these
steps:
- Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, click .
- Find the target user and click Authorize Hosts in the Actions column.
- On the Authorized Hosts tab that appears, select the target hosts.
- Select Batch Remove Authorized Accounts from the Batch drop-down list.

- In the Batch Remove Authorized Accounts pane that appears, specify Accounts.
Note Currently, you can select only one host account at a time during the removal of authorized
host accounts.
- Click Update.