A host group is a collection of hosts. After a host group is authorized for a user group, the user group can control all hosts and authorized accounts in this host group. This topic describes how to authorize host groups and their accounts by user group. This topic also describes how to maintain these host groups and accounts.

Background information

The differences between host group authorization by user and host group authorization by user group are described as follows:
  • Host group authorization by user: Host groups and their accounts are authorized for a single user.
  • Host group authorization by user group: A user group is a collection of users. Authorization for a user group is to authorize multiple host groups and their accounts for all the users in this user group at a time.

Authorize host groups

To authorize host groups for a user group, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > User Groups.
  3. Find the target user group and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user group (1)
  4. On the Authorized Host Groups tab that appears, click Authorize Host Groups.
  5. In the Authorize Host Groups pane that appears, select one or more host groups that you want to authorize for the user group to maintain and click OK.
    Authorize host groups for a user group (2)

Remove authorized host groups

If a user group does not need to maintain certain host groups, follow these steps to remove the authorized host groups to achieve the principle of least privilege:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > User Groups.
  3. Find the target user group and click Authorize Host Groups in the Actions column.
    Click Authorize Host Groups
  4. On the Authorized Host Groups tab that appears, select the authorized host groups you want to remove and click Remove in the lower-left corner.
    Remove authorized host groups from a user group
  5. In the message that appears, click Remove.

Authorize the accounts of a single host group

To authorize the accounts of a single host group for a user group, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > User Groups.
  3. Find the target user group and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user group (1)
  4. On the Authorized Host Groups tab that appears, find the target host group and click None. Authorize accounts in the Authorized Accounts column.
    Authorize accounts (1)
    Note If you want to modify the authorized accounts, you can click the required account name in the Authorized Accounts column and specify Accounts.
  5. In the Select Accounts pane that appears, specify Accounts.
  6. Click Update.

Authorize the accounts of multiple host groups

To authorize the accounts of multiple host groups for a user group at a time, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > User Groups.
  3. Find the target user group and click Authorize Host Groups in the Actions column.
    Authorize host groups for a user group (1)
  4. Select the host groups whose accounts you want to authorize and select Batch Authorize Accounts from the Batch drop-down list.
    Authorize the accounts of multiple host groups
  5. In the Batch Authorize Accounts pane that appears, specify Accounts.
    Batch Authorize Accounts pane
  6. Click Update.

Remove the authorized accounts of multiple host groups

To remove the authorized accounts of multiple host groups from a user group at a time, follow these steps:

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Users > User Groups.
  3. Find the target user group and click Authorize Host Groups in the Actions column.
    Click Authorize Host Groups
  4. On the Authorized Host Groups tab that appears, select the host groups whose accounts you want to remove and select Batch Remove Authorized Accounts from the Batch drop-down list.
    Remove the authorized accounts of multiple host groups from a user group
  5. In the Batch Remove Authorized Accounts pane that appears, specify Accounts.
    Batch Remove Authorized Accounts pane
  6. Click Update.