Bastionhost allows you to authorize a user group to manage asset groups. After you create a user group, you can authorize the user group to manage asset groups. After the user groups are authorized, the users in the user group can log on to a bastion host to perform O&M operations on the assets in the asset groups. This topic describes how to authorize a user group to manage asset groups.
Authorize a user group to manage asset groups
To authorize asset groups, perform the following steps:
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
Find the user group that you want to manage and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, click Authorize User to Manage Asset Groups.
In the Authorize User to Manage Asset Groups panel, select one or more asset groups that you want to authorize the user group to manage and click OK.
Remove the asset groups that a user group is authorized to manage
If a user group is no longer required to manage specific asset groups, perform the following steps to remove the asset groups that the user group is authorized to manage to achieve the principle of least privilege:
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
Find the user group that you want to manage and click Authorize User to Manage Asset Groups in the Actions column.
Select the asset groups that you want to remove and click Remove below the asset list.
In the message that appears, click Remove.
Authorize the accounts of a single asset group for a user group
To authorize the accounts of a single asset group for a user group, perform the following steps:
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
Find the user group that you want to manage and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, click No accounts found. Click here to authorize the user to manage the accounts of the asset group.
NoteIf you want to change the accounts that the user group is authorized to manage, you can click the account name in the Authorized Accounts column and specify the Accounts parameter.
Authorize a user group to manage the accounts of multiple asset groups
To authorize a user group to manage the accounts of multiple asset groups at a time, perform the following steps:
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
Find the user group that you want to manage and click Authorize User to Manage Asset Groups in the Actions column.
Select the asset groups whose accounts you want to authorize the user group to manage and choose .
In the Bind Accounts to Multiple Asset Groups panel, specify the Accounts parameter and click Update.
Remove the accounts of multiple asset groups that a user group is authorized to manage
To remove the accounts of multiple asset groups that a user group is authorized to manage at a time, perform the following steps:
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
Find the user group that you want to manage and click Authorize User to Manage Asset Groups in the Actions column.
Select the asset groups whose accounts you want to remove and choose .
In the Remove Accounts of Multiple Asset Groups panel, specify the Accounts parameter and click Update.