Bastionhost provides the authorization rules feature. This feature allows you to authorize
multiple users to manage assets at a time. You can also specify a validity period
during which users have access to assets. This way, you can manage users and assets
in a more efficient manner and control the period during which users have access to
assets. This topic describes how to create an authorization rule.
Background information
If the version of your bastion host is earlier than V3.2.22, you can authorize only
a single user or user group to access assets or asset groups, and you cannot specify
the period during which the users have access to assets. If you want to use the authorization
rules feature, you must update your bastion host to V3.2.22.
Procedure
- Log on to your bastion host. For more information, see Log on to the console of a bastion host.
- In the left-side navigation pane, click Authorization Rules.
- On the Authorization Rules page, click Create Authorization Rule.
- In the Create Authorization Rule dialog box, specify the parameters such as Authorization Rule Name and Validity Period.
Parameter |
Description |
Authorization Rule Name |
The name of the authorization rule you want to create. |
Validity Period |
The validity period of the authorization rule you want to create. You can specify
the start and end dates of the validity period, as well as points in time at which
the validity period starts and ends.
|
Remarks |
The remarks about the authorization rule. |
- Click Create Authorization Rule.
- A dialog box that indicates the authorization rule is created appears. In the dialog
box, click Associate Assets and Users.
- On the Authorization Details page, configure the assets and users to which you want to associate the authorization
rule.
After you complete the configuration, the assets and users to which you associate
the authorization rule appear in the lists in Asset, Asset Group, Users, and User
Groups sections.
- Associate the authorization rule to assets or asset groups
- Click Add Asset or Create Asset Group.
- In the dialog box that appears, select one or more assets or asset groups to which
you want to associate the authorization rule.
- Click OK.
- Optional:After you associate the authorization rule to an asset or asset group, click None. Authorize accounts that is displayed in the Authorized Accounts column to specify authorized accounts for the asset or asset group. You can select
multiple assets or asset groups to specify authorized accounts at a time.
You can also select multiple assets or asset groups to remove authorized accounts
at a time.
- Associate the authorization rule to users or user groups
- Click Associate User or Associate User Group.
- In the dialog box that appears, select one or more users or user groups to which you
want to associate the authorization rule.
- Click OK.
Result
After you complete the configuration, the users and user groups that are associated
to the authorization rule can access the selected assets or asset groups within the
Validity Period that you specify for the authorization rule.