Create an authorization rule - Bastionhost - Alibaba Cloud Documentation Center

Bastionhost provides the authorization rules feature. This feature allows you to authorize multiple users to manage assets at a time. You can also specify a validity period during which users have access to assets. This way, you can manage users and assets in a more efficient manner and control the period during which users have access to assets. This topic describes how to create an authorization rule.

Background information

If the version of your bastion host is earlier than V3.2.22, you can authorize only a single user or user group to access assets or asset groups, and you cannot specify the period during which the users have access to assets. If you want to use the authorization rules feature, you must update your bastion host to V3.2.22.

For more information about the time ranges in which your bastion host can be updated, see Update Bastionhost to V3.2.22.
For more information about how to update the version of your bastion host, see Update a bastion host.

Procedure

Log on to your bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, click Authorization Rules.
On the Authorization Rules page, click Create Authorization Rule.

In the Create Authorization Rule dialog box, specify the parameters such as Authorization Rule Name and Validity Period.


Parameter	Description
Authorization Rule Name	The name of the authorization rule you want to create.
Validity Period	The validity period of the authorization rule you want to create. You can specify the start and end dates of the validity period, as well as points in time at which the validity period starts and ends.
Remarks	The remarks about the authorization rule.

Click Create Authorization Rule.
A dialog box that indicates the authorization rule is created appears. In the dialog box, click Associate Assets and Users.
On the Authorization Details page, configure the assets and users to which you want to associate the authorization rule.
After you complete the configuration, the assets and users to which you associate the authorization rule appear in the lists in Asset, Asset Group, Users, and User Groups sections.
- Associate the authorization rule to assets or asset groups
  1. Click Add Asset or Create Asset Group.
  2. In the dialog box that appears, select one or more assets or asset groups to which you want to associate the authorization rule.
  3. Click OK.
  4. Optional:After you associate the authorization rule to an asset or asset group, click None. Authorize accounts that is displayed in the Authorized Accounts column to specify authorized accounts for the asset or asset group. You can select multiple assets or asset groups to specify authorized accounts at a time.
    You can also select multiple assets or asset groups to remove authorized accounts at a time.
- Associate the authorization rule to users or user groups
  1. Click Associate User or Associate User Group.
  2. In the dialog box that appears, select one or more users or user groups to which you want to associate the authorization rule.
  3. Click OK.

Result

After you complete the configuration, the users and user groups that are associated to the authorization rule can access the selected assets or asset groups within the Validity Period that you specify for the authorization rule.