Bastionhost allows you to authorize a user group to manage host groups. After you create a user group, you can authorize the user group to manage host groups. After the host groups are authorized for the user group, the users in the user group can log on to a bastion host to perform O&M operations on the hosts in the host groups. This topic describes how to authorize a user group to manage host groups.

Authorize a user group to manage host groups

To authorize host groups for a user group, perform the following steps:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group that you want to authorize to manage host groups and click Authorize Host Groups in the Actions column.
    Authorize a user group to manage host groups
  4. On the Authorized Host Groups tab, click Authorize Host Groups.
  5. In the Authorize Host Groups panel, select one or more host groups that you want to authorize for the user group to manage and click OK.
    Authorize a user group to manage host groups

Remove the host groups that a user group is authorized to manage

If a user group is no longer required to manage specific host groups, perform the following steps to remove the host groups that the user group is authorized to manage to achieve the principle of least privilege:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group and click Authorize Host Groups in the Actions column.
    Authorize a user group to manage host groups
  4. On the Authorized Host Groups tab, Select the host groups that you want to remove and click Remove.
    Remove the host groups that a user group is authorized to manage
  5. In the message that appears, click Remove.

Authorize the accounts of a single host group for a user group

To authorize the accounts of a single host group for a user group, perform the following steps:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group that you want to authorize to manage host groups and click Authorize Host Groups in the Actions column.
    Authorize a user group to manage host groups
  4. On the Authorized Host Groups tab, click None. Authorize accounts.
    Authorize the accounts of a single host group for a user group
    Note If you want to change the accounts that are authorized for the user group, you can click the account name in the Authorized Accounts column and specify the Accounts parameter.
  5. In the Batch Authorize Accounts panel, specify Accounts.
  6. Click Update.

Authorize the accounts of multiple host groups for a user group

To authorize the accounts of multiple host groups for a user group at a time, perform the following steps:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group that you want to authorize to manage host groups and click Authorize Host Groups in the Actions column.
    Authorize a user group to manage host groups
  4. On the Authorized Host Groups tab , select the host groups whose accounts you want to authorize for the user group and choose Batch > Batch Authorize Accounts.
    Authorize the accounts of multiple host groups for a user group
  5. In the Batch Authorize Accounts panel, specify Accounts.
    Batch Authorize Accounts
  6. Click Update.

Remove the accounts of multiple host groups that are authorized for a user group

To remove the accounts of multiple host groups that are authorized for a user group at a time, perform the following steps:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group and click Authorize Host Groups in the Actions column.
    Authorize a user group to manage host groups
  4. On the Authorized Host Groups tab, select the host groups whose accounts you want to remove and choose Batch > Batch Remove Authorized Accounts.
    Remove the accounts of multiple host groups that are authorized for a user group
  5. In the Batch Remove Authorized Accounts panel, specify Accounts.
    Batch Remove Authorized Accounts
  6. Click Update.