All Products
Search

This Product

    Bastionhost:Authorize a user group to manage hosts

    Document Center

    Bastionhost:Authorize a user group to manage hosts

    Last Updated:Jan 15, 2024

    Bastionhost allows you to authorize a user group to manage hosts. After you create a user group, you can authorize the user group to manage hosts. After the user group is authorized to manage the hosts, the users in the user group can log on to a bastion host to perform O&M operations on the hosts. This topic describes how to authorize a user group to manage hosts.

    Authorize a user group to manage hosts

    1. Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.

    2. In the left-side navigation pane, choose Users > User Groups.

    3. In the user group list, find the user group that you want to manage and click Authorize Hosts in the Actions column.

      Authorize a user group to manage hosts

    4. On the Managed Hosts tab, click Authorize Hosts.

    5. In the Authorize Hosts panel, select one or more hosts that you want to authorize the user group to manage and click OK. Authorize a user group to manage hosts

    Remove the hosts that a user group is authorized to manage

    If a user group is no longer required to manage specific hosts, perform the following steps to remove the hosts that the user group is authorized to manage to achieve the principle of least privilege:

    1. Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.

    2. In the left-side navigation pane, choose Users > User Groups.

    3. In the user group list, find the user group that you want to manage and click Authorize Hosts in the Actions column.

      Authorize a user group to manage hosts

    4. On the Managed Hosts tab, select the hosts that you want to remove and click Remove.

      Remove authorized hosts from a user group

    5. In the message that appears, click Remove.

    Authorize the accounts of multiple hosts for a user group

    To authorize the accounts of multiple hosts for a user group at a time, perform the following steps:

    1. Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.

    2. In the left-side navigation pane, choose Users > User Groups.

    3. In the user group list, find the user group that you want to manage and click Authorize Hosts in the Actions column.

      Authorize a user group to manage hosts

    4. On the Managed Hosts tab, select the hosts whose accounts you want to authorize for the user group and choose Batch > Bind Accounts to Multiple Asset Groups.

    5. In the Bind Accounts to Multiple Asset Groups panel, specify Accounts and click Update.

      Bind Accounts to Multiple Asset Groups

      Note When you want to authorize the accounts of multiple hosts for a user at a time, you can select only one host account at a time.

    Remove the accounts of multiple hosts that are authorized for a user group

    To remove the accounts of multiple hosts that are authorized for a user group at a time, perform the following steps:

    1. Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.

    2. In the left-side navigation pane, choose Users > User Groups.

    3. Find the user group and click Authorize Hosts in the Actions column.

      Authorize a user group to manage hosts

    4. On the Managed Hosts tab, select the hosts whose accounts you want to remove and choose Batch > Remove Accounts of Multiple Asset Groups.

    5. In the Remove Accounts of Multiple Asset Groups panel, specify Accounts and click Update.

      Remove Accounts of Multiple Asset Groups

      Note When you remove the accounts of multiple hosts that are authorized for a user at a time, you can select only one host account at a time.