Bastionhost allows you to authorize a user group to manage hosts. After you create a user group, you can authorize the user group to manage hosts. After the users group is authorized to manage the hosts, the users in the user group can log on to a bastion host to perform O&M operations on the hosts. This topic describes how to authorize a user group to manage hosts.

Authorize a user group to manage hosts

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group that you want to authorize to manage hosts and click Authorize Hosts in the Actions column.
    Authorize a user group to manage hosts
  4. On the Authorized Hosts tab, click Authorize Hosts.
  5. In the Authorize Hosts panel, select one or more hosts that you want to authorize for the user group to manage and click OK. Authorize a user group to manage hosts

Remove the hosts that a user group is authorized to manage

If a user group is no longer required to manage specific hosts, perform the following steps to remove the hosts that the user group is authorized to manage to achieve the principle of least privilege:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group and click Authorize Hosts in the Actions column.
    Authorize a user group to manage hosts
  4. On the Authorized Hosts tab, select the hosts that you want to remove and click Remove.
    Remove authorized hosts from a user group
  5. In the message that appears, click Remove.

Authorize the accounts of multiple hosts for a user group

To authorize the accounts of multiple hosts for a user group at a time, perform the following steps:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group that you want to authorize to manage hosts and click Authorize Hosts in the Actions column.
    Authorize a user group to manage hosts
  4. On the Authorized Hosts tab, select the hosts whose accounts you want to authorize for the user and choose Batch > Batch Authorize Accounts.
    Authorize the accounts of multiple hosts for a user group
  5. In the Batch Authorize Accounts panel, specify Accounts.
    Batch Authorize Accounts
    Note Currently, you can select only one host account at a time during the authorization of host accounts.
  6. Click Update.

Remove the accounts of multiple hosts that are authorized for a user group

To remove the accounts of multiple hosts that are authorized for a user group at a time, perform the following steps:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > User Groups.
  3. Find the user group and click Authorize Hosts in the Actions column.
    Authorize a user group to manage hosts
  4. On the Authorized Hosts tab, select the hosts whose accounts you want to remove and choose Batch > Batch Remove Authorized Accounts.
    Remove the accounts of multiple hosts that are authorized for a user group
  5. In the Batch Remove Authorized Accounts panel, specify Accounts.
    Batch Remove Authorized Accounts
    Note Currently, you can select only one host account at a time during the removal of authorized host accounts.
  6. Click Update.