Authorize a user to manage host groups

Bastionhost allows you to authorize a user to manage host groups. After you add a user, you can authorize the user to manage host groups. After the host groups are authorized for the user to manage, the user can log on to a bastion host to perform O&M operations on the hosts in the host groups. This topic describes how to authorize a user to manage host groups.

To authorize a user to manage host groups, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user group that you want to authorize to manage host groups and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, click Authorize User to Manage Asset Groups.
In the Authorize User to Manage Asset Groups panel, select one or more host groups that you want to authorize for the user to manage and click OK.

Remove the host groups that a user is authorized to manage

If a user is no longer required to manage specific host groups, perform the following steps to remove the host groups that the user is authorized to manage to achieve the principle of least privilege:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user and click Authorize User to Manage Asset Groups in the Actions column.
Select the host groups that you want to remove and click Remove.
In the message that appears, click Remove.

Authorize the accounts of a single host group for a user

To authorize the accounts of a single host group for a user group, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user group that you want to authorize to manage host groups and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, click No accounts found. Click here to authorize the user to manage the accounts of the asset group.

Note If you want to modify the accounts that are authorized for the user, you can click the account name in the Authorized Accounts column and specify the Accounts parameter.
In the Select Account panel, specify Accounts.
Click Update.

Authorize the accounts of multiple host groups for a user

To authorize the accounts of multiple host groups for a user at a time, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user group that you want to authorize to manage host groups and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, select the host groups whose accounts you want to authorize for the user and choose Batch > Bind Accounts to Multiple Asset Groups.
In the Bind Accounts to Multiple Asset Groups panel, specify Accounts.
Click Update.

Remove the accounts of multiple host groups that are authorized for a user

To remove the accounts of multiple host groups that are authorized for a user at a time, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user from whom you want to remove the accounts of multiple host groups and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, select the host groups and choose Batch > Remove Accounts of Multiple Asset Groups.
In the Remove Accounts of Multiple Asset Groups panel, specify Accounts.
Click Update.