Authorize a user to manage hosts

Bastionhost allows you to authorize a user to manage hosts. After you add a user, you can authorize the user to manage hosts. After the user is authorized to manage the hosts, the user can log on to a bastion host to perform O&M operations on the hosts. This topic describes how to authorize a user to manage hosts.

To authorize a user to manage hosts, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user whom you want to authorize to manage hosts and click Authorize Hosts in the Actions column.
On the Managed Hosts tab, click Authorize Hosts.
In the Authorize Hosts panel, select one or more hosts you want to authorize the user to manage and click OK.

Remove the hosts that a user is authorized to manage

If a user is no longer required to manage specific hosts, perform the following steps to remove the hosts that the user is authorized to manage to achieve the principle of least privilege:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user and click Authorize Hosts in the Actions column.
Select the hosts that you want to remove and click Remove.
In the message that appears, click Remove.

Authorize the accounts of a single host for a user

To authorize the accounts of a single host for a user, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user whom you want to authorize to manage hosts and click Authorize Hosts in the Actions column.
On the Managed Hosts tab, click the account name or No accounts found. Click here to authorize the user to manage the accounts of the asset group. in the Authorized Accounts column.
In the Select Account panel, select one or more accounts and click Update.

Note If no account is created on the host, you can click Create Host Account in the Select Account panel to create an account.

Authorize the accounts of multiple hosts for a user

To authorize the accounts of multiple hosts for a user at a time, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user whom you want to authorize to manage hosts and click Authorize Hosts in the Actions column.
On the Managed Hosts tab, select the hosts whose accounts you want to authorize for the user and choose Batch > Bind Accounts to Multiple Asset Groups.
In the Bind Accounts to Multiple Asset Groups panel, specify Accounts.

Note When you want to authorize the accounts of multiple hosts for a user at a time, you can select only one host account at a time.
Click Update.

Remove the accounts of multiple hosts that are authorized for a user

To remove the accounts of multiple hosts that are authorized for a user at a time, perform the following steps:

Log on to your bastion host. For more information, see Log on to a bastion host.
In the left-side navigation pane, choose Users > Users.
Find the user from whom you want to remove the accounts of multiple hosts and click Authorize Hosts in the Actions column.
On the Managed Hosts tab, select the hosts.
Choose Batch > Remove Accounts of Multiple Asset Groups.
In the Remove Accounts of Multiple Asset Groups panel, specify Accounts.

Note When you remove the accounts of multiple hosts that are authorized for a user at a time, you can select only one host account at a time.
Click Update.