Bastionhost provides the authorization rules feature. The authorization rules feature allows you to authorize multiple users to manage assets at a time. You can also specify a period of time in which the users can access the assets. The feature allows you to manage users and assets in a more efficient manner and control the period of time in which users can access assets. This topic describes how to create an authorization rule.

Background information

If the version of your Bastionhost is earlier than V3.2.22, you can authorize only a single user or user group to access hosts or host groups. You cannot specify the period of time in which the users can access the assets. If you want to create an authorization rule, you must update your Bastionhost to V3.2.22.

Procedure

  1. Log on to the Bastionhost console.
  2. In the left-side navigation pane, click Authorization Rules.
  3. On the Authorization Rules page, click Create Authorization Rule.
  4. In the Create Authorization Rule panel, configure the parameters such as Authorization Rule Name and Validity Period.
    Create an authorization rule
    Parameter Description
    Authorization Rule Name The name of the authorization rule.
    Validity Period The validity period of the authorization rule. You can specify the dates and points in time at which the validity period starts and ends based on your requirements.
    Remarks The remarks of the authorization rule.
  5. Click Create Authorization Rule.
  6. In the Create Authorization Rule panel, click Associate with User.
  7. On the Authorization Details page, configure the hosts and users.
    1. Configure hosts or host groups
        1. Click Associate Host or Associate Host Group.
        2. In the Associated Host or Associate Host Group panel, select the host or host group that you want to associate with the authorization rule.
        3. Click OK.
        4. Optional. If None. Authorize accounts is displayed in the Authorized Accounts column after you associate the hosts or host groups with the authorization rule, click None. Authorize accounts to authorize the accounts of the users to manage the hosts or host groups. You can select multiple hosts or host groups and authorize the accounts to manage the hosts or host groups at a time.

          You can also select multiple hosts or host groups to remove the authorized accounts at a time.

          Account Authorization
    2. Configure users or user groups
        1. Click Associate User or Associate User Group.
        2. In the Associate User or Associate User Group panel, select the user or user group that you want to associate with the authorization rule.
        3. Click OK.

    After you complete the configuration, you can view the hosts, host groups, users, and user groups that you associate with the authorization rule in the Hosts, Host Groups, Users, and User Groups lists.

Result

After you create the authorization rule, the users and user groups that are associated with the authorization rule can access the selected hosts and host groups within the Validity Period that you specify for the authorization rule.