All Products
Search

This Product

    Bastionhost:Authorize a user to manage assets and asset accounts

    Document Center

    Bastionhost:Authorize a user to manage assets and asset accounts

    Last Updated:May 28, 2024

    After you add a user to your bastion host, you must authorize the user to manage assets. Only authorized users can log on to the bastion host to perform O&M operations on the assets. This topic describes how to authorize a user to manage assets and asset accounts.

    Prerequisites

    Authorize a user to manage assets

    Authorize a user to manage hosts

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Users > Users.

    4. On the Users page, find the user whom you want to authorize to manage hosts and click Authorize Hosts in the Actions column.

    5. On the Managed Hosts tab, click Authorize Hosts.

    6. In the Authorize Hosts panel, select one or more hosts that you want to authorize the user to manage and click OK.

    Authorize a user to manage databases

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Users > Users.

    4. On the Users page, find the user whom you want to authorize to manage databases and click Authorize User to Manage Databases in the Actions column.

    5. On the Managed Databases tab, click Authorize User to Manage Databases.

    6. In the Authorize User to Manage Databases panel, select one or more databases that you want to authorize the user to manage and click OK.

    Authorize a user to manage the accounts of one or more assets

    Authorize a user to manage an account of a single asset

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Users > Users.

    4. On the Users page, click the name of the user whom you want to authorize.

      image

    5. On the Managed Hosts or Managed Databases tab, click No accounts found. Click here to authorize the user to manage the accounts of the asset group. in the Authorized Accounts column.

    6. In the Select Account panel, select the asset account that you want to authorize the user to manage and click Update.

      Note

      If no account is displayed, click Create Host Account to create an asset account.

    Authorize a user to manage an account of multiple assets at a time

    To authorize a user to manage an account of multiple assets at a time, perform the following steps:

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Users > Users.

    4. On the Users page, click the name of the user whom you want to authorize.

      image

    5. On the Managed Hosts or Managed Databases tab, select the assets whose account you want to authorize the user to manage and choose Batch > Bind Accounts to Multiple Asset Groups below the list.

    6. Enter the name of the account and click Update.

      Note

      You can specify only one account.

    Remove assets from the list of assets that a user is authorized to manage

    If a user no longer needs to perform O&M operations on some assets, you can follow the principle of least privilege to remove these assets from the list of assets that the user is authorized to manage.

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Users > Users.

    4. On the Users page, click the name of the user that you want to manage.

      image

    5. On the Managed Hosts or Managed Databases tab, select the assets that you want to remove and click Remove below the list.

    6. In the dialog box that appears, click Remove.

    Remove an account of multiple assets from the list of asset accounts that a user is authorized to manage

    To remove an account of multiple assets from the list of asset accounts that a user is authorized to manage, perform the following steps:

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Users > Users.

    4. On the Users page, click the name of the user that you want to manage.

      image

    5. On the Managed Hosts or Managed Databases tab, select the assets whose account you want to remove and choose Batch > Remove Accounts of Multiple Asset Groups below the list.

    6. Enter the name of the account and click Update.

      Note

      You can specify only one account.