After you add a user to your bastion host, you can authorize the user to manage asset groups. This way, the user can log on to the bastion host to perform O&M operations on the assets in the asset groups. This topic describes how to authorize a user to manage asset groups.
Prerequisites
A user is added to the bastion host. For more information, see Manage users.
The assets and asset accounts that you want to authorize the user to manage are added to the bastion host. For more information, see Add hosts, Manage a host account, and Use the database management feature.
Asset groups are created and assets are added to the asset groups. For more information, see Manage asset groups.
Authorize a user to manage asset groups
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user whom you want to authorize to manage asset groups and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, click Authorize User to Manage Asset Groups.
In the Authorize User to Manage Asset Groups panel, select the asset groups on which you want to authorize the user to perform O&M operations and click OK.
Authorize a user to manage the accounts of assets in one or more asset groups
Authorize a user to manage the accounts of assets in a single asset group
To authorize a user to manage the accounts used to log on to the assets in a single asset group, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user whom you want to authorize to manage asset groups and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, click No accounts found. Click here to authorize the user to manage the accounts of the asset group.
In the Select Account panel, select the accounts that you want to authorize the user to manage and click OK.
Authorize a user to manage an account of assets in multiple asset groups at a time
To authorize a user to manage an account of the assets in multiple asset groups at a time, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user whom you want to authorize to manage the account and click Authorize User to Manage Asset Groups in the Actions column.
Select the asset groups whose account you want to authorize the user to manage and choose below the list.
In the Accounts section, enter the name of the account and click Update.
Remove asset groups from the list of asset groups that a user is authorized to manage
If a user no longer needs to perform O&M operations on some asset groups, you can follow the principle of least privilege to remove these asset groups from the list of asset groups that the user is authorized to manage.
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user that you want to manage and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, select the asset groups that you want to remove and click Remove below the list.
In the dialog box that appears, click Remove.
Remove an account of the assets in multiple asset groups that a user is authorized to manage
To remove an account of the assets in multiple asset groups that a user is authorized to manage at a time, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user that you want to manage and click Authorize User to Manage Asset Groups in the Actions column.
On the Managed Asset Groups tab, select the asset groups whose account you want to remove and choose below the list.
In the Accounts section, specify the account to remove and click Update.