Authorize a user to manage assets and asset accounts - Bastionhost

After you add a user to your bastion host, you must authorize the user to manage assets. Only authorized users can log on to the bastion host to perform O&M operations on the assets. This topic describes how to authorize a user to manage assets and asset accounts.

Prerequisites

A user is added to the bastion host. For more information, see Manage users.
The assets and asset accounts that you want to authorize the user to manage are added to the bastion host. For more information, see Add hosts, Manage a host account, and Use the database management feature.

Authorize a user to manage assets

Authorize a user to manage hosts

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Users > Users.
On the Users page, find the user whom you want to authorize to manage hosts and click Authorize Hosts in the Actions column.
On the Managed Hosts tab, click Authorize Hosts.
In the Authorize Hosts panel, select one or more hosts that you want to authorize the user to manage and click OK.

Authorize a user to manage databases

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Users > Users.
On the Users page, find the user whom you want to authorize to manage databases and click Authorize User to Manage Databases in the Actions column.
On the Managed Databases tab, click Authorize User to Manage Databases.
In the Authorize User to Manage Databases panel, select one or more databases that you want to authorize the user to manage and click OK.

Authorize a user to manage applications

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Users > Users.
On the Users page, find the user whom you want to authorize to manage applications and click Authorize Application in the Authorize Application column.
On the Authorized Applications tab, click Authorize Application. In the panel that appears, select one or more applications that you want to authorize the user to manage and click OK.

Authorize a user to manage the accounts of one or more assets

Authorize a user to manage an account of a single asset

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Users > Users.
On the Users page, click the name of the user whom you want to authorize.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, click No accounts found. Click here to authorize the user to manage the accounts of the asset group. in the Authorized Accounts column.
In the Select Account panel, select the asset account that you want to authorize the user to manage and click Update.
Note
If no account is displayed, click Create Host Account to create an asset account.

Authorize a user to manage an account of multiple assets at a time

To authorize a user to manage an account of multiple assets at a time, perform the following steps:

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Users > Users.
On the Users page, click the name of the user whom you want to authorize.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, select the assets whose account you want to authorize the user to manage and choose Batch > Bind Accounts to Multiple Asset Groups below the list.
Enter the name of the account and click Update.
Note
You can specify only one account.

Remove assets from the list of assets that a user is authorized to manage

If a user no longer needs to perform O&M operations on some assets, you can follow the principle of least privilege to remove these assets from the list of assets that the user is authorized to manage.

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Users > Users.
On the Users page, click the name of the user that you want to manage.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, select the assets that you want to remove and click Remove below the list.
In the dialog box that appears, click Remove.

Remove an account of multiple assets from the list of asset accounts that a user is authorized to manage

To remove an account of multiple assets from the list of asset accounts that a user is authorized to manage, perform the following steps:

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Users > Users.
On the Users page, click the name of the user that you want to manage.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, select the assets whose account you want to remove and choose Batch > Remove Accounts of Multiple Asset Groups below the list.
Enter the name of the account and click Update.
Note
You can specify only one account.