After you add a user to your bastion host, you must authorize the user to manage assets. Only authorized users can log on to the bastion host to perform O&M operations on the assets. This topic describes how to authorize a user to manage assets and asset accounts.
Prerequisites
A user is added to the bastion host. For more information, see Manage users.
The assets and asset accounts that you want to authorize the user to manage are added to the bastion host. For more information, see Add hosts, Manage a host account, and Use the database management feature.
Authorize a user to manage assets
Authorize a user to manage hosts
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user whom you want to authorize to manage hosts and click Authorize Hosts in the Actions column.
On the Managed Hosts tab, click Authorize Hosts.
In the Authorize Hosts panel, select one or more hosts that you want to authorize the user to manage and click OK.
Authorize a user to manage databases
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user whom you want to authorize to manage databases and click Authorize User to Manage Databases in the Actions column.
On the Managed Databases tab, click Authorize User to Manage Databases.
In the Authorize User to Manage Databases panel, select one or more databases that you want to authorize the user to manage and click OK.
Authorize a user to manage applications
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, find the user whom you want to authorize to manage applications and click Authorize Application in the Authorize Application column.
On the Authorized Applications tab, click Authorize Application. In the panel that appears, select one or more applications that you want to authorize the user to manage and click OK.
Authorize a user to manage the accounts of one or more assets
Authorize a user to manage an account of a single asset
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, click the name of the user whom you want to authorize.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, click No accounts found. Click here to authorize the user to manage the accounts of the asset group. in the Authorized Accounts column.
In the Select Account panel, select the asset account that you want to authorize the user to manage and click Update.
NoteIf no account is displayed, click Create Host Account to create an asset account.
Authorize a user to manage an account of multiple assets at a time
To authorize a user to manage an account of multiple assets at a time, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, click the name of the user whom you want to authorize.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, select the assets whose account you want to authorize the user to manage and choose
below the list.Enter the name of the account and click Update.
NoteYou can specify only one account.
Remove assets from the list of assets that a user is authorized to manage
If a user no longer needs to perform O&M operations on some assets, you can follow the principle of least privilege to remove these assets from the list of assets that the user is authorized to manage.
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, click the name of the user that you want to manage.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, select the assets that you want to remove and click Remove below the list.
In the dialog box that appears, click Remove.
Remove an account of multiple assets from the list of asset accounts that a user is authorized to manage
To remove an account of multiple assets from the list of asset accounts that a user is authorized to manage, perform the following steps:
Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose .
On the Users page, click the name of the user that you want to manage.
On the Managed Hosts, Managed Databases, or Authorized Applications tab, select the assets whose account you want to remove and choose
below the list.Enter the name of the account and click Update.
NoteYou can specify only one account.