Help Center> Cloud Bastion Host> Getting Started> Step 4: Configure O&M Permissions
View PDF

Step 4: Configure O&M Permissions

Background

To use CBH to maintain resources, you need to configure access control policies, associate users with resources, and assign resource access control permissions to users.

Procedure

Table 1 Parameters for configuring ACL rules

Step

Description

New ACL Rule

You can configure the file transfer permission, user login IP address restrictions, user login time restrictions, and policy validity period.

Associate ACL rules with users or user groups.
  • Associate a user: Assign the permissions for the Host Ops and Application Ops modules to a single system user so that the user can have O&M permissions for resources.
  • Associate a user group: Assign permissions to all members in the user group in batches. After the authorization, a user will inherit the permissions granted to the user group upon the user is added to the group.

Associate an account or account group with an ACL rule.
  • Associate an account: Authorize access permissions to a single account.
  • Associate an account group: Authorize access permissions to an entire account group. After the authorization, an account will inherit the access permissions granted to the account group upon the account is added to the group.

Configuration Description

Table 2 Basic information about the access control policies

Parameter

Description

Rule Name

User-defined name of an ACL rule. The rule name must be unique in the CBH system.

Period of validity

(Optional) Effective time and expiration time of a policy.

File Transmission

(Optional) Permissions to upload and download host files during O&M.

  • If Upload and/or Download are selected, files can be uploaded and/or downloaded.
  • If Upload and Download are deselected, files cannot be uploaded or downloaded.

Options
(Optional) Permissions to manage host resource files, use RDP clipboards, and displays watermarks during O&M. The value can be File Manage, Clipboard, or Watermark.
NOTE:

File management is available for the devices using SSH or Remote Desktop Protocol (RDP) protocols. For devices using the Virtual Network Computing (VNC) protocol, file management is available only after the application mapped to this device is released. File management is unavailable for the devices using the Telnet protocol.

Logon Time Limit

(Optional) Time period allowed or forbidden for the user to log in to the host.

IP Limit

(Optional) Restricts or allows users from specified IP addresses to access resources.

  • Select Blacklist and configure the IP addresses or IP address segments to restrict users from these IP addresses from logging in to the resources.
  • Select Whitelist and configure the IP addresses or IP address segments to allow users from these IP addresses to log in to the resources.
  • If no IP addresses are entered in the field, there is no login restriction on the host.