Updated on 2023-04-11 GMT+08:00

What Is Dynamic Approval and How Does It Work?

When an authorized user performs a specific O&M operation, the operation triggers a rule set. The system then intercepts character commands or database sessions based on the rule set and generates an authorization ticket. If the authorized user needs to continue the operation, they need to submit the ticket to the administrator for approval.

The following steps show how to configure the dynamic approval function for command control rules.

  1. Log in to the CBH system as an administrator, choose Policy > Cmd Rules. On the displayed page, create a character command control rule and command set (SSH or Telnet).

    When creating the command rule, set Action to Dynamic approval.

    Figure 1 Configuring dynamic approval

  2. After the command control rule is set, the authorized user logs in to the CBH system, logs in to the target host, and runs related commands to trigger command interception. The system generates a command authorization ticket.

    Figure 2 Dynamic interception

  3. The authorized user chooses Ticket > Cmd Ticket to view and submit the ticket.
  4. The administrator or superior department leader can choose Ticket > Approve to view and approve the ticket.
  5. After the ticket is approved, the related command can be executed successfully by the authorized user.

    Figure 3 Obtaining authorization