Help Center/ Cloud Bastion Host/ User Guide/ Policy/ ACL Rules/ Setting Two-person Authorization
Updated on 2024-09-30 GMT+08:00

Setting Two-person Authorization

Two-person authorization, also known as two-person approval, adds an additional layer of resource security during O&M. After two-person authorization is configured, O&M personnel can access core resources only after being authorized and authenticated by the administrator onsite. Even if the O&M personnel account is lost, the information of business-critical resources will not be disclosed, reducing O&M risks and ensuring the security of critical assets.

Constraints

Only department administrators of the current and superior departments, including the system administrator admin, can be selected as the approvers for two-person authorization.

Prerequisites

  • You have the operation permissions for the ACL Rules module.
  • The ACL rule has been related to the system user and managed accounts.

Procedure

  1. Log in to your bastion host.
  2. Choose Policy > ACL Rules to enter the ACL rule list page.
  3. Select an ACL rule you want to enable two-person approval, choose More > Approver in the Operation column. The Edit Approvers dialog box is displayed.
  4. Select one or more department administrators and set them as approvers of two-person authorization.
  5. Click OK.

Follow-up Operations

After two-person authorization is successfully configured, double authorization is required when the user related to this rule accesses the resource.

The user needs to select an approver and enter the account password of the approver. The user then can access the resource only after the verification is successful.