Configuring the System Ticket Modes
A ticket mode consists a series of ticket settings which restrict the resource scope that can be applied for through an access control ticket and the method a ticket is submitted. There are two modes of ticket settings:
- Basic Settings: In this mode, you can restrict the access scope of resources that can be applied for through an access control ticket and specify the way to submit a command control ticket.
- Advanced Settings: In this mode, you can restrict the access scope of resources that can be applied for through access control ticket from multiple dimensions, such as the user department, user role, and resource department.
- After a User Department is configured, users in the department form a user pool. Only users in the user pool can apply for resources in the resource pool.
- If no User Role is configured, all users in the user pool can apply for resources in the resource pool.
- If User Role is configured, only users of specified roles in the user pool can apply for resources in the resource pool.
- A user pool is a group of users specified by the user department and user role. After a department or role is associated, users of the department or role can apply for resources in the resource pool.
- A resource pool is a group of resources specified by the resource department. After a department is associated, the resources of the department can be applied for by users in the user pool.
This topic describes how to configure the ticket mode.
Prerequisites
You have the management permissions for the System module.
Configuring the Basic Ticket Settings
- Log in to your bastion host.
- Choose System > Sysconfig > Ticket.
- In the Basic Settings area, click Edit.
Set the Application scope of resources that can be viewed by the user and the Submission mode of command approval ticket.
Table 1 Parameter description Parameter
Description
Application scope
Specifies the scope of resources that can be applied for with the access control ticket.
- The default value is the current department.
- This Department: When applying for access control tickets, you can apply for the access control permission on the resources of the current department, excluding the resources of lower-level departments.
- This Dept and lower level: When applying for access control tickets, you can apply for access control permissions for resources of the current department and lower-level departments.
- All: You can apply for access control permissions for all system resources.
Submission mode
Specifies the way to submit a ticket. The options are Manual and Auto.
- By default, Manual is selected.
- Manual: After a command control ticket is generated, submit the ticket to the administrator for approval.
- Auto: After a command control ticket is generated, it is automatically submitted to the administrator for approval.
- Click OK. You can then view the configured ticket settings.
Configuring the Advanced Ticket Settings
- Log in to your bastion host.
- Choose System > Sysconfig > Ticket.
- In the Advanced Settings area, click Edit.
- Configure the user pool.
Select user department or user role.
- Click Next and configure resource department.
- Click OK. You can then view the configured ticket settings.
Follow-up Operations
- To modify the resource pool and user pool in a certain piece of advanced settings, click Edit in the corresponding row. In the displayed dialog box, select other user and/or resource departments.
- To delete the restrictions of a certain piece of advanced settings, click Delete in the corresponding row. Deleted authentication information cannot be recovered. Exercise caution when performing this operation.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.