Help Center/ Cloud Bastion Host/ User Guide/ Ticket/ Command Approval Ticket
Updated on 2024-09-30 GMT+08:00

Command Approval Ticket

You can enable dynamic authorization of operations on Linux server. This enhances the restriction of critical operations.

During O&M on Linux hosts, if an operation command triggers the command rules for dynamical approval, the system automatically intercepts the operation command and generates a command approval ticket. The command approval ticket is sent to the administrator. After it is approved by the administrator, you obtain the permission to run the operation command on the Linux host.

Figure 1 Example of command interception

This topic describes how to manage command approval tickets.

Constraints

  • A bastion host can intercept sensitive operation commands and generate tickets only for Linux hosts using the SSH or Telnet protocol.
  • A command approval ticket cannot be manually created. It is automatically generated when a user attempts to run a command which triggers a command rule.

Prerequisites

  • You have the management permissions for the Command Approval Ticket module.
  • Command interception has been triggered, and a command approval ticket has been generated.

Procedure

  1. Log in to your bastion host.
  2. Choose Tickets > Command Approval Ticket.

    Figure 2 Command Approval Ticket

  3. Submit a ticket.

    Command approval tickets can be submitted automatically or manually. For details, see Configuring Basic Ticket Settings.
    • If the automatic submission mode is selected, the system automatically submits the ticket to the administrator for approval.
    • If the manual submission mode is selected, click submit to send it to the administrator for approval in the Operation column on the Command Approval Ticket list page.
    • If the ticket is rejected by the administrator, you can modify the ticket information and submit it again.
      Figure 3 Submitted ticket

  4. Withdraw a ticket.

    Click Withdraw in the Operation column of the ticket you want to cancel. The ticket status then changes to Revoked.

  5. Modify ticket information.

    • Click Manage to go to the details page.
    • Click Edit on the details page and modify the authorized operation duration.

    For tickets in the approving status, you can only view the details but cannot modify the content. Only the ticket in the Revoked or Not submitted state can be modified.

  6. Delete a ticket.

    • To delete one ticket, in the row of the ticket you want to delete, click Delete in the Operation column.
    • To delete multiple tickets, select the ones you want to delete and click Delete at the bottom of the ticket list to delete all selected tickets together.

    Deleted tickets cannot be recovered. Exercise caution when performing this operation.

Follow-up Operations

  • After a ticket is submitted, the administrator will receive a notification in the message center. They can view the ticket details. The ticket will also display in the ticket approval page. The administrator can choose to approve or reject the ticket.
  • After the administrator approves the ticket, you then obtain the command operation permissions within the authorization scope and period.
  • After the permission in the ticket is revoked by the administrator, the operation commands will be intercepted again.