Policy Overview

With a bastion host, you can configure some policies for operations to make operation faster.

You can configure access control, command control, database control, password change, and account synchronization policies for operation tasks in advance.

**Table 1** Policies supported by bastion hosts
Policy Type	Policy Description
ACL rules	ACL rules are used to control users' permissions to access resources.
Command rules	Command rules are used to control permissions for critical O&M operations on managed resources, implementing fine-grained control over the execution of commands on Linux hosts.
Database rules	Database rules are used to intercept sensitive database session operations, implementing fine-grained control over database operations. When an authorized system user logs in to a database related to a database rule, their sensitive operations will be intercepted once the database rule is triggered.
Password rules	With password rules, you can let the bastion host periodically change the passwords of multiple managed host resources at a time, enhancing the managed resource account security. With password rules, you can: Change passwords of managed resource accounts manually, periodically, or at a scheduled time. Change the passwords of multiple managed resource accounts to different passwords randomly generated by the system, the same password generated by the system, or to the same password you specify.
Account synchronization rules	Synchronization rules are used to automatically synchronize managed host accounts, making it easier for you to manage accounts of managed hosts, delete zombie accounts, and discover accounts that are not managed in a timely manner. This further strengthens management of resources.