Help Center> Cloud Bastion Host> User Guide> Policy> ACL Rules> Querying and Editing an ACL Rule
Updated on 2022-11-30 GMT+08:00

Querying and Editing an ACL Rule

CBH allows you to edit ACL rules to meet your changed O&M needs. For example, if your O&M personnel or resource permissions are changed, you can query involved ACL rules and edit their configurations, including basic permissions, related users, user groups, accounts, and account groups, and approvers of two-person authorization.

  • A modified database rule takes effect the instant its status changes to Enabled.
  • If related users have logged in to resources before the modification, those users need to log out and log in again for the modified database rule to take effect.

Prerequisites

You have the operation permissions for the ACL Rules module.

Querying and Editing Database Rule Configurations

  1. Log in to the CBH system.
  2. Choose Policy > ACL Rules to enter the ACL rule list page.
  3. Query ACL rules.

    • Quick search

      Enter a keyword in the search box to quickly query ACL rules by rule name, user, resource name, host IP address, resource account, time limit, or IP address limit.

    • Advanced search

      Enter keywords in the corresponding attribute search boxes to search for database rules in exact mode.

      Figure 1 Advanced search

  4. Click the name of the database rule that you want to edit or click Manage in the row of the rule in the Operation column. The details page of the rule is displayed.

    Figure 2 Viewing rule details

  5. View and edit basic information.

    In the Basic Info area, click Edit. In the displayed dialog box, edit the database rule details.

    You can modify configurations of Rule Name, Period of validity, File Transmission, File Manage, Uplink clipboard, Downlink clipboard, Logon Time Limit, and IP Limit.

    Figure 3 Viewing the basic information

  6. View and edit users related to the rule.

    • To relate a user to the rule or remove a related user, click Edit in the Users area and complete modifications in the displayed dialog box.
    • To only remove a related user, click Remove in the row of the related user.
    Figure 4 Viewing related users

  7. View and edit user groups related to the rule.

    • To relate a user group to the rule or remove a related user group, click Edit in the User Group area and complete modifications in the displayed dialog box.
    • To only remove a related user group, click Remove in the row of the related user group.
    Figure 5 Viewing related user groups

  8. View and edit accounts related to the database rule.

    • To relate an account to the rule or remove a related account, click Edit in the Account area and complete modifications in the displayed dialog box.
    • To only remove a related account, click Remove in the row of the related account.
    Figure 6 Viewing related accounts

  9. View and edit account groups related to the rule.

    • To relate an account group to the rule or remove a related account group, click Edit in the Account Group area and complete modifications in the displayed dialog box.
    • To only remove a related account group, click Remove in the row of the related account group.
    Figure 7 Viewing related account groups

  10. View and edit two-person authorization.

    • To add or remove an approver, click Edit in the Approver area and complete modifications in the displayed dialog box.
    • To only remove an approver, click Remove in the row of the approver.
    Figure 8 Viewing approvers of two-person authorization