Help Center/ Cloud Bastion Host/ Getting Started/ Step 4: Configure O&M Permissions

Updated on 2024-11-05 GMT+08:00

View PDF

Step 4: Configure O&M Permissions

Scenarios

To use a bastion host for resource O&M, you still need to configure access control policies, associate users with resources, and assign resource permissions to system users.

Procedure

**Table 1** Parameters for configuring ACL rules
Step	Description
New ACL Rule	You can configure the file transfer permission, user login IP address restrictions, user login time restrictions, and policy validity period.
Associate ACL rules with users or user groups.	Associate a user: Assign the permissions for the Host Operation and App Operation modules to a system user so that the user can have O&M permissions for resources. Associate a user group: Assign permissions to all members in the user group in batches. Each user will inherit the permissions granted to the user group when the user is added to the group.
Associate an account or account group with an ACL rule.	Associate an account: Assign resource access permissions to an account. Associate an account group: Assign resource access permissions to an account group. Each account will inherit the resource access permissions granted to the account group when the account is added to the group.

Configuration Description

**Table 2** Basic information about access control policies
Parameter	Description
Rule Name	User-defined name of an ACL rule. The rule name must be unique in the CBH system.
Period of validity	(Optional) Effective time and expiration time of a policy.
File Transmission	(Optional) Permissions to upload and download host files during O&M. If Upload and/or Download are selected, files can be uploaded and/or downloaded. If Upload and Download are deselected, files cannot be uploaded or downloaded.
Options	(Optional) Permissions to manage host resource files, use RDP clipboards, and displays watermarks during O&M. You can select File Manage, Clipboard, or Watermark. NOTE: File management is available for the devices using SSH or Remote Desktop Protocol (RDP) protocols. For devices using the Virtual Network Computing (VNC) protocol, file management is available only after the application mapped to this device is released. File management is unavailable for the devices using the Telnet protocol.
Logon Time Limit	(Optional) Time period allowed or forbidden for the user to log in to the host.
IP Limit	(Optional) Restricts or allows users from specified IP addresses to access resources. Select Blacklist and configure the IP addresses or IP address ranges to restrict users from these IP addresses from logging in to the resources. Select Whitelist and configure the IP addresses or IP address ranges to allow users from these IP addresses to log in to the resources. If no IP addresses are entered in the field, there is no login restriction on the resource.

Previous topic: Step 3: Add Resources to the CBH System

Next topic: Step 5: Log In to a Resource You Want to Manage

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.