Asset Authorization⚓︎
1 Function description⚓︎
- Asset authorization rules are determined through three dimensions: which assets users can use to log in, which assets they can access with their accounts, and what level of permissions they have.
- The three dimensions of asset authorization rulers are as following:
| Index | Dimension | Description |
|---|---|---|
| 1 | User | The user dimension mainly includes users and user groups (representing all users within that group) |
| 2 | Asset | The asset dimension mainly includes assets, nodes (representing groups of assets under that node), and accounts (used to log in to assets) |
| 3 | Action | The action dimension mainly includes connection permissions, upload and download permissions, and copy/paste permissions (only supported for SSH, RDP, and VNC protocols) |
2 Create rulers of asset authorization⚓︎
- Click on
Createbutton in page of asset authorization,then enter to page of asset authorization.
- Detailed Parameter Description:
| Parameter | Description |
|---|---|
| Name | The name of authorization ruler |
| User | User of JumpServer login,grant the user access or other permissions to assets |
| User group | User group of JumpServer login,grant the user group access or other permissions to assets |
| Asset | Authorized asset,assets the user needs to access |
| Node | Authorized node, asset group the user needs to access |
| Account | Account authorized accessing A.All account:All accounts added to the asset are authorized; B.Designate account:Manually enter the name of account that needs to be authorized; C.Input manually:Authorized users to enter their own username and password when connecting; D.Same Name Accounts: Authorize users to use an account with the same name as the user when connecting |
| Action | Authorized Actions,what actions user can perform note:Clipboard permission control is currently only supported for RDP/VNC protocol。 |
| Start time | The start time of this authorization rule is set to the time when the rule is created by default |
| Expired time | The expiration time of this authorization ruler |
3 Example of authorization⚓︎
3.1 Authorize a specific user for the asset only⚓︎
- Select the
Useroption in theUser Moduleto choose the user that needs authorization. SetUser Groupoption empty. - Choose the asset that requires login in the
Asset Moduleunder theAssetoption. Leave theNodeoption empty, and select all accounts under theAccountoption.
- The snapshot of authorization rule is shown below:
3.2 Authorize a asset to specific user group⚓︎
- Select the
User Groupoption in theUser Moduleas the group that requires authorization, and leave theUseroption empty. - Choose the
Assetoption in theAsset Modulefor the assets that require access, leave theNodeoption empty, and select all accounts under theAccountoption.
- Snapshot of user group is shown below:
- Snapshot of authorization ruler is shown below:
Attention
- When all options in the Authorization Rule module are empty, the rule will have no effect.
- When any module option in the Authorization Rule module is empty, the rule will have no effect.
- It cannot be used wildcard * for full matching in authorization rules.