Asset Authorization⚓︎
1 Function description⚓︎
- Asset authorization rules are determined through three dimensions: which assets users can use to log in, which assets they can access with their accounts, and what level of permissions they have.
- The three dimensions of asset authorization rulers are as following:
Index | Dimension | Description |
---|---|---|
1 | User | The user dimension mainly includes users and user groups (representing all users within that group) |
2 | Asset | The asset dimension mainly includes assets, nodes (representing groups of assets under that node), and accounts (used to log in to assets) |
3 | Action | The action dimension mainly includes connection permissions, upload and download permissions, and copy/paste permissions (only supported for SSH, RDP, and VNC protocols) |
2 Create rulers of asset authorization⚓︎
- Click on
Create
button in page of asset authorization,then enter to page of asset authorization.
- Detailed Parameter Description:
Parameter | Description |
---|---|
Name | The name of authorization ruler |
User | User of JumpServer login,grant the user access or other permissions to assets |
User group | User group of JumpServer login,grant the user group access or other permissions to assets |
Asset | Authorized asset,assets the user needs to access |
Node | Authorized node, asset group the user needs to access |
Account | Account authorized accessing A.All account:All accounts added to the asset are authorized; B.Designate account:Manually enter the name of account that needs to be authorized; C.Input manually:Authorized users to enter their own username and password when connecting; D.Same Name Accounts: Authorize users to use an account with the same name as the user when connecting |
Action | Authorized Actions,what actions user can perform note:Clipboard permission control is currently only supported for RDP/VNC protocol。 |
Start time | The start time of this authorization rule is set to the time when the rule is created by default |
Expired time | The expiration time of this authorization ruler |
3 Example of authorization⚓︎
3.1 Authorize a specific user for the asset only⚓︎
- Select the
User
option in theUser Module
to choose the user that needs authorization. SetUser Group
option empty. - Choose the asset that requires login in the
Asset Module
under theAsset
option. Leave theNode
option empty, and select all accounts under theAccount
option.
- The snapshot of authorization rule is shown below:
3.2 Authorize a asset to specific user group⚓︎
- Select the
User Group
option in theUser Module
as the group that requires authorization, and leave theUser
option empty. - Choose the
Asset
option in theAsset Module
for the assets that require access, leave theNode
option empty, and select all accounts under theAccount
option.
- Snapshot of user group is shown below:
- Snapshot of authorization ruler is shown below:
Attention
- When all options in the Authorization Rule module are empty, the rule will have no effect.
- When any module option in the Authorization Rule module is empty, the rule will have no effect.
- It cannot be used wildcard * for full matching in authorization rules.