To grant users access to assets, it is required to configure access permissions. Below is a detailed instruction on how to create access permissions in the BH.
2. In the left sidebar, choose Permission Mgmt > Access Permission.
3. On the access permission page, click Create access Permission and follow the steps to configure the access permission.
4. On the Setting basic information page, enter the permission name, department, and permission validity period, then click Next: Select Users.
5. On the Select users page, select the users to be granted the access permission. You can also filter users based on department information, then click Next: Select assets.
6. On the Select assets page, select the assets or asset groups that users can access. You can also filter by department, BH service, or tags, then click Next: Select an account.
7. On the Select account page, select the account associated with the chosen assets, then click Next: Set access control.
Note
Currently, databases only support access via connection strings.
8. On the Set access control page, you can configure host access control, host high-risk commands, and database access control, then click Next: Complete.
Host Access Control Configuration Items
Configuration Item Content
RDP disk mapping
Upload files
Download files
RDP clipboard
Upload files
Download files
Upload text
Download text
More RDP options
Keyboard logging (Enabling keyboard logging may capture sensitive information)
When using a Mac to remotely connect to a Windows host, pressing fn+F5 records the F5 keyboard operation events, but not the fn keyboard operation events. Pressing fn alone does not record operation events.
For Windows terminals using MSTSC connections, pressing the Menu key next to the Win key does not record the event.
For Windows terminals using a web connection, pressing PrintScreen does not record the event.
For Windows terminals using a web connection, pressing Ctrl+N opens a new browser window locally, and only the Ctrl key event is recorded.
For Windows terminals using a web connection, pressing Win+M minimizes the browser locally, and only the Win key event is recorded.
9. On the permission confirmation page, verify that the permission configurations are correct. Click Submit to create the access permission. At this point, Ops personnel logging in to the Ops page will see the accessible hosts.
