Scenario Description
In server security management, users typically need to request the appropriate login permissions from administrators when accessing servers. JumpServer's <asset connect> feature supports the approval of asset login requests, ensuring security and compliance.
Function Description
JumpServer supports a review function for asset logins. Based on security policies, the system can set action restrictions for asset logins based on four dimensions: JumpServer login user, asset information, account information, and matching rules. When the second review action is set, an approver reviews the asset login. These five types of restrictions (JumpServer login user, asset information, account information, rule information, and action) can be combined for use.
Operation Instructions
Create Asset Login Rules
Click <ACLs> on the left side of the JumpServer page, then select the submodule <Asset connect>, and click <Create> to create an asset connect rule.
Based on your needs, apply action restrictions to fields such as User, Asset, and Account. The actions include Reject, Accept, Review, and Notify.
Example: I will restrict myself from rejecting login to the server 10.1.13.157 at any time.
Detailed Parameter Description:
Parameter | Description |
Name | Asset Login Rule Name. |
Priority | Priority of the asset login rule, ranging from 1 to 100. A smaller number indicates higher priority. The default is 50. |
User | Matching this asset login rule when using this user to log in to JumpServer and connect to the following options of assets: l All Users: All users match this asset login rule. l Specific Users: Specific users match this asset login rule. l Filter by attribute: Create attribute filtering rules. Users matching the filtering rules match this asset login rule. |
Asset | Matching this asset login rule when connecting to this asset: l All Assets: Connecting to all assets matches this asset login rule. l Specific Assets: Connecting to specific assets matches this asset login rule. l Filter by attribute: Create attribute filtering rules. Assets matching the filtering rules match this asset login rule. |
Account | Matching this asset login rule when JumpServer uses this account to log in to assets: l All Accounts: Assets using any account that matches this asset login rule. l Specific Account: Assets using the specified account that matches this asset login rule. l Virtual accounts: Virtual accounts are specialized accounts with specific purposes when connecting assets. |
Rules - IP | Matching JumpServer user's login IP when the above JumpServer user, asset, and account are matched. |
Rules – Time period | Matching JumpServer user's login time range when the above JumpServer user, asset, and account are matched. |
Action | Action is taken when this asset login rule is matched: l "Reject": Deny login to the asset. l "Accept": Allow login to the asset. l "Review": After approval by the set approver, allow or deny login. The session information generated in this way can be controlled by the work order approver in the work order, such as pause, resume, terminate, and monitor. l "Notify": Send a message to the approver when the above rule is matched. |
Function Verification
After switching to the Web terminal page, connecting to the asset specified in our rules will prompt a Login reminder.
