Creating a User and Granting VPN Permissions

Use the Identity and Access Management (IAM) service to implement fine-grained permissions control over your VPN resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing VPN resources.

  • Grant users only the permissions required to perform a given task based on their job responsibilities.

  • Grant the permission to perform professional and efficient O&M on your VPN resources to other accounts or cloud services.

If your account meets your permissions requirements, you can skip this section.

This section describes the procedure for granting permissions (see Figure 1).

Prerequisites

You have learned about the permissions supported by VPN, and determined the permissions to be granted to a user group. Before granting permissions of other services, learn about all permissions supported by IAM.

Process Flow

**Figure 1** Process of granting VPN permissions

Figure 1 Process of granting VPN permissions

  1. Create a user group and assign permissions to it.

    Create a user group on the IAM console and attach the VPN FullAccess policy to the group.

  2. Create a user and add it to the user group.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the management console as the created user. Switch to the authorized region and verify the permissions.

    • Click image1 in the upper left corner, and choose Network > Virtual Private Network > Enterprise - VPN Gateways. On the S2C VPN Gateways tab page, click Create S2C VPN Gateway in the upper right corner to create a VPN gateway. If the VPN gateway is successfully created, the VPN FullAccess policy has already taken effect.

    • Click image2 in the upper left corner, and choose Network > Virtual Private Network > Classic. Click Create VPN to create a VPN gateway. If the VPN gateway is successfully created, the VPN FullAccess policy has already taken effect.

    • Click image3 in the upper left corner, and select any service except the VPN service. Assume that the current policy contains only VPN FullAccess. If a message appears indicating that you have insufficient permissions to access the service, the VPN FullAccess policy has already taken effect.

    Note

    Classic VPN: For details about how to create a user and grant VPC permissions to the user, see Creating a User and Granting VPC Permissions.

last updated: 2025-09-12 14:58 UTC - commit: 7ec8fb3f838550502b60af25231c4fb7c44b8ad2