Help Center> Virtual Private Network> Service Overview> Permissions Management

View PDF

Permissions Management

If you need to assign different permissions to employees in your enterprise to access your VPN resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you securely manage access to your HUAWEI CLOUD resources.

With IAM, you can use your HUAWEI CLOUD account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, some software developers in your enterprise need to use VPN resources but should not be allowed to delete them or perform any high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for using VPN resources.

If your HUAWEI CLOUD account does not need individual IAM users for permissions management, you may skip over this topic.

IAM is free. You pay only for the resources in your account. For more information about IAM, see the IAM Service Overview.

VPN Permissions

By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

VPN is a project-level service deployed in specific physical regions. To assign VPN permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing VPN, the users need to switch to a region where they have been authorized to use this service.

Table 1 lists all system-defined roles supported by VPN.

**Table 1** System-defined roles supported by VPN
Role	Description	Dependencies
VPN Administrator	All operations on VPN resources. To be granted this permission, users must also have the Tenant Guest and VPC Administrator permissions.	Tenant Guest and VPC Administrator VPC Administrator: project-level policy, which must be assigned in the same project as the VPN Administrator Tenant Guest: project-level policy, which must be assigned in the same project as the VPN Administrator

Table 2 lists the common operations supported by each system-defined policy of VPN. Select the permissions as needed.

**Table 2** Common operations supported by **VPN Administrator**
Operation	VPN Administrator
Creating a VPN gateway	Supported
Viewing a VPN gateway	Supported
Modifying a VPN gateway	Supported
Deleting a VPN gateway	Supported
Creating a VPN connection	Supported
Viewing a VPN connection	Supported
Modifying a VPN connection	Supported
Deleting a VPN connection	Supported

Helpful Links

IAM Service Overview

Creating a User and Granting VPN Permissions

Last Article: Billing

Next Article: VPN and Other Services

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Permissions Management

VPN Permissions

Helpful Links