Updated on 2022-01-25 GMT+08:00

Creating a User and Granting VPN Permissions

This section describes how to use IAM to implement fine-grained permissions control for your VPN resources. With IAM, you can:

  • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to VPN resources.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust account or cloud service to perform professional and efficient O&M on your VPN resources.

If your account does not require individual IAM users, skip over this section.

This section describes the procedure for granting permissions (see Figure 1).

Prerequisites

Learn about the permissions (see Permissions Management) supported by VPN. For system permissions of other cloud services, see Permissions.

Process Flow

Figure 1 Process for granting VPN permissions
  1. Create a user group and assign permissions to it.

    Create a user group on the IAM console and attach the VPN Administrator policy to the group.

  2. Create an IAM user and add it to the user group.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the management console as the created user. Switch to the authorized region and verify the permissions.

    • Choose Service List > Network > Virtual Private Network. Then click Buy VPN Gateway in the upper right corner. If the VPN gateway is successfully created, the VPN Administrator policy has already taken effect.
    • Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the VPN Administrator policy has already taken effect.