# Set User Privileges Users need appropriate privileges to create and manage VPN Gateways. The VPN Gateway has a specific group privilege called **Access and manage VPN Gateway**. When you enable this privilege for a group, its members inherit it through group settings, allowing them to manage the VPN gateways. {% hint style="info" %} **Prerequisite:** Make sure you have one or more **Groups** in the **User Manager**. To create one, see [Create a group](https://docs.ionos.com/sections-test/guides/set-up-ionos-cloud/management/identity-access-management/user-management#create-a-group). {% endhint %} To set user privileges to manage VPN Gateways, follow these steps: 1\. In the DCD, go to **Menu** > **Management** > **Users & Groups**. 2\. Select the **Groups** tab in the **User Manager** window. 3\. Select the appropriate group to assign relevant privileges. 4\. In the **Privileges** tab, select **Access and manage VPN Gateway**. {% hint style="info" %} **Note:** You can remove the privileges from the group by clearing **Access and manage VPN Gateway**. {% endhint %} ![Set User Privileges](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-a107023ea9d0d5cb5ec2d5084abedc534c1b585c%2Fset-privilege-dcd.png?alt=media) {% hint style="success" %} **Result:** The privilege to manage VPN Gateways is granted to all the members in the selected group. {% endhint %} ## Revoke user privileges You can revoke a user's **Access and manage VPN Gateway** privilege by removing the user from all the groups that have this privilege enabled. {% hint style="warning" %} **Warning:** You can revoke a user from this privilege by disabling **Access and manage VPN Gateway** for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege. {% endhint %} To revoke this privilege from a contract administrator, disable the administrator option on the user account. On performing this action, the contract administrator gets the role of a contract user, and the privileges that were set up for the user before being an administrator will then be in effect.