# Tenant Security Rules for VPN Access

For DuploCloud users to access internal resources in a Tenant, such as Hosts or databases, you must add security rules to allow a VPN connection. For details on VPN user access, see [VPN Access for Users](https://docs.duplocloud.com/docs/automation-platform/access-control/user-access-and-permissions/add-and-delete-vpn-access-for-users).

{% hint style="info" %}
**Note:** Administrators have persistent access to all Tenants and do not need to add individual Tenant access for themselves.
{% endhint %}

## Adding Tenant Security Rules for a VPN

To define tenant security rules for VPN access:

1. In the DuploCloud Portal, navigate to **Administrators** -> **Tenants.**
2. Select the Tenant in the **NAME** column.
3. Click the **Security** tab. 
4. Click **Add**. The **Add Tenant Security** pane displays.<br>

   <div align="left"><figure><img src="https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2FmPJh0BxV6QA8MGb8VLod%2FScreen%20Shot%202023-01-26%20at%205.47.52%20PM.png?alt=media&#x26;token=34d576ba-b508-47cb-9b73-b1b904b32f2b" alt=""><figcaption><p><strong>Add Tenant Security</strong> pane</p></figcaption></figure></div>
5. Complete the fields to configure the security rule.&#x20;
   * In the example shown, the rule allows traffic originating from the VPN IP address to access resources that are private or internal to the tenant.
6. Click **Add** to save the rule.&#x20;

{% hint style="info" %}
If you want to grant some VPN users access while excluding others, add a separate security rule for each user using their individual IP address.
{% endhint %}