All Products
Search
Document Center

Smart Access Gateway:Grant cross-account permissions on an SAG instance

Last Updated:Apr 01, 2026

Grant permissions on a Smart Access Gateway (SAG) instance to a peer Alibaba Cloud account so that account can attach your SAG instance to its Cloud Connect Network (CCN) or Virtual Border Router (VBR) instance to establish network communication.

Prerequisites

Before you begin, ensure that you have:

  • The UID of the peer Alibaba Cloud account

  • The ID of the peer CCN or VBR instance

Grant permissions

  1. Log on to the Smart Access Gateway console.

  2. In the top navigation bar, select the region.

  3. On the Smart Access Gateway page, locate the target SAG instance.

  4. Open the Network Configuration page of the target SAG instance using one of the following methods:

    • Click the ID of the SAG instance. On the instance details page, click Network Configuration.

    • Find the SAG instance and click Network Configuration in the Actions column.

  5. Click the Network Instance Details tab.

  6. In the Authorized Cross-account Instances section, click Authorize CCN Instance.

  7. In the Authorize CCN Instance dialog box, configure the parameters and click OK.

    ParameterDescription
    Authorized Account UIDThe UID of the peer Alibaba Cloud account. Example: 168840159596****
    Network TypeThe type of network to attach the SAG instance to: Cloud Connect Network or Virtual Border Router
    Target CCN Instance IDThe ID of the peer CCN instance. Example: ccn-6dhj3m2fz7p6og****. Required when Network Type is set to Cloud Connect Network
    RegionThe region where the peer VBR is deployed. Required when Network Type is set to Virtual Border Router
    Peer VBR IDThe ID of the peer VBR instance. Example: vbr-o6w14e21pzziti4tp****. Required when Network Type is set to Virtual Border Router
    Secure DrainingWhether to enable Secure Draining. Disabled by default

API reference

  • GrantSagInstanceToVbr: Grants permissions on an SAG instance to a VBR instance that belongs to another Alibaba Cloud account.

  • GrantSagInstanceToCcn: Grants permissions on an SAG instance to a CCN instance that belongs to another Alibaba Cloud account.