Available in Classic and VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for AiTEMS. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.Sub Account is a service provided free of charge upon subscription. For more details about Sub Account, see the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, and Sub Account user guide.
System managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use AiTEMS. The following is a brief description about System Managed policies of AiTEMS.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services with the same scope as the main account |
| NCP_INFRA_MANAGER | Permission to access all services, except the My Account > Billing information and cost management > Billing and payment management menu in the console, which is restricted. |
| NCP_FINANCE_MANAGER | Permission to access only the Cost Explorer service and the My Account > Billing information and cost management > Billing and payment management menu in the console. |
| NCP_AITEMS_MANAGER | Permission to use all the features in AiTEMS |
| NCP_AITEMS_VIEWER | Permission to only use the View list and Search features in AiTEMS |
User created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of AiTEMS.
| Category | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getServiceList | View/getDatasetList | - | - | View service list |
| View/getServiceDetail | View/getServiceList | Service | - | View service details | |
| View/getDatasetList | |||||
| View/getTrainList | |||||
| View/getTrainList | View/getServiceList | Service | - | View learning information in service details | |
| View/getServiceDetail | |||||
| View/getDatasetList | |||||
| View/getDatasetList | - | - | - | View dataset list | |
| View/getDatasetDetail | View/getDatasetList | Dataset | - | View dataset details | |
| View/getSchemaList | - | - | - | View schema list | |
| View/getSchemaDetail | View/getSchemaList | Schema | - | View schema details | |
| View/getServiceTrainTime | View/getServiceList | Service | - | Check learning hours by service | |
| View/getServiceDetail | |||||
| View/getTrainList | |||||
| View/getDatasetList | |||||
| View/getServiceTrainResult | |||||
| View/getServiceTrainResult | View/getServiceList | Service | - | View recommendation result count by service | |
| View/getServiceDetail | |||||
| View/getTrainList | |||||
| View/getDatasetList | |||||
| View/getServiceTrainTime | |||||
| View/getTestResult | View/getServiceList | Service | - | Test learning results | |
| View/getServiceDetail | |||||
| View/getTrainList | |||||
| View/getDatasetList | |||||
| View/getBucketList | - | - | - | View bucket list in Object Storage | |
| View/getObjectList | View/getBucketList | Object Storage: Bucket | - | View object list and details in Object Storage | |
| Change | Change/createService | View/getServiceList | - | - | Create service |
| View/getDatasetList | |||||
| Change/updateService | View/getServiceList | Service | - | Edit service | |
| View/getServiceDetail | |||||
| View/getTrainList | |||||
| View/getDatasetList | |||||
| Change/deleteService | View/getServiceList | Service | - | Delete service | |
| View/getServiceDetail | |||||
| View/getTrainList | |||||
| View/getDatasetList | |||||
| Change/manageServiceTraining | View/getServiceList | Service | - | Edit and change learning information | |
| View/getServiceDetail | |||||
| View/getTrainList | |||||
| View/getDatasetList | |||||
| Change/createDataset | View/getDatasetList | - | - | Create dataset | |
| View/getSchemaList | |||||
| View/getSchemaDetail | |||||
| View/getBucketList | |||||
| View/getObjectList | |||||
| Change/writeObject | |||||
| Change/updateDataset | View/getDatasetList | Dataset | - | Edit dataset | |
| View/getDatasetDetail | |||||
| View/getSchemaList | |||||
| View/getSchemaDetail | |||||
| View/getBucketList | |||||
| View/getObjectList | |||||
| Change/writeObject | |||||
| Change/deleteDataset | View/getDatasetList | Dataset | - | Delete dataset | |
| View/getDatasetDetail | |||||
| Change/createSchema | View/getSchemaList | - | - | Create schema | |
| Change/deleteSchema | View/getSchemaList | Schema | - | Delete schema | |
| View/getSchemaDetail | |||||
| Change/subscribeProduct | - | - | - | Subscribe and unsubscribe from AiTEMS | |
| Change/manageServiceDataset | View/getServiceList | Service | - | Change and manage dataset | |
| View/getServiceDetail | |||||
| View/getTrainList | |||||
| View/getDatasetList | |||||
| Change/writeObject | View/getBucketList | Object Storage: Bucket | - | Create or change object of Object Storage bucket | |
| View/getObjectList |
Even when you are granted permission for a specific action, you cannot perform jobs properly if you are not also granted permissions for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.
:::