Managing API Gateway permissions
    • PDF

    Managing API Gateway permissions

    • PDF

    Article Summary

    Available in Classic and VPC

    By using Sub Account, which is NAVER Cloud Platform's account management service, you can set various access permissions for API Gateway. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

    Note

    The Sub Account service is provided free of charge upon subscription request. For more information on Sub Account, refer to the Service > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.

    System Managed policies

    System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use API Gateway. The following is a brief description about System Managed policies of API Gateway.

    Policy NamePolicy Description
    NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
    NCP_INFRA_MANAGERPermission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal
    NCP_API_GATEWAY_MANAGERPermission to use all features of API Gateway
    NCP_API_GATEWAY_VIEWERPermission to only use the View list and Search features of API Gateway

    User-defined policy

    User-defined policies are policies that users can create. Once User-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User-defined policies of API Gateway.

    TypeAction NameRelated action(s)Resource typeGroup by resource typeAction Description
    ViewView/getAPIDetailView/getProductDetail
    View/getProductList
    View/getAPIList
    APIAPIGets API details.
    ViewView/getAPIKeyDetailView/getAPIKeyListAPIKeyAPIKeyView API key details
    ViewView/getAPIKeyList--APIKeyView API key list
    ViewView/getAPIListView/getProductDetail
    View/getProductList
    -APIGets API list.
    ViewView/getAuthorizerDetailView/getAuthorizerListAuthorizerAuthorizerView authorizer details
    ViewView/getAuthorizerList--AuthorizerView authorizer List
    ViewView/getCertificateDetailView/getCertificateListCertificateCertificateView certificate details
    ViewView/getCertificateList--CertificateView certificate list
    ViewView/getProductDetailView/getProductListProductProductView product details
    ViewView/getProductList--ProductView product List
    ViewView/getUsagePlanDetailView/getUsagePlanListUsagePlanUsagePlanView UsagePlan details
    ViewView/getUsagePlanList--UsagePlanView UsagePlan list
    ChangeChange/createAPIView/getProductDetail
    View/getProductList
    View/getAPIList
    -APICreate API
    ChangeChange/createAPIKeyView/getAPIKeyList-APIKeyCreate API key
    ChangeChange/createAuthorizerView/getAuthorizerList-AuthorizerCreate authorizer
    ChangeChange/createCertificateView/getCertificateList-CertificateCreate certificate
    ChangeChange/createProductView/getProductList-ProductCreate product
    ChangeChange/createUsagePlanView/getUsagePlanList-UsagePlanCreate UsagePlan
    ChangeChange/deleteAPIView/getProductDetail
    View/getAPIDetail
    View/getProductList
    View/getAPIList
    APIAPIDelete API
    ChangeChange/deleteAPIKeyView/getAPIKeyList
    View/getAPIKeyDetail
    APIKeyAPIKeyDelete API key
    ChangeChange/deleteAuthorizerView/getAuthorizerDetail
    View/getAuthorizerList
    AuthorizerAuthorizerDelete authorizer
    ChangeChange/deleteCertificateView/getCertificateList
    View/getCertificateDetail
    CertificateCertificateDelete certificate
    ChangeChange/deleteProductView/getProductDetail
    View/getProductList
    ProductProductDelete product
    ChangeChange/deleteUsagePlanView/getUsagePlanList
    View/getUsagePlanDetail
    UsagePlanUsagePlanDelete UsagePlan
    ChangeChange/subscribeProduct---Subscribe to API Gateway
    ChangeChange/updateAPIView/getProductDetail
    View/getAPIDetail
    View/getProductList
    View/getAPIList
    View/getUsagePlanDetail
    APIAPIUpdate API
    ChangeChange/updateAPIKeyView/getAPIKeyList
    View/getAPIKeyDetail
    APIKeyAPIKeyUpdates API key
    ChangeChange/updateAuthorizerView/getAuthorizerDetail
    View/getAuthorizerList
    AuthorizerAuthorizerUpdate authorizer
    ChangeChange/updateCertificateView/getCertificateList
    View/getCertificateDetail
    CertificateCertificateUpdate certificate
    ChangeChange/updateProductView/getProductDetail
    View/getProductList
    ProductProductUpdates product
    ChangeChange/updateUsagePlanView/getUsagePlanList
    View/getUsagePlanDetail
    UsagePlanUsagePlanUpdate UsagePlan
    Caution

    Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be careful when setting permissions.


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.