Available in Classic and VPC
You can set different access permissions for Cloud Activity Tracer using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Cloud Activity Tracer. Here are the available system-managed policies for Cloud Activity Tracer:
| Policy name | Description |
|---|---|
| NCP_ADMINISTRATOR | Access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage billing information and expense > Manage billing and payment in the console |
| NCP_FINANCE_MANAGER | Access limited to Cost Explorer services and My Account > Manage billing information and expense > Manage billing and payment in the console |
| NCP_CLOUD_ACTIVITY_TRACER_MANAGER | Full access to all features of the Cloud Activity Tracer service |
| NCP_CLOUD_ACTIVITY_TRACER_VIEWER | Read-only access to the Cloud Activity Tracer service |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Cloud Activity Tracer:
| Type | Action | Related action | Resource type | Group by resource type | Action description | Condition Key |
|---|---|---|---|---|---|---|
| View | View/getActivityList | - | - | - | View activity history | - All principal properties condition keys |
| View | View/getBucketList | - | - | - | View the list of activity export Buckets | - All principal properties condition keys |
| View | View/getTracerDetail | View/getTracerList | Tracer | Tracer | View Tracer details | - All principal properties condition keys - ncp:resourceTag |
| View | View/getTracerList | - | - | - | View tracer list | - All principal properties condition keys |
| Change | Change/createTracer | View/getBucketList View/getTracerList Change/writeObject |
Tracer | Tracer | Create a Tracer | - All principal properties condition keys - ncp:requestTag - ncp:resourceTag |
| Change | Change/deleteTracer | View/getTracerList View/getTracerDetail |
Tracer | Tracer | Delete a tracer | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/retryExport | View/getTracerList View/getTracerDetail |
Tracer | Tracer | Rerun a Tracer | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/updateTracer | View/getBucketList View/getTracerList View/getTracerDetail Change/writeObject |
Tracer | Tracer | Change a Tracer | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/writeObject | View/getBucketList | ObjectStorage:Bucket | Tracer | Select a Bucket to export activity history | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/tagTracer | View/getTracerList View/getTracerDetail |
Tracer | Tracer | Tag a tracer | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
| Change | Change/untagTracer | View/getTracerList View/getTracerDetail |
Tracer | Tracer | Delete a tag on a tracer | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.