Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Data Streaming Service. Sub Account provides system managed policies and user created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see Services > Management & Governance > Sub Account menu and Sub Account User Guide in NAVER Cloud Platform portal.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Data Streaming Service. The following is a brief description about System Managed policies of Cloud Data Streaming Service.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services with the same scope as the main account |
| NCP_INFRA_MANAGER | Permission to access all services, except the My Account > Billing information and cost management > Billing and payment management menu in the console, which is restricted. |
| NCP_FINANCE_MANAGER | Permission to access only the Cost Explorer service and the My Account > Billing information and cost management > Billing and payment management menu in the console. |
| NCP_VPC_CLOUD_DATA_STREAMING_SERVICE_MANAGER | Permission to use the full Cloud Data Streaming Service feature sets. |
| NCP_VPC_CLOUD_DATA_STREAMING_SERVICE_VIEWER | Permission to only use the View list and Search features in Cloud Data Streaming Service. |
User-defined policies
User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about user-defined policies of Cloud Data Streaming Service.
| Type | Action name | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/downloadCertificate | View/getClusterDetail View/getClusterList |
Cluster | View | Download certificate |
| View | View/getClusterACGDetail | View/getClusterDetail View/getClusterList |
Cluster | View | Check ACG details |
| View | View/getClusterDetail | View/getClusterList | Cluster | View | Check cluster details |
| View | View/getClusterList | - | - | View | Check cluster list |
| View | View/getClusterMonitor | View/getClusterDetail View/getClusterNodeList View/getClusterList |
Cluster | View | Cluster monitoring |
| View | View/getClusterNodeList | View/getClusterDetail View/getClusterList |
Cluster | View | Check cluster node list |
| View | View/getKafkaConfigGroupDetail | - | ConfigGroup | View | Check ConfigGroup details |
| View | View/getKafkaConfigGroupList | View/getKafkaConfigGroupDetail | - | View | Check ConfigGroup list |
| View | View/getKafkaConfigGroupUsingClusterList | View/getKafkaConfigGroupList View/getKafkaConfigGroupDetail |
ConfigGroup | View | Check the list of clusters where ConfigGroup is applied |
| View | View/getLoadBalancerInstanceDetail | View/getLoadBalancerInstanceList | VPCLoadBalancer:LoadBalancer | View | Select a load balancer to set as an advertised listener |
| View | View/getLoadBalancerInstanceList | - | - | View | Check the list of load balancers to set as advertised listeners |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | View | Select a subnet to place the cluster in |
| View | View/getSubnetList | - | - | View | Check subnet list |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | View | Select a VPC to place the cluster in |
| View | View/getVPCList | - | - | View | Check VPC list |
| View | View/getNodeSpecDetail | View/getClusterDetail View/getClusterList |
Cluster | View | View changeable specifications of cluster nodes |
| Change | Change/changeCountOfBrokerNode | View/getClusterDetail View/getClusterList |
Cluster | Change | Add broker nodes in the cluster |
| Change | Change/createCluster | View/getSubnetList View/getSubnetDetail View/getClusterList View/getVPCDetail View/getVPCList |
- | Change | Create cluster |
| Change | Change/createKafkaConfigGroup | View/getKafkaConfigGroupList View/getKafkaConfigGroupDetail |
- | Change | Create ConfigGroup |
| Change | Change/deleteCluster | View/getClusterDetail View/getClusterList |
Cluster | Change | Delete cluster |
| Change | Change/deleteKafkaConfigGroup | View/getKafkaConfigGroupDetail View/getKafkaConfigGroupList |
ConfigGroup | Change | Delete ConfigGroup |
| Change | Change/editKafkaConfig | View/getKafkaConfigGroupDetail View/getClusterDetail View/getKafkaConfigGroupList View/getClusterList |
ConfigGroup | Change | Edit ConfigGroup information |
| Change | Change/resetCMAKPassword | View/getClusterDetail View/getClusterList |
Cluster | Change | Reset CMAK connection password |
| Change | Change/restartCMAKService | View/getClusterDetail View/getClusterList |
Cluster | Change | Restart the cluster's CMAK service |
| Change | Change/restartKafkaService | View/getClusterDetail View/getClusterNodeList View/getClusterList |
Cluster | Change | Restart the cluster's Kafka and Zookeeper service |
| Change | Change/setBrokerNodePublicEndpoint | View/getClusterDetail View/getClusterList View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail |
Cluster | Change | Change broker node public endpoint settings |
| Change | Change/setKafkaConfigGroup | View/getKafkaConfigGroupDetail View/getClusterDetail View/getKafkaConfigGroupList View/getClusterList |
Cluster | Change | Apply ConfigGroup |
| Change | Change/setPublicDomain | View/getClusterDetail View/getClusterList |
Cluster | Change | Enable/disable public domain of CMAK server |
| Change | Change/changSpecOfNode | View/getClusterDetail View/getClusterList View/getNodeSpecDetail |
Cluster | Change | Change cluster node specifications |
| Change | Change/changeClusterNodeDiskSize | View/getClusterList View/getClusterDetail |
Cluster | Change | Change the data node disk size |
| Change | Change/rollingRestartCluster | View/getClusterList View/getClusterDetail View/getNodeSpecDetail |
Cluster | Change | Sequentially restart applications in the cluster |
| Change | Change/rollingUpgradeCluster | View/getClusterList View/getClusterDetail View/getKafkaConfigGroupDetail View/getKafkaConfigGroupList View/getNodeSpecDetail |
Cluster | Change | Sequentially upgrade the versions of applications in the cluster |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, you will not be able to perform tasks properly. To prevent such issues, Sub Account provides a function that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, the system determines that it was done intentionally by the main account user and won't forcibly include them. Therefore, use caution when setting permissions.