- Print
- PDF
Managing Cloud Data Streaming Service permissions
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Data Streaming Service. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, and Sub Account Guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Data Streaming Service. The following is a brief description about System Managed policies of Cloud Data Streaming Service.
Policy Name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_VPC_CLOUD_DATA_STREAMING_SERVICE_MANAGER | Permission to use all features of Cloud Data Streaming Service. |
NCP_VPC_CLOUD_DATA_STREAMING_SERVICE_VIEWER | Permission to only use the View list and Search features in Cloud Data Streaming Service. |
User Created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Cloud Data Streaming Service.
Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/downloadCertificate | View/getClusterDetail View/getClusterList | Cluster | View | Download certificate |
View | View/getClusterACGDetail | View/getClusterDetail View/getClusterList | Cluster | View | Check ACG details |
View | View/getClusterDetail | View/getClusterList | Cluster | View | Check cluster details |
View | View/getClusterList | - | - | View | Check cluster list |
View | View/getClusterMonitor | View/getClusterDetail View/getClusterNodeList View/getClusterList | Cluster | View | Cluster monitoring |
View | View/getClusterNodeList | View/getClusterDetail View/getClusterList | Cluster | View | Check cluster node list |
View | View/getKafkaConfigGroupDetail | - | ConfigGroup | View | Check config group details |
View | View/getKafkaConfigGroupList | View/getKafkaConfigGroupDetail | - | View | Check config group list |
View | View/getKafkaConfigGroupUsingClusterList | View/getKafkaConfigGroupList | ConfigGroup | View | Check list of clusters where config group is applied |
View | View/getLoadBalancerInstanceDetail | View/getLoadBalancerInstanceList | VPCLoadBalancer:LoadBalancer | View | Select a load balancer to set as advertised listener. |
View | View/getLoadBalancerInstanceList | - | - | View | Check list of load balancers to set as advertised listeners |
View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | View | Select a subnet to place the cluster in. |
View | View/getSubnetList | - | - | View | Check subnet list |
View | View/getVPCDetail | View/getVPCList | VPC:VPC | View | Select a VPC to place the cluster in. |
View | View/getVPCList | - | - | View | Check VPC list |
View | View/getNodeSpecDetail | View/getClusterDetail View/getClusterList | Cluster | View | View changeable specs of cluster nodes |
Change | Change/changeCountOfBrokerNode | View/getClusterDetail View/getClusterList | Cluster | Change | Add broker nodes in the cluster |
Change | Change/createCluster | View/getSubnetList View/getSubnetDetail View/getClusterList View/getVPCDetail View/getVPCList | - | Change | Create Cluster |
Change | Change/createKafkaConfigGroup | View/getKafkaConfigGroupList | - | Change | Create config group. |
Change | Change/deleteCluster | View/getClusterDetail View/getClusterList | Cluster | Change | Delete cluster |
Change | Change/deleteKafkaConfigGroup | View/getKafkaConfigGroupDetail View/getKafkaConfigGroupList | ConfigGroup | Change | Delete config group. |
Change | Change/editKafkaConfig | View/getKafkaConfigGroupDetail View/getClusterDetail View/getKafkaConfigGroupList View/getClusterList | ConfigGroup | Change | Edit config group information. |
Change | Change/resetCMAKPassword | View/getClusterDetail View/getClusterList | Cluster | Change | Reset CMAK connection password |
Change | Change/restartCMAKService | View/getClusterDetail View/getClusterList | Cluster | Change | Restart the cluster's CMAK service. |
Change | Change/restartKafkaService | View/getClusterDetail View/getClusterNodeList View/getClusterList | Cluster | Change | Restart the Kafka and Zookeeper service of the cluster. |
Change | Change/setBrokerNodePublicEndpoint | View/getClusterDetail View/getClusterList View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail | Cluster | Change | Change broker node public endpoint settings. |
Change | Change/setKafkaConfigGroup | View/getKafkaConfigGroupDetail View/getClusterDetail View/getKafkaConfigGroupList View/getClusterList | Cluster | Change | Apply config group. |
Change | Change/setPublicDomain | View/getClusterDetail View/getClusterList | Cluster | Change | Enable/disable public domain of CMAK server. |
Change | Change/changSpecOfNode | View/getClusterDetail View/getClusterList View/getNodeSpecDetail | Cluster | Change | Change cluster nodes specifications |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.