Available in Classic and VPC
You can set access permissions for Cloud Log Analytics using Sub Account, NAVER Cloud Platform's account management service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. A sub-account created through the Sub Account service can be granted access to Cloud Log Analytics by assigning a system-managed policy. Listed below are brief descriptions of the system-managed policies for Cloud Log Analytics.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Billing and Cost Management > Billing and Payments in the console |
| NCP_FINANCE_MANAGER | Access only to Cost Explorer and My Account > Billing and Cost Management > Billing and Payments in the console |
| NCP_CLOUD_LOG_ANALYTICS_MANAGER | Full access to all features of the Cloud Log Analytics Service (Separate Object Storage permissions required for Exports) |
| NCP_CLOUD_LOG_ANALYTICS_VIEWER | Read-only access to the Cloud Log Analytics service |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Cloud Log Analytics:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getKubernetesServiceList | - | - | - | View the Ncloud Kubernetes Service list from the Management menu |
| View | View/getClassicServerList | - | - | - | View the Classic Server list from the Management menu |
| View | View/getSearchEngineServiceList | - | - | - | View the Search Engine Service list from the Management menu |
| View | View/getCDBMongoDBList | - | - | - | View the CDB-MongoDB list from the Management menu |
| View | View/getCloudDataStreamingServiceList | - | - | - | View the Cloud Data Streaming Service list from the Management menu |
| View | View/getClassicServerDetail | View/getClassicServerList | Server:Server | - | View Classic Server details from the Management menu |
| View | View/getBucketList | - | - | - | View the list of Object Storage Buckets currently in use |
| View | View/getServerDetail | View/getServerList | VPCServer:Server | - | View Server details from the Management menu |
| View | View/downloadLogs | View/searchLogs | - | - | Download logs |
| View | View/searchLogs | - | - | - | View collected logs |
| View | View/getAutoExportSettingList | - | - | - | View Auto Export Settings history |
| View | View/getCDBMSSQLList | - | - | - | View the CDB-MSSQL list from the Management menu |
| View | View/monitorDashBoard | - | - | - | View log collection status from the Dashboard menu |
| View | View/getCDBMySQLList | - | - | - | View the CDB-MySQL list from the Management menu |
| View | View/getClassicCDBMSSQLList | - | - | - | View the Classic CDB-MSSQL list in the Management menu |
| View | View/getServerList | - | - | - | View the Server list from the Management menu |
| View | View/downloadManagementList | - | - | - | Download a list from the Management menu |
| View | View/getCDBPostgreSQLList | - | - | - | View the CDB-PostgreSQL list from the Management menu |
| View | View/getExportHistoryList | - | - | - | View Export History |
| View | View/getNotificationSettings | - | - | - | View Notification Settings |
| View | View/getAlarmRule | - | - | - | View Notification Alarms |
| View | View/getAlarmHistoryList | - | - | - | View Alarm History |
| View | View/getAlarmRuleList | - | - | - | View Alarm List |
| View | View/getClassicCDBMySQLList | - | - | - | View the Classic CDB-MySQL list from the Management menu |
| Change | Change/subscribeProduct | - | - | - | Sign up for/cancel Cloud Log Analytics subscription |
| Change | Change/updateClassicServerLogSetting | View/getClassicServerList
View/getClassicServerDetail | Server:Server | - | Enable/disable Classic Server log collection |
| Change | Change/setNotificationSettings | View/getNotificationSettings | - | - | Enable/disable Notifications |
| Change | Change/exportLogtoObjectStorage | View/searchLogs
View/getBucketList
View/getExportHistoryList
ObjectStorage:Change/writeObject | - | - | Export log to a specific Object Storage Bucket |
| Change | Change/updateAutoExportSetting | View/getBucketList
View/getAutoExportSettingList
ObjectStorage:Change/writeObject | - | - | Enable/disable automatic log exports to Object Storage Bucket |
| Change | Change/updateServerLogSetting | View/getServerList
View/getServerDetail | VPCServer:Server | - | Enable/disable Server log collection |
| Change | Change/deleteAlarmRules | - | - | - | Delete an Alarm |
| Change | Change/updateAlarmRule | - | - | - | Update Alarm Information |
| Change | Change/createAlarmRule | - | - | - | Create an Alarm |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.