Managing Cloud Log Analytics permissions
- Print
- PDF
Managing Cloud Log Analytics permissions
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in Classic and VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Log Analytics. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Note
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, see the Services > Management & Governance > Sub Account menu in NAVER Cloud Platform portal, and the Sub Account user guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Log Analytics. The following is a brief description about System Managed policies of Cloud Log Analytics.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform but with restricted access to some features (Manage usage, payment management) of My page in the portal |
| NCP_CLOUD_LOG_ANALYTICS_MANAGER | Permission to use all features of Cloud Log Analytics (For Export, Object Storage permission must be added separately) |
| NCP_CLOUD_LOG_ANALYTICS_VIEWER | Permission to only use the View list and Search features in Cloud Log Analytics |
User Created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the User Created policies of Cloud Log Analytics.
| Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getKubernetesServiceList | - | - | - | View the Ncloud Kubernetes Service list from the Management menu |
| View | View/getClassicServerList | - | - | - | View the Classic Server list from the Management menu |
| View | View/getSearchEngineServiceList | - | - | - | View the Search Engine Service list from the Management menu |
| View | View/getCDBMongoDBList | - | - | - | View the CDB-MongoDB list from the Management menu |
| View | View/getCloudDataStreamingServiceList | - | - | - | View the Cloud Data Streaming Service list from the Management menu |
| View | View/getClassicServerDetail | View/getClassicServerList | Server:Server | - | View the Classic Server details from the Management menu |
| View | View/getBucketList | - | - | - | View the list of Buckets currently in use in Object Storage |
| View | View/getServerDetail | View/getServerList | VPCServer:Server | - | View the Server details from the Management menu |
| View | View/downloadLogs | View/searchLogs | - | - | Download viewed logs |
| View | View/searchLogs | - | - | - | View collected logs |
| View | View/getAutoExportSettingList | - | - | - | View auto export settings history |
| View | View/getCDBMSSQLList | - | - | - | View the CDB-MSSQL list from the Management menu |
| View | View/monitorDashBoard | - | - | - | View the log collection status from the Dashboard menu |
| View | View/getCDBMySQLList | - | - | - | View the CDB-MySQL list from the Management menu |
| View | View/getClassicCDBMSSQLList | - | - | - | View the Classic CDB-MSSQL list in the Management menu |
| View | View/getServerList | - | - | - | View the Server list from the Management menu |
| View | View/downloadManagementList | - | - | - | Download the list from the Management menu |
| View | View/getCDBPostgreSQLList | - | - | - | View the CDB-PostgreSQL list from the Management menu |
| View | View/getExportHistoryList | - | - | - | View export execution history |
| View | View/getNotificationSettings | - | - | - | View notification settings |
| View | View/getAlarmRule | - | - | - | View notification information |
| View | View/getAlarmHistoryList | - | - | - | View notification history |
| View | View/getAlarmRuleList | - | - | - | View notification list |
| View | View/getClassicCDBMySQLList | - | - | - | View the Classic CDB-MySQL list from the Management menu |
| Change | Change/subscribeProduct | - | - | - | Subscribe to and unsubscribe from Cloud Log Analytics |
| Change | Change/updateClassicServerLogSetting | View/getClassicServerList View/getClassicServerDetail | Server:Server | - | Enable/disable Classic Server log collection |
| Change | Change/setNotificationSettings | View/getNotificationSettings | - | - | Enable/disable notifications |
| Change | Change/exportLogtoObjectStorage | View/searchLogs View/getBucketList View/getExportHistoryList ObjectStorage:Change/writeObject | - | - | Extract the viewed log to a specific bucket in Object Storage |
| Change | Change/updateAutoExportSetting | View/getBucketList View/getAutoExportSettingList ObjectStorage:Change/writeObject | - | - | Enable/disable automatic log export to a bucket in Object Storage |
| Change | Change/updateServerLogSetting | View/getServerList View/getServerDetail | VPCServer:Server | - | Enable/disable Server log collection |
| Change | Change/deleteAlarmRules | - | - | - | Delete notifications |
| Change | Change/updateAlarmRule | - | - | - | Update notification information |
| Change | Change/createAlarmRule | - | - | - | Create notifications |
Caution
Even when you are granted permission for a specific action, you cannot perform jobs properly if you are not also granted permissions for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be cautious when setting permissions.
Was this article helpful?