Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Data Box. Sub Account provides system-managed policies and user-defined policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see Services > Management & Governance > Sub Account menu and Sub Account User Guide in the NAVER Cloud Platform portal.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Data Box. The following is a brief description of the system-managed policies of Cloud Data Box.
| Policy name | Description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services with the same scope as the main account |
| NCP_INFRA_MANAGER | Permission to access all services, except the My Account > Billing information and cost management > Billing and payment management menu in the console, which is restricted. |
| NCP_FINANCE_MANAGER | Permission to access only the Cost Explorer service and the My Account > Billing information and cost management > Billing and payment management menu in the console. |
| NCP_CLOUD_DATA_BOX_MANAGER | Permission to use all features of Cloud Data box |
| NCP_CLOUD_DATA_BOX_VIEWER | Permission to only use the View list and Search features in Cloud Data Box |
User-defined policies
User-defined policies are policies that users can create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-defined policies of Cloud Data Box.
| Type | Action name | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getBucketList | - | - | Bucket | View Object Storage list |
| View | View/getDataBoxDetail | - | DataBox | DataBox | View data box request details (data and infrastructure) |
| View | View/getDataBoxList | - | - | - | View created data box list |
| View | View/getFileExportList | - | - | - | View file export request list |
| View | View/getFileImportList | - | - | - | View file import request list |
| View | View/getProOptionPenalty | - | DataBox | DataBox | View penalty for Pro Option |
| Change | Change/addData | - | DataBox | DataBox | Request additional data |
| Change | Change/changeDataBoxName | View/getDataBoxList View/getDataBoxDetail |
DataBox | DataBox | Edit data box name |
| Change | Change/changeNasSize | - | DataBox | DataBox | Change NAS capacity |
| Change | Change/changePassword | - | DataBox | DataBox | Reset password |
| Change | Change/changeSslVpnAccount | - | DataBox | DataBox | Change SSL VPN accounts |
| Change | Change/createDataBox | - | - | - | Create data box |
| Change | Change/modifyDataBox | View/getDataBoxList View/getDataBoxDetail |
DataBox | DataBox | Edit data box |
| Change | Change/modifySslVpnAccountCount | - | DataBox | DataBox | Change the number of SSL VPN accounts |
| Change | Change/rebootServer | - | DataBox | DataBox | Reboot server in the data box |
| Change | Change/requestData | - | DataBox | DataBox | Request data supply to data box |
| Change | Change/requestFileExport | - | DataBox | DataBox | Request/cancel file export |
| Change | Change/requestFileImport | View/getFileImportList View/getBucketList View/getDataBoxList View/getDataBoxDetail |
- | - | Request file import |
| Change | Change/requestInsightOption | - | DataBox | DataBox | Subscribe to data box Insight Option |
| Change | Change/requestProOption | - | DataBox | DataBox | Subscribe to Pro Option |
| Change | Change/returnDataBox | View/getProOptionPenalty View/getDataBoxList |
DataBox | DataBox | Return data box |
| Change | Change/returnProOption | - | DataBox | DataBox | Cancel pro option |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, you will not be able to perform tasks properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, the system will determine that it was done intentionally by the main account user and will not forcibly include them. Therefore, be careful when setting permissions.