- Print
- PDF
Managing Cloud Data Box permissions
- Print
- PDF
Available in Classic and VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Data Box. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see Services > Management & Governance > Sub Account in NAVER Cloud Platform portal, as well as the Sub Account user guide.
System-managed policy
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Data Box. The following is a brief description about system-managed policies of Cloud Data Box.
Policy name | Description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_CLOUD_DATA_BOX_MANAGER | Permission to use all functions of Cloud Data box |
NCP_CLOUD_DATA_BOX_VIEWER | Permission to only use the View list and Search functions in Cloud Data Box |
User-defined policy
User-defined policies are policies that you can create. Once user-defined policies are granted to a sub account created in Sub Account, that sub account can only use combinations of actions assigned by the user. The following is a brief description of the user-defined policies of Cloud Data Box.
Category | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getBucketList | - | - | Bucket | View Object Storage list |
View | View/getDataBoxDetail | - | DataBox | DataBox | View data box request details (data and infrastructure) |
View | View/getDataBoxList | - | - | - | View created data box list |
View | View/getFileExportList | - | - | - | View file export request list |
View | View/getFileImportList | - | - | - | View file import request list |
View | View/getProOptionPenalty | - | DataBox | DataBox | View penalty for pro option |
Change | Change/addData | - | DataBox | DataBox | Request additional data |
Change | Change/changeDataBoxName | View/getDataBoxList View/getDataBoxDetail | DataBox | DataBox | Edit data box name |
Change | Change/changeNasSize | - | DataBox | DataBox | Change NAS capacity |
Change | Change/changePassword | - | DataBox | DataBox | Reset password |
Change | Change/changeSslVpnAccount | - | DataBox | DataBox | Change SSL VPN accounts |
Change | Change/createDataBox | - | - | - | Create data box |
Change | Change/modifyDataBox | View/getDataBoxList View/getDataBoxDetail | DataBox | DataBox | Edit data box |
Change | Change/modifySslVpnAccountCount | - | DataBox | DataBox | Change the number of SSL VPN accounts |
Change | Change/rebootServer | - | DataBox | DataBox | Reboot server in the data box |
Change | Change/requestData | - | DataBox | DataBox | Request data supply to data box |
Change | Change/requestFileExport | - | DataBox | DataBox | Request/cancel file export |
Change | Change/requestFileImport | View/getFileImportList View/getBucketList View/getDataBoxList View/getDataBoxDetail | - | - | Request file import |
Change | Change/requestInsightOption | - | DataBox | DataBox | Request data box insight option |
Change | Change/requestProOption | - | DataBox | DataBox | Request pro option |
Change | Change/returnDataBox | View/getProOptionPenalty View/getDataBoxList | DataBox | DataBox | Return data box |
Change | Change/returnProOption | - | DataBox | DataBox | Cancel pro option |
If you are granted permission for a certain action but not for the required actions that are related, you cannot run the job properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect the related actions that are automatically assigned, the system considers it as having been done intentionally by the main account user and does not forcibly include them. Thus, take caution when setting permissions.