Managing Cloud Data Box permissions

Available in Classic and VPC

By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Data Box. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

Note

Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see Services > Management & Governance > Sub Account in NAVER Cloud Platform portal, as well as the Sub Account user guide.

System-managed policy

System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Data Box. The following is a brief description about system-managed policies of Cloud Data Box.

Policy name	Description
NCP_ADMINISTRATOR	Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
NCP_INFRA_MANAGER	Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal
NCP_CLOUD_DATA_BOX_MANAGER	Permission to use all functions of Cloud Data box
NCP_CLOUD_DATA_BOX_VIEWER	Permission to only use the View list and Search functions in Cloud Data Box

User-defined policy

User-defined policies are policies that you can create. Once user-defined policies are granted to a sub account created in Sub Account, that sub account can only use combinations of actions assigned by the user. The following is a brief description of the user-defined policies of Cloud Data Box.

Category	Action name	Related action(s)	Resource type	Group by resource type	Action description
View	View/getBucketList	-	-	Bucket	View Object Storage list
View	View/getDataBoxDetail	-	DataBox	DataBox	View data box request details (data and infrastructure)
View	View/getDataBoxList	-	-	-	View created data box list
View	View/getFileExportList	-	-	-	View file export request list
View	View/getFileImportList	-	-	-	View file import request list
View	View/getProOptionPenalty	-	DataBox	DataBox	View penalty for pro option
Change	Change/addData	-	DataBox	DataBox	Request additional data
Change	Change/changeDataBoxName	View/getDataBoxList View/getDataBoxDetail	DataBox	DataBox	Edit data box name
Change	Change/changeNasSize	-	DataBox	DataBox	Change NAS capacity
Change	Change/changePassword	-	DataBox	DataBox	Reset password
Change	Change/changeSslVpnAccount	-	DataBox	DataBox	Change SSL VPN accounts
Change	Change/createDataBox	-	-	-	Create data box
Change	Change/modifyDataBox	View/getDataBoxList View/getDataBoxDetail	DataBox	DataBox	Edit data box
Change	Change/modifySslVpnAccountCount	-	DataBox	DataBox	Change the number of SSL VPN accounts
Change	Change/rebootServer	-	DataBox	DataBox	Reboot server in the data box
Change	Change/requestData	-	DataBox	DataBox	Request data supply to data box
Change	Change/requestFileExport	-	DataBox	DataBox	Request/cancel file export
Change	Change/requestFileImport	View/getFileImportList View/getBucketList View/getDataBoxList View/getDataBoxDetail	-	-	Request file import
Change	Change/requestInsightOption	-	DataBox	DataBox	Request data box insight option
Change	Change/requestProOption	-	DataBox	DataBox	Request pro option
Change	Change/returnDataBox	View/getProOptionPenalty View/getDataBoxList	DataBox	DataBox	Return data box
Change	Change/returnProOption	-	DataBox	DataBox	Cancel pro option

Caution

If you are granted permission for a certain action but not for the required actions that are related, you cannot run the job properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect the related actions that are automatically assigned, the system considers it as having been done intentionally by the main account user and does not forcibly include them. Thus, take caution when setting permissions.