- Print
- PDF
Managing Cloud DB for MSSQL permissions
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud DB for MSSQL. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see the Service > Management & Governance > Sub Account menus of NAVER Cloud Platform and the Sub Account user guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud DB for MSSQL. The following is a brief description of the system-managed policies of Cloud DB for MSSQL.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_VPC_CLOUD_DB_FOR_MSSQL_MANAGER | Permission to use all the features in VPC-based Cloud DB for MSSQL |
NCP_VPC_CLOUD_DB_FOR_MSSQL_VIEWER | Permission to only use the View list and Search features in VPC-based Cloud DB for MSSQL |
User-created policies
User-created policies are policies that users may create. Once user-created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-created policies of Cloud DB for MSSQL.
Category | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getDBServiceList | - | - | Service | View service (DB) list |
View | View/getVPCList | - | - | Service | View VPC list required for service |
View | View/getVPCDetail | View/getVPCList | VPC:VPC | Service | Check accessible VPCs for service |
View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Service | Check accessible subnet for service |
View | View/getSubnetList | - | - | Service | View the list of subnets required for service |
View | View/getDBServiceDetail | View/getDBServiceList | Service | Service | View service (DB) details |
View | View/getDBDashboard | View/getDBServiceList View/getDBServiceDetail | Service | Service | View service (DB) monitoring DB dashboard |
View | View/getPerformanceDashboard | View/getDBServiceList View/getDBServiceDetail | Service | Service | View service (DB) monitoring performance |
View | View/getDBLogs | View/getDBServiceList View/getDBServiceDetail | Service | Service | View DB log of service (DB) |
View | View/getDBServerEventDetail | View/getDBServiceList View/getDBServerEventList | Service | Service | View server (DB) event details |
View | View/getDBServerEventList | View/getDBServiceList | - | Service | View server (DB) event list |
View | View/getDBBackupList | View/getDBServiceList | - | Service | View service (DB) backup information |
View | View/getDBBackupDetail | View/getDBBackupList View/getDBServiceList View/getDBServiceDetail | Service | Service | View service (DB) backup information |
View | View/getConfigGroupList | - | - | ConfigGroup | View Config Group list |
View | View/getConfigGroupDetail | View/getConfigGroupList | ConfigGroup | ConfigGroup | View Config Group details |
View | View/getDBServerLogs | View/getDBServiceList View/getDBServiceDetail | Service | Service | View Service (DB) log files |
View | View/getBucketList | - | Service | Service | Search bucket list |
View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Service | Select bucket |
View | View/getAuditLogStatus | View/getDBServiceList View/getDBServiceDetail | Service | Service | View Audit Plugin option information for service (DB) |
View | View/getLogBackupFileList | View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getBucketDetail | Service | Service | View log backup list of service (DB) |
Change | Change/createDBService | View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getDBServiceList View/getConfigGroupList View/getConfigGroupDetail | - | Service | Create service (DB) |
Change | Change/restartDBService | View/getDBServiceList View/getDBServiceDetail | Service | Service | Restart service (DB) |
Change | Change/setHA | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change service (DB) to high availability configuration |
Change | Change/setStandalone | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change service (DB) to the standalone configuration |
Change | Change/manageSlaveReadableTime | View/getDBServiceList View/getDBServiceDetail | Service | Service | Set slave server's readability |
Change | Change/manageDBServiceName | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change DB service name |
Change | Change/deleteDBServer | View/getDBServiceList View/getDBServiceDetail | Service | Service | Delete service (DB) slave server |
Change | Change/deleteDBService | View/getDBServiceList View/getDBServiceDetail | Service | Service | Delete service (DB) (Master, Stand Alone) |
Change | Change/addSlave | View/getDBServiceList View/getDBServiceDetail | Service | Service | Add service (DB) slave DB |
Change | Change/manageBackup | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage service (DB) backup settings |
Change | Change/deleteBackup | View/getDBServiceList View/getDBServiceDetail View/getDBBackupList View/getDBBackupDetail | Service | Service | Delete service backup file |
Change | Change/changeDBSpec | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change service (DB) specifications |
Change | Change/managePublicDomain | View/getDBServiceList View/getDBServiceDetail | Service | Service | Request public domain for external access to DB server |
Change | Change/recoveryToTime | View/getDBServiceList View/getDBServiceDetail View/getDBBackupList View/getDBBackupDetail | Service | Service | Create new service with backup file |
Change | Change/manageDatabase | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage database |
Change | Change/manageUserAccount | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage service (DB) users |
Change | Change/createConfigGroup | View/getConfigGroupList | - | ConfigGroup | Create Config Group |
Change | Change/manageConfigGroup | View/getConfigGroupList View/getConfigGroupDetail | ConfigGroup | ConfigGroup | Change Config Group |
Change | Change/manageClusterConfigGroup | View/getDBServiceList View/getDBServiceDetail View/getConfigGroupList View/getConfigGroupDetail | Service | Service | Apply Config Group to other service |
Change | Change/deleteConfigGroup | View/getConfigGroupList View/getConfigGroupDetail | ConfigGroup | ConfigGroup | Delete Config Group |
Change | Change/upgradeDBEngine | View/getDBServiceList View/getDBServiceDetail | Service | Service | Upgrade MSSQL Engine version of service (DB) |
Change | Change/manageAuditPlugin | View/getDBServiceList View/getDBServiceDetail View/getAuditLogStatus | Service | Service | Set options for service (DB) 's Audit Plugin |
Change | Change/exportDBServerLogsToObjectStorage | View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getBucketDetail View/getDBServerLogs | Service | Service | Export the selected log file to Object Storage |
Change | Change/exportBackupToObjectStorage | View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getBucketDetail View/getDBBackupList View/getDBBackupDetail View/getLogBackupFileList | Service | Service | Export the selected backup file to Object Storage |
Even when you are granted permission for a specific action, you cannot perform jobs properly if you are not also granted permissions for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.