Cloud DB for MySQL permissions management

Available in VPC

You can set different access permissions for Cloud DB for MySQL using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.

Note

Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.

System-managed policies

System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Cloud DB for MySQL. Here are the available system-managed policies for Cloud DB for MySQL:

Policy name	Policy description
NCP_ADMINISTRATOR	Full access to all services, with the same scope as the main account
NCP_INFRA_MANAGER	Access to all services, except the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console
NCP_FINANCE_MANAGER	Access only to the Cost Explorer service and the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console
NCP_VPC_CLOUD_DB_FOR_MYSQL_MANAGER	Full access to all Cloud DB for MySQL features on the VPC platform
NCP_VPC_CLOUD_DB_FOR_MYSQL_VIEWER	View-only access to list and query VPC-based Cloud DB for MySQL

User-defined policies

User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions, you've allowed. Here are the available user-defined policies for Cloud DB for Cloud DB for MySQL:

| Type | Action | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getDBBackupDetail |

View/getDBBackupList
View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceDetail
View/getDBServiceList

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getQueryTimeline
View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getVPCList
View/getVPCDetail
View/getSubnetList
View/getSubnetDetail
View/getDBServiceList

View/getDBServiceList
View/getDBServiceDetail
View/getVPCList
View/getSubnetList

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServerLogs
View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBBackupList
View/getDBBackupDetail
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail

View/getDBServiceList
View/getDBBackupList
View/getDBBackupDetail
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail

View/getDBServiceList
View/getDBServiceDetail
View/getBucketList
View/getBucketDetail
View/getDBBackupList
View/getDBBackupDetail

View/getDBServiceList
View/getDBServiceDetail
View/getBucketList
View/getBucketDetail
View/getDBServerLogs

View/getDBServiceList
View/getDBServiceDetail | Service | Service | Manage swap memory of the service (DB). |
| Change | Change/resetDBService |
- View/getDBServiceList
- View/getDBServiceDetail
- Change/manageDBConfig
| Service | Service | Initialize the service (DB) |
| Change | Change/killDBServiceMultipleSession |
- View/getDBServiceList
- View/getDBServiceDetail
| Service | Service | Force-terminate multiple sessions (IDs) of the service (DB). |
| Change | Change/changeMultizoneConfig |
- View/getSubnetList
- View/getSubnetDetail
- View/getDBServiceList
- View/getDBServiceDetail
| - | Service | Change the multizone configuration of the service (DB). |
| Change | Change/managePasswordPlugin |
- View/getDBServiceList
- View/getDBServiceDetail
| Service | Service | Configure password plugin options of the service (DB). |
| Change | Change/manageAuditPlugin |
- View/getDBServiceList
- View/getDBServiceDetail
| Service | Service | Configure audit plugin options of the service (DB). |
| Change | Change/manageSystemConfig |
- View/getDBServiceList
- View/getDBServiceDetail
- View/getSystemConfig
| Service | Service | Configure system config options of the service (DB). |
| Change | Change/changeDeleteProtectionConfig |
- View/getDBServiceList
- View/getDBServiceDetail
| Service | Service | Change return protection settings of the service (DB). |
| Change | Change/manageOperatingSystem |
- View/getDBServiceList
- View/getDBServiceDetail
- View/getOperatingSystemConfig
| Service | Service | Upgrade the operating system of the service (DB) |
| Change | Change/importBackupFromObjectStorage |
- View/getBucketList
- View/getBucketDetail
| Service | Service | Import selected backup files from a bucket. |

Caution

If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.