- Print
- PDF
Managing Cloud DB for MySQL permissions (VPC)
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud DB for MySQL. Sub Account provides the system-managed and user-created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, see Services > Management & Governance > Sub Account in NAVER Cloud Platform portal, as well as the Sub Account Guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once the system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud DB for MySQL. The following is a brief description of the system-managed policies of Cloud DB for MySQL.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_VPC_CLOUD_DB_FOR_MYSQL_MANAGER | Permission to use all the features in VPC-based Cloud DB for MySQL |
NCP_VPC_CLOUD_DB_FOR_MYSQL_VIEWER | Permission to only use the view list and search features in VPC-based Cloud DB for MySQL |
User-created policies
User-created policies are policies that users may create. Once the user-created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-created policies of Cloud DB for MySQL.
Type | Action name | Related action | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getDBBackupDetail | View/getDBBackupList View/getDBServiceList View/getDBServiceDetail | Service | Service | View service (DB) backup information |
View | View/getDBBackupList | View/getDBServiceList | - | Service | View service (DB) backup information |
View | View/getDBDashboard | View/getDBServiceList View/getDBServiceDetail | Service | Service | View DB dashboard of service (DB) |
View | View/getDBLogs | View/getDBServiceList View/getDBServiceDetail | Service | Service | View DB log of service (DB) |
View | View/getDBServerEventDetail | View/getDBServerEventList | Service | Service | View server (DB) event details |
View | View/getDBServerEventList | - | - | Service | View server (DB) event list |
View | View/getDBServiceDetail | View/getDBServiceList | Service | Service | View service (DB) details |
View | View/getDBServiceList | - | - | Service | View service (DB) list |
View | View/getExecutingBinary | View/getDBServiceDetail View/getDBServiceList | Service | Service | Check running binary log of selected DB server |
View | View/getOSDashboard | View/getDBServiceList View/getDBServiceDetail | Service | Service | View OS dashboard of service (DB) |
View | View/getQueryTimeline | View/getDBServiceList View/getDBServiceDetail | Service | Service | View query timeline of service (DB) |
View | View/exportQueryTimeline | View/getQueryTimeline View/getDBServiceList View/getDBServiceDetail | Service | Service | Download searched service (DB) query timeline results |
View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Service | Check accessible subnet for service (DB) |
View | View/getSubnetList | - | - | Service | View subnet list required for service (DB) |
View | View/getVPCDetail | View/getVPCList | VPC:VPC | Service | Check accessible VPC for service (DB) |
View | View/getVPCList | - | - | Service | View VPC list required for service (DB) |
View | View/getDBServerLogs | View/getDBServiceList View/getDBServiceDetail | Service | Service | View log file for the selected DB server |
View | View/getBucketList | - | - | Service | View bucket list to export selected file |
View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Service | Select bucket to export selected file |
View | View/exportDBServiceList | View/getDBServiceList | - | Service | Download service (DB) list |
View | View/getSystemConfig | View/getDBServiceList View/getDBServiceDetail | Service | Service | View the System Config option of service (DB) |
Change | Change/addSlave | View/getDBServiceList View/getDBServiceDetail View/getSubnetList View/getSubnetDetail | Service | Service | Add service (DB) slave DB |
Change | Change/changeDBServerLogConfig | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change DB server log settings for service (DB) |
Change | Change/changeDBSpec | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change service (DB) specifications |
Change | Change/changeMasterDB | View/getDBServiceList View/getDBServiceDetail | Service | Service | Execute service (DB) master DB failover |
Change | Change/createDBService | View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getDBServiceList | - | Service | Create service (DB) |
Change | Change/createDBServiceWithRecoveryServer | View/getDBServiceList View/getDBServiceDetail View/getVPCList View/getSubnetList | Service | Service | Create new service with recovery server |
Change | Change/deleteDBService | View/getDBServiceList View/getDBServiceDetail | Service | Service | Delete service (DB) (Master, Stand Alone) |
Change | Change/deleteDBServer | View/getDBServiceList View/getDBServiceDetail | Service | Service | Delete slave and recovery servers of service (DB) |
Change | Change/deleteDBServerLog | View/getDBServerLogs View/getDBServiceList View/getDBServiceDetail | Service | Service | Delete log file for the selected DB server |
Change | Change/killDBServiceSession | View/getDBServiceList View/getDBServiceDetail | Service | Service | Force end service (DB) session (ID) |
Change | Change/manageBackup | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage service (DB) backup settings |
Change | Change/manageDatabase | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage database |
Change | Change/manageDBConfig | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage service (DB) config |
Change | Change/manageDBServiceName | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change DB service name |
Change | Change/manageDBServerName | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change DB server name |
Change | Change/manageDBUser | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage service (DB) users |
Change | Change/recoveryToTime | View/getDBServiceList View/getDBBackupList View/getDBBackupDetail View/getDBServiceDetail View/getSubnetList View/getSubnetDetail | Service | Service | Restore service (DB) to specific point in time |
Change | Change/recoveryWithBackupFile | View/getDBServiceList View/getDBBackupList View/getDBBackupDetail View/getDBServiceDetail View/getSubnetList View/getSubnetDetail | Service | Service | Restore service (DB) with backup file |
Change | Change/reinstallSlaveDB | View/getDBServiceList View/getDBServiceDetail | Service | Service | Reinstall slave DB |
Change | Change/reinstallStandbyMasterDB | View/getDBServiceList View/getDBServiceDetail | Service | Service | Reinstall standby master DB |
Change | Change/restartDBService | View/getDBServiceList View/getDBServiceDetail | Service | Service | Restart service (DB) |
Change | Change/setHA | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change service (DB) to high availability configuration |
Change | Change/setStandalone | View/getDBServiceList View/getDBServiceDetail | Service | Service | Change service (DB) to the standalone configuration |
Change | Change/skipReplicationError | View/getDBServiceList View/getDBServiceDetail | Service | Service | Correct an error by skipping query with a slave DB replication error |
Change | Change/upgradeDBEngine | View/getDBServiceList View/getDBServiceDetail | Service | Service | Upgrade MySQL engine version of service (DB) |
Change | Change/managePublicDomain | View/getDBServiceList View/getDBServiceDetail | Service | Service | Request public domain for external access to DB server |
Change | Change/exportBackupToObjectStorage | View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getBucketDetail View/getDBBackupList View/getDBBackupDetail | Service | Service | Export the selected backup file to object storage |
Change | Change/exportDBServerLogsToObjectStorage | View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getBucketDetail View/getDBServerLogs | Service | Service | Export the selected log file to Object Storage |
Change | Change/manageDBServiceSwap | View/getDBServiceList View/getDBServiceDetail | Service | Service | Manage swap memory of service (DB) |
Change | Change/resetDBService | View/getDBServiceList View/getDBServiceDetail Change/manageDBConfig | Service | Service | Reset service (DB) |
Change | Change/killDBServiceMultipleSession | View/getDBServiceList View/getDBServiceDetail | Service | Service | Force end multiple service (DB) session (ID) |
Change | Change/changeMultizoneConfig | View/getSubnetList View/getSubnetDetail View/getDBServiceList View/getDBServiceDetail | - | Service | Change service (DB) multizone configuration |
Change | Change/managePasswordPlugin | View/getDBServiceList View/getDBServiceDetail | Service | Service | Setting options for service (DB) password plugin |
Change | Change/manageAuditPlugin | View/getDBServiceList View/getDBServiceDetail | Service | Service | Setting options for service (DB) audit plugin |
Change | Change/manageSystemConfig | View/getDBServiceList View/getDBServiceDetail View/getSystemConfig | Service | Service | Set the System Config option of service (DB) |
Even when you are granted a permission for a specific action, you won't be able to perform the task properly unless you are also granted a permission for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system will not forcibly include them since it regards such de-selection done intentionally by the main account user. Thus, caution is advised when setting permissions.