Managing Cloud DB for MySQL permissions (VPC)

System-managed policies

System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once the system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud DB for MySQL. The following is a brief description of the system-managed policies of Cloud DB for MySQL.

Policy name	Policy description
NCP_ADMINISTRATOR	Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
NCP_INFRA_MANAGER	Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal
NCP_VPC_CLOUD_DB_FOR_MYSQL_MANAGER	Permission to use all the features in VPC-based Cloud DB for MySQL
NCP_VPC_CLOUD_DB_FOR_MYSQL_VIEWER	Permission to only use the view list and search features in VPC-based Cloud DB for MySQL

Policy name

Policy description

NCP_ADMINISTRATOR

Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts

NCP_INFRA_MANAGER

Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal

NCP_VPC_CLOUD_DB_FOR_MYSQL_MANAGER

Permission to use all the features in VPC-based Cloud DB for MySQL

NCP_VPC_CLOUD_DB_FOR_MYSQL_VIEWER

Permission to only use the view list and search features in VPC-based Cloud DB for MySQL

User-created policies

User-created policies are policies that users may create. Once the user-created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-created policies of Cloud DB for MySQL.

Type	Action name	Related action	Resource type	Group by resource type	Action description
View	View/getDBBackupDetail	View/getDBBackupList View/getDBServiceList View/getDBServiceDetail	Service	Service	View service (DB) backup information
View	View/getDBBackupList	View/getDBServiceList	-	Service	View service (DB) backup information
View	View/getDBDashboard	View/getDBServiceList View/getDBServiceDetail	Service	Service	View DB dashboard of service (DB)
View	View/getDBLogs	View/getDBServiceList View/getDBServiceDetail	Service	Service	View DB log of service (DB)
View	View/getDBServerEventDetail	View/getDBServerEventList	Service	Service	View server (DB) event details
View	View/getDBServerEventList	-	-	Service	View server (DB) event list
View	View/getDBServiceDetail	View/getDBServiceList	Service	Service	View service (DB) details
View	View/getDBServiceList	-	-	Service	View service (DB) list
View	View/getExecutingBinary	View/getDBServiceDetail View/getDBServiceList	Service	Service	Check running binary log of selected DB server
View	View/getOSDashboard	View/getDBServiceList View/getDBServiceDetail	Service	Service	View OS dashboard of service (DB)
View	View/getQueryTimeline	View/getDBServiceList View/getDBServiceDetail	Service	Service	View query timeline of service (DB)
View	View/exportQueryTimeline	View/getQueryTimeline View/getDBServiceList View/getDBServiceDetail	Service	Service	Download searched service (DB) query timeline results
View	View/getSubnetDetail	View/getSubnetList	VPC:Subnet	Service	Check accessible subnet for service (DB)
View	View/getSubnetList	-	-	Service	View subnet list required for service (DB)
View	View/getVPCDetail	View/getVPCList	VPC:VPC	Service	Check accessible VPC for service (DB)
View	View/getVPCList	-	-	Service	View VPC list required for service (DB)
View	View/getDBServerLogs	View/getDBServiceList View/getDBServiceDetail	Service	Service	View log file for the selected DB server
View	View/getBucketList	-	-	Service	View bucket list to export selected file
View	View/getBucketDetail	View/getBucketList	ObjectStorage:Bucket	Service	Select bucket to export selected file
View	View/exportDBServiceList	View/getDBServiceList	-	Service	Download service (DB) list
View	View/getSystemConfig	View/getDBServiceList View/getDBServiceDetail	Service	Service	View the System Config option of service (DB)
Change	Change/addSlave	View/getDBServiceList View/getDBServiceDetail View/getSubnetList View/getSubnetDetail	Service	Service	Add service (DB) slave DB
Change	Change/changeDBServerLogConfig	View/getDBServiceList View/getDBServiceDetail	Service	Service	Change DB server log settings for service (DB)
Change	Change/changeDBSpec	View/getDBServiceList View/getDBServiceDetail	Service	Service	Change service (DB) specifications
Change	Change/changeMasterDB	View/getDBServiceList View/getDBServiceDetail	Service	Service	Execute service (DB) master DB failover
Change	Change/createDBService	View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getDBServiceList	-	Service	Create service (DB)
Change	Change/createDBServiceWithRecoveryServer	View/getDBServiceList View/getDBServiceDetail View/getVPCList View/getSubnetList	Service	Service	Create new service with recovery server
Change	Change/deleteDBService	View/getDBServiceList View/getDBServiceDetail	Service	Service	Delete service (DB) (Master, Stand Alone)
Change	Change/deleteDBServer	View/getDBServiceList View/getDBServiceDetail	Service	Service	Delete slave and recovery servers of service (DB)
Change	Change/deleteDBServerLog	View/getDBServerLogs View/getDBServiceList View/getDBServiceDetail	Service	Service	Delete log file for the selected DB server
Change	Change/killDBServiceSession	View/getDBServiceList View/getDBServiceDetail	Service	Service	Force end service (DB) session (ID)
Change	Change/manageBackup	View/getDBServiceList View/getDBServiceDetail	Service	Service	Manage service (DB) backup settings
Change	Change/manageDatabase	View/getDBServiceList View/getDBServiceDetail	Service	Service	Manage database
Change	Change/manageDBConfig	View/getDBServiceList View/getDBServiceDetail	Service	Service	Manage service (DB) config
Change	Change/manageDBServiceName	View/getDBServiceList View/getDBServiceDetail	Service	Service	Change DB service name
Change	Change/manageDBServerName	View/getDBServiceList View/getDBServiceDetail	Service	Service	Change DB server name
Change	Change/manageDBUser	View/getDBServiceList View/getDBServiceDetail	Service	Service	Manage service (DB) users
Change	Change/recoveryToTime	View/getDBServiceList View/getDBBackupList View/getDBBackupDetail View/getDBServiceDetail View/getSubnetList View/getSubnetDetail	Service	Service	Restore service (DB) to specific point in time
Change	Change/recoveryWithBackupFile	View/getDBServiceList View/getDBBackupList View/getDBBackupDetail View/getDBServiceDetail View/getSubnetList View/getSubnetDetail	Service	Service	Restore service (DB) with backup file
Change	Change/reinstallSlaveDB	View/getDBServiceList View/getDBServiceDetail	Service	Service	Reinstall slave DB
Change	Change/reinstallStandbyMasterDB	View/getDBServiceList View/getDBServiceDetail	Service	Service	Reinstall standby master DB
Change	Change/restartDBService	View/getDBServiceList View/getDBServiceDetail	Service	Service	Restart service (DB)
Change	Change/setHA	View/getDBServiceList View/getDBServiceDetail	Service	Service	Change service (DB) to high availability configuration
Change	Change/setStandalone	View/getDBServiceList View/getDBServiceDetail	Service	Service	Change service (DB) to the standalone configuration
Change	Change/skipReplicationError	View/getDBServiceList View/getDBServiceDetail	Service	Service	Correct an error by skipping query with a slave DB replication error
Change	Change/upgradeDBEngine	View/getDBServiceList View/getDBServiceDetail	Service	Service	Upgrade MySQL engine version of service (DB)
Change	Change/managePublicDomain	View/getDBServiceList View/getDBServiceDetail	Service	Service	Request public domain for external access to DB server
Change	Change/exportBackupToObjectStorage	View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getBucketDetail View/getDBBackupList View/getDBBackupDetail	Service	Service	Export the selected backup file to object storage
Change	Change/exportDBServerLogsToObjectStorage	View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getBucketDetail View/getDBServerLogs	Service	Service	Export the selected log file to Object Storage
Change	Change/manageDBServiceSwap	View/getDBServiceList View/getDBServiceDetail	Service	Service	Manage swap memory of service (DB)
Change	Change/resetDBService	View/getDBServiceList View/getDBServiceDetail Change/manageDBConfig	Service	Service	Reset service (DB)
Change	Change/killDBServiceMultipleSession	View/getDBServiceList View/getDBServiceDetail	Service	Service	Force end multiple service (DB) session (ID)
Change	Change/changeMultizoneConfig	View/getSubnetList View/getSubnetDetail View/getDBServiceList View/getDBServiceDetail	-	Service	Change service (DB) multizone configuration
Change	Change/managePasswordPlugin	View/getDBServiceList View/getDBServiceDetail	Service	Service	Setting options for service (DB) password plugin
Change	Change/manageAuditPlugin	View/getDBServiceList View/getDBServiceDetail	Service	Service	Setting options for service (DB) audit plugin
Change	Change/manageSystemConfig	View/getDBServiceList View/getDBServiceDetail View/getSystemConfig	Service	Service	Set the System Config option of service (DB)

Type

Action name

Related action

Resource type

Group by resource type

Action description

View

View/getDBBackupDetail

View/getDBBackupList
View/getDBServiceList
View/getDBServiceDetail

Service

View service (DB) backup information

View

View/getDBBackupList

View/getDBServiceList

Service

View service (DB) backup information

View

View/getDBDashboard

View/getDBServiceList
View/getDBServiceDetail

Service

View DB dashboard of service (DB)

View

View/getDBLogs

View/getDBServiceList
View/getDBServiceDetail

Service

View DB log of service (DB)

View

View/getDBServerEventDetail

View/getDBServerEventList

Service

View server (DB) event details

View

View/getDBServerEventList

Service

View server (DB) event list

View

View/getDBServiceDetail

View/getDBServiceList

Service

View service (DB) details

View

View/getDBServiceList

Service

View service (DB) list

View

View/getExecutingBinary

View/getDBServiceDetail
View/getDBServiceList

Service

Check running binary log of selected DB server

View

View/getOSDashboard

View/getDBServiceList
View/getDBServiceDetail

Service

View OS dashboard of service (DB)

View

View/getQueryTimeline

View/getDBServiceList
View/getDBServiceDetail

Service

View query timeline of service (DB)

View

View/exportQueryTimeline

View/getQueryTimeline
View/getDBServiceList
View/getDBServiceDetail

Service

Download searched service (DB) query timeline results

View

View/getSubnetDetail

View/getSubnetList

VPC:Subnet

Service

Check accessible subnet for service (DB)

View

View/getSubnetList

Service

View subnet list required for service (DB)

View

View/getVPCDetail

View/getVPCList

VPC:VPC

Service

Check accessible VPC for service (DB)

View

View/getVPCList

Service

View VPC list required for service (DB)

View

View/getDBServerLogs

View/getDBServiceList
View/getDBServiceDetail

Service

View log file for the selected DB server

View

View/getBucketList

Service

View bucket list to export selected file

View

View/getBucketDetail

View/getBucketList

ObjectStorage:Bucket

Service

Select bucket to export selected file

View

View/exportDBServiceList

View/getDBServiceList

Service

Download service (DB) list

View

View/getSystemConfig

View/getDBServiceList
View/getDBServiceDetail

Service

View the System Config option of service (DB)

Change

Change/addSlave

View/getDBServiceList
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail

Service

Add service (DB) slave DB

Change

Change/changeDBServerLogConfig

View/getDBServiceList
View/getDBServiceDetail

Service

Change DB server log settings for service (DB)

Change

Change/changeDBSpec

View/getDBServiceList
View/getDBServiceDetail

Service

Change service (DB) specifications

Change

Change/changeMasterDB

View/getDBServiceList
View/getDBServiceDetail

Service

Execute service (DB) master DB failover

Change

Change/createDBService

View/getVPCList
View/getVPCDetail
View/getSubnetList
View/getSubnetDetail
View/getDBServiceList

Service

Create service (DB)

Change

Change/createDBServiceWithRecoveryServer

View/getDBServiceList
View/getDBServiceDetail
View/getVPCList
View/getSubnetList

Service

Create new service with recovery server

Change

Change/deleteDBService

View/getDBServiceList
View/getDBServiceDetail

Service

Delete service (DB) (Master, Stand Alone)

Change

Change/deleteDBServer

View/getDBServiceList
View/getDBServiceDetail

Service

Delete slave and recovery servers of service (DB)

Change

Change/deleteDBServerLog

View/getDBServerLogs
View/getDBServiceList
View/getDBServiceDetail

Service

Delete log file for the selected DB server

Change

Change/killDBServiceSession

View/getDBServiceList
View/getDBServiceDetail

Service

Force end service (DB) session (ID)

Change

Change/manageBackup

View/getDBServiceList
View/getDBServiceDetail

Service

Manage service (DB) backup settings

Change

Change/manageDatabase

View/getDBServiceList
View/getDBServiceDetail

Service

Manage database

Change

Change/manageDBConfig

View/getDBServiceList
View/getDBServiceDetail

Service

Manage service (DB) config

Change

Change/manageDBServiceName

View/getDBServiceList
View/getDBServiceDetail

Service

Change DB service name

Change

Change/manageDBServerName

View/getDBServiceList
View/getDBServiceDetail

Service

Change DB server name

Change

Change/manageDBUser

View/getDBServiceList
View/getDBServiceDetail

Service

Manage service (DB) users

Change

Change/recoveryToTime

View/getDBServiceList
View/getDBBackupList
View/getDBBackupDetail
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail

Service

Restore service (DB) to specific point in time

Change

Change/recoveryWithBackupFile

View/getDBServiceList
View/getDBBackupList
View/getDBBackupDetail
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail

Service

Restore service (DB) with backup file

Change

Change/reinstallSlaveDB

View/getDBServiceList
View/getDBServiceDetail

Service

Reinstall slave DB

Change

Change/reinstallStandbyMasterDB

View/getDBServiceList
View/getDBServiceDetail

Service

Reinstall standby master DB

Change

Change/restartDBService

View/getDBServiceList
View/getDBServiceDetail

Service

Restart service (DB)

Change

Change/setHA

View/getDBServiceList
View/getDBServiceDetail

Service

Change service (DB) to high availability configuration

Change

Change/setStandalone

View/getDBServiceList
View/getDBServiceDetail

Service

Change service (DB) to the standalone configuration

Change

Change/skipReplicationError

View/getDBServiceList
View/getDBServiceDetail

Service

Correct an error by skipping query with a slave DB replication error

Change

Change/upgradeDBEngine

View/getDBServiceList
View/getDBServiceDetail

Service

Upgrade MySQL engine version of service (DB)

Change

Change/managePublicDomain

View/getDBServiceList
View/getDBServiceDetail

Service

Request public domain for external access to DB server

Change

Change/exportBackupToObjectStorage

View/getDBServiceList
View/getDBServiceDetail
View/getBucketList
View/getBucketDetail
View/getDBBackupList
View/getDBBackupDetail

Service

Export the selected backup file to object storage

Change

Change/exportDBServerLogsToObjectStorage

View/getDBServiceList
View/getDBServiceDetail
View/getBucketList
View/getBucketDetail
View/getDBServerLogs

Service

Export the selected log file to Object Storage

Change

Change/manageDBServiceSwap

View/getDBServiceList
View/getDBServiceDetail

Service

Manage swap memory of service (DB)

Change

Change/resetDBService

View/getDBServiceList
View/getDBServiceDetail
Change/manageDBConfig

Service

Reset service (DB)

Change

Change/killDBServiceMultipleSession

View/getDBServiceList
View/getDBServiceDetail

Service

Force end multiple service (DB) session (ID)

Change

Change/changeMultizoneConfig

View/getSubnetList
View/getSubnetDetail
View/getDBServiceList
View/getDBServiceDetail

Service

Change service (DB) multizone configuration

Change

Change/managePasswordPlugin

View/getDBServiceList
View/getDBServiceDetail

Service

Setting options for service (DB) password plugin

Change

Change/manageAuditPlugin

View/getDBServiceList
View/getDBServiceDetail

Service

Setting options for service (DB) audit plugin

Change

Change/manageSystemConfig

View/getDBServiceList
View/getDBServiceDetail
View/getSystemConfig

Service

Set the System Config option of service (DB)

Caution

Even when you are granted a permission for a specific action, you won't be able to perform the task properly unless you are also granted a permission for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system will not forcibly include them since it regards such de-selection done intentionally by the main account user. Thus, caution is advised when setting permissions.

Managing Cloud DB for MySQL permissions (VPC)

System-managed policies

User-created policies

What's Next