Login
      Contents x
      Managing Cloud DB for PostgreSQL permissions
        • Print
        • PDF
        Contents

        Managing Cloud DB for PostgreSQL permissions

          • Print
          • PDF
          Article Summary

          Available in VPC

          By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud DB for PostgreSQL. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

          Note

          Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see the Services > Management & Governance > Sub Account menus of NAVER Cloud Platform and the Sub Account user guide.

          System-managed policies

          System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud DB for PostgreSQL. The following is a brief description of the system-managed policies of Cloud DB for PostgreSQL.

          Policy NamePolicy description
          NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
          NCP_INFRA_MANAGERPermission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal
          NCP_VPC_CLOUD_DB_FOR_POSTGRESQL_MANAGERPermission to use all the features in VPC-based Cloud DB for PostgreSQL
          NCP_VPC_CLOUD_DB_FOR_POSTGRESQL_VIEWERPermission to use See list and View features in VPC-based Cloud DB for PostgreSQL

          User-created policies

          User-created policies are policies that users may create. Once user-created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-defined policies of Cloud DB for PostgreSQL.

          DivisionAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getDBServiceList--ServiceView service (DB) list
          ViewView/getDBServiceDetailView/getDBServiceListServiceServiceView service (DB) details
          ViewView/getVPCList--ServiceView VPC list required for service (DB)
          ViewView/getVPCDetailView/getVPCListVPC:VPCServiceCheck accessible VPC for service (DB)
          ViewView/getSubnetList--ServiceView subnet list required for service (DB)
          ViewView/getSubnetDetailView/getSubnetListVPC:SubnetServiceCheck accessible subnet for service (DB)
          ViewView/getDBDashboardView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView DB dashboard of service (DB)
          ViewView/getOSDashboardView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView OS dashboard of service (DB)
          ViewView/getDBLogsView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView DB log of service (DB)
          ViewView/getQueryTimelineView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView query timeline of service (DB)
          ViewView/getDBServerDetailView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView service (DB) server details
          ViewView/getDatabaseListView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView database list
          ViewView/getDBConfigView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView service (DB) config
          ViewView/getDBUserView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView service (DB) users
          ViewView/getPGStatActivityView/getDBServiceList
          View/getDBServiceDetail
          View/getDBServerDetail          		ServiceServiceView service (DB) session
          ViewView/getSqlView/getDBServiceList
          View/getDBServiceDetail
          View/getDBServerDetail          		ServiceServiceView SQL in progress in service (DB) session
          ViewView/getPGSettingView/getDBServiceList
          View/getDBServiceDetail
          View/getDBServerDetail          		ServiceServiceView DB server settings
          ViewView/getPGStatView/getDBServiceList
          View/getDBServiceDetail
          View/getDBServerDetail          		ServiceServiceView DB server stats
          ViewView/getDBServerLogsView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView log file for the selected DB server
          ViewView/getDBBackupListView/getDBServiceList-ServiceView service (DB) backup list
          ViewView/getDBBackupDetailView/getDBBackupList
          View/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceView service (DB) backup information
          ViewView/getBucketList--ServiceView bucket list to export selected file
          ViewView/getBucketDetailView/getBucketListObjectStorage:BucketServiceSelect bucket to export selected file
          ViewView/getServiceServerEventListView/getDBServiceList-ServiceView server (DB) event list
          ViewView/getServiceServerEventDetailView/getDBServiceList
          View/getDBServiceDetail
          View/getServiceServerEventList          		ServiceServiceView server (DB) event details
          ViewView/getExtensionListView/getDBServiceList
          View/getDBServiceDetail
          View/getDatabaseList          		ServiceServiceView extension information
          ChangeChange/createDBServiceView/getVPCList
          View/getSubnetList
          View/getDBServiceList
          View/getVPCDetail
          View/getSubnetDetail          		-ServiceCreate service (DB)
          ChangeChange/restartDBServiceView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceRestart service (DB)
          ChangeChange/deleteDBServiceView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceDelete service (DB) (primary, secondary, standalone)
          ChangeChange/addReadReplicaView/getDBServiceList
          View/getDBServiceDetail
          View/getSubnetList
          View/getSubnetDetail          		ServiceServiceAdd read replica of service (DB)
          ChangeChange/setHAView/getDBServiceList
          View/getDBServiceDetail
          View/getSubnetList
          View/getSubnetDetail          		ServiceServiceChange service (DB) to high availability configuration
          ChangeChange/changeDBSpecView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceChange service (DB) specifications
          ChangeChange/manageDBConfigView/getDBServiceList
          View/getDBServiceDetail
          View/getDBConfig          		ServiceServiceManage service (DB) config
          ChangeChange/manageDBUserView/getDBServiceList
          View/getDBServiceDetail
          View/getDBUser          		ServiceServiceManage service (DB) users
          ChangeChange/upgradeDBEngineView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceUpgrade the PostgreSQL engine version of the service (DB).
          ChangeChange/managePublicDomainView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceRequest public domain for external access to DB server
          ChangeChange/changeDBServerLogConfigView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceChange DB server log settings for service (DB)
          ChangeChange/changeMasterDBView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceExecute service (DB) primary-secondary failover
          ChangeChange/manageDatabaseView/getDBServiceList
          View/getDBServiceDetail
          View/getDatabaseList
          View/getDBUser          		ServiceServiceManage database
          ChangeChange/manageBackupView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceManage service (DB) backup settings
          ChangeChange/terminateBackendView/getDBServiceList
          View/getDBServiceDetail
          View/getDBServerDetail
          View/getPGStatActivity          		ServiceServiceEnd service (DB) session
          ChangeChange/cancelBackendView/getDBServiceList
          View/getDBServiceDetail
          View/getDBServerDetail
          View/getPGStatActivity          		ServiceServiceStop SQL in progress in service (DB) session
          ChangeChange/exportDBServerLogsToObjectStorageView/getDBServiceList
          View/getDBServiceDetail
          View/getBucketList
          View/getBucketDetail
          View/getDBServerLogs          		ServiceServiceExport the selected log file to Object Storage
          ChangeChange/deleteDBServerLogsView/getDBServiceList
          View/getDBServiceDetail
          View/getDBServerLogs          		ServiceServiceDelete log file for the selected DB server
          ChangeChange/manageDBServiceNameView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceChange DB service name
          ChangeChange/createDBServiceOnRecoveryTimeView/getDBServiceList
          View/getDBServiceDetail
          View/getDBBackupList
          View/getDBBackupDetail
          View/getSubnetList
          View/getSubnetDetail          		ServiceServiceCreate a server that has restored the service (DB) to a specific point in time
          ChangeChange/exportBackupToObjectStorageView/getDBServiceList
          View/getDBServiceDetail
          View/getBucketList
          View/getBucketDetail
          View/getDBBackupDetail
          View/getDBBackupList          		ServiceServiceExport the selected backup file to object storage
          ChangeChange/deleteDBServerView/getDBServiceList
          View/getDBServiceDetail          		ServiceServiceDelete read replica server of service (DB)
          ChangeChange/setStandaloneView/getDBServiceList
          View/getDBServiceDetail
          View/getSubnetList
          View/getSubnetDetail          		ServiceServiceChange service (DB) to the standalone configuration
          ChangeChange/manageExtensionView/getDBServiceList
          View/getDBServiceDetail
          View/getDatabaseList
          View/getExtensionList          		ServiceServiceInstall and delete extensions
          Caution

          Even when you are granted permission for a specific action, you cannot perform jobs properly if you are not also granted permissions for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, caution is advised when setting permissions.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout