Available in VPC
You can set different access permissions for Cloud DB for PostgreSQL using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Cloud DB for PostgreSQL. Here are the available system-managed policies for Cloud DB for PostgreSQL:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, with the same scope as the main account |
| NCP_INFRA_MANAGER | Access to all services, except the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console |
| NCP_FINANCE_MANAGER | Access only to the Cost Explorer service and the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console |
| NCP_VPC_CLOUD_DB_FOR_POSTGRESQL_MANAGER | Full access to all VPC-based Cloud DB for PostgreSQL features |
| NCP_VPC_CLOUD_DB_FOR_POSTGRESQL_VIEWER | Full access to all Cloud DB for PostgreSQL features on the VPC platform |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions, you've allowed. Here are the available user-defined policies for Cloud DB for PostgreSQL:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getDBServiceList | - | - | Service | View a list of services (DB) |
| View | View/getDBServiceDetail | View/getDBServiceList | Service | Service | View detailed information about the service (DB) |
| View | View/getVPCList | - | - | Service | View the list of VPCs required for services (DB). |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | Service | View VPCs accessible for services (DB). |
| View | View/getSubnetList | - | - | Service | View the list of subnets required for services (DB). |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Service | View subnets accessible for services (DB). |
| View | View/getDBDashboard | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View the DB dashboard of Service (DB) |
| View | View/getOSDashboard | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View the OS dashboard of services (DB). |
| View | View/getDBLogs | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View DB logs for the service (DB) |
| View | View/getQueryTimeline | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View the query timeline of services (DB). |
| View | View/getDBServerDetail | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View detailed server information of the service (DB). |
| View | View/getDatabaseList | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View the database list. |
| View | View/getDBConfig | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View config settings of the service (DB). |
| View | View/getDBUser | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View users of the service (DB). |
| View | View/getPGStatActivity | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerDetail | Service | Service | View sessions of the service (DB). |
| View | View/getSql | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerDetail | Service | Service | View SQL statements being executed in service (DB) sessions. |
| View | View/getPGSetting | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerDetail | Service | Service | View settings of the DB server. |
| View | View/getPGStat | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerDetail | Service | Service | View statistics of the DB server. |
| View | View/getDBServerLogs | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View log files of the selected DB server. |
| View | View/getDBBackupList | View/getDBServiceList | - | Service | View the list of backups for the service (DB) |
| View | View/getDBBackupDetail | View/getDBBackupList
View/getDBServiceList
View/getDBServiceDetail | Service | Service | View backup information for the service (DB) |
| View | View/getBucketList | - | - | Service | View the list of buckets to which the selected file can be exported |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Service | Select a bucket to which the selected file will be exported |
| View | View/getServiceServerEventList | View/getDBServiceList | - | Service | View the list of server (DB) events |
| View | View/getServiceServerEventDetail | View/getDBServiceList
View/getDBServiceDetail
View/getServiceServerEventList | Service | Service | View detailed information about server (DB) events |
| View | View/getExtensionList | View/getDBServiceList
View/getDBServiceDetail
View/getDatabaseList | Service | Service | View extension information. |
| View | View/getPublicSchemaConfig | View/getDBServiceList
View/getDBServiceDetail
View/getDatabaseList | Service | Service | View public schema information of the service (DB). |
| View | View/getOperatingSystemConfig | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View the settings required for upgrading the operating system of the service (DB) |
| Change | Change/createDBService | View/getVPCList
View/getSubnetList
View/getDBServiceList
View/getVPCDetail
View/getSubnetDetail | - | Service | Create a service (DB) |
| Change | Change/restartDBService | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Restart the service (DB) |
| Change | Change/deleteDBService | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Delete the service (DB) (primary, secondary, standalone). |
| Change | Change/addReadReplica | View/getDBServiceList
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail | Service | Service | Add a read replica to the service (DB). |
| Change | Change/setHA | View/getDBServiceList
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail | Service | Service | Change the service (DB) to a high availability configuration |
| Change | Change/changeDBSpec | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Change specifications of the service (DB) |
| Change | Change/manageDBConfig | View/getDBServiceList
View/getDBServiceDetail
View/getDBConfig | Service | Service | Manage config settings of services (DB). |
| Change | Change/manageDBUser | View/getDBServiceList
View/getDBServiceDetail
View/getDBUser | Service | Service | Manage users for the service (DB) |
| Change | Change/upgradeDBEngine | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Upgrade the PostgreSQL engine version of the service (DB). |
| Change | Change/managePublicDomain | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Request a public domain to allow external access to the DB server |
| Change | Change/changeDBServerLogConfig | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Change DB server log settings of services (DB). |
| Change | Change/changeMasterDB | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Perform primary–secondary failover for the service (DB). |
| Change | Change/manageDatabase | View/getDBServiceList
View/getDBServiceDetail
View/getDatabaseList
View/getDBUser | Service | Service | Manage databases |
| Change | Change/manageBackup | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Manage backup settings for the service (DB) |
| Change | Change/terminateBackend | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerDetail
View/getPGStatActivity | Service | Service | Terminate sessions of the service (DB). |
| Change | Change/cancelBackend | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerDetail
View/getPGStatActivity | Service | Service | Cancel SQL statements running in service (DB) sessions. |
| Change | Change/exportDBServerLogsToObjectStorage | View/getDBServiceList
View/getDBServiceDetail
View/getBucketList
View/getBucketDetail
View/getDBServerLogs | Service | Service | Export the selected log files to Object Storage. |
| Change | Change/deleteDBServerLogs | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerLogs | Service | Service | Delete log files for the selected DB server. |
| Change | Change/manageDBServiceName | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Change the DB service name |
| Change | Change/createDBServiceOnRecoveryTime | View/getDBServiceList
View/getDBServiceDetail
View/getDBBackupList
View/getDBBackupDetail
View/getSubnetList
View/getSubnetDetail | Service | Service | Create a server by restoring the service (DB) to a specific point in time. |
| Change | Change/exportBackupToObjectStorage | View/getDBServiceList
View/getDBServiceDetail
View/getBucketList
View/getBucketDetail
View/getDBBackupDetail
View/getDBBackupList | Service | Service | Export the selected backup file to Object Storage |
| Change | Change/deleteDBServer | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Delete the read replica server of the service (DB). |
| Change | Change/setStandalone | View/getDBServiceList
View/getDBServiceDetail
View/getSubnetList
View/getSubnetDetail | Service | Service | Change the service (DB) to a standalone configuration |
| Change | Change/manageExtension | View/getDBServiceList
View/getDBServiceDetail
View/getDatabaseList
View/getExtensionList | Service | Service | Install and delete extensions for the service (DB). |
| Change | Change/managePublicSchemaConfig | View/getDBServiceList
View/getDBServiceDetail
View/getDatabaseList
View/getPublicSchemaConfig | Service | Service | Change public schema information of the service (DB). |
| Change | Change/manageOperatingSystem | View/getDBServiceList
View/getDBServiceDetail
View/getOperatingSystemConfig | Service | Service | Upgrade the operating system of the service (DB) |
| Change | Change/changeDeleteProtectionConfig | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Change return protection settings of the service (DB). |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.