Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Functions. Sub Account provides system-managed policies and user-defined policies for setting management and administration permissions.
Note
Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see Services > Management & Governance > Sub Account menu on NAVER Cloud Platform portal and Sub Account user guides.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Functions. The following describes Cloud Functions' system-managed policies:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage billing information and expense > Manage Billing and Payment in the console |
| NCP_FINANCE_MANAGER | Access limited to Cost Explorer services and My Account > Manage billing information and expense > Manage Billing and Payment in the console |
| NCP_VPC_CLOUD_FUNCTIONS_MANAGER | Permission to use the full Cloud Functions feature sets in VPC. |
| NCP_VPC_CLOUD_FUNCTIONS_VIEWER | Permission to only use the View list and Search features in Cloud Functions in VPC. |
User-defined policies
User-defined policies are policies that users can create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following describes Cloud Functions' user-defined policies:
| Type | Action name | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getPackageList | - | - | Package | View package list. |
| View | View/getPackageDetail | View/getPackageList | Package | Package | View package details. |
| View | View/getActionList | View/getPackageList View/getPackageDetail |
- | Action | View action list. |
| View | View/getActionDetail | View/getPackageList View/getPackageDetail View/getActionList View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getAPIList View/getAPIDetail View/getResourceManagerObserverList View/getResourceManagerObserverDetail |
Action | Action | View action details. |
| View | View/getActionActivationList | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail |
Action | Activation | View list of action run history. |
| View | View/getActionActivationDetail | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail View/getActionActivationList |
Action | Activation | View action run history details. |
| View | View/getTriggerList | - | Trigger | Trigger | View trigger list. |
| View | View/getTriggerDetail | View/getTriggerList View/getAPIList View/getAPIDetail View/getEventRuleList View/getEventRuleDetail View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList View/getSourceCommitRepositoryList View/getSourceCommitWebhookList View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
Trigger | Trigger | View trigger details. |
| View | View/getTriggerActivationList | View/getTriggerList View/getTriggerDetail |
Trigger | Activation | View list of trigger run history. |
| View | View/getTriggerActivationDetail | View/getTriggerList View/getTriggerDetail View/getTriggerActivationList |
Trigger | Activation | View trigger run history details. |
| View | View/getProductList | - | - | Trigger | View product list in API Gateway. |
| View | View/getProductDetail | View/getProductList | APIGateway:Product | Trigger | View product details in API Gateway. |
| View | View/getAPIList | View/getProductList View/getProductDetail |
- | Trigger | View API list in API Gateway. |
| View | View/getAPIDetail | View/getProductList View/getProductDetail View/getAPIList |
APIGateway:API | Trigger | View API details in API Gateway. |
| View | View/getEventRuleList | - | - | Trigger | View list of Cloud Insight Event Rules. |
| View | View/getEventRuleDetail | View/getEventRuleList | CloudInsight:EventRule | Trigger | View Cloud Insight Event Rule details. |
| View | View/getObjectStorageBucketList | - | - | Trigger | View list of Object Storage Buckets. |
| View | View/getObjectStorageBucketDetail | View/getObjectStorageBucketList | ObjectStorage:Bucket | Trigger | View Object Storage Bucket details. |
| View | View/getObjectStorageBucketEventRuleList | View/getObjectStorageBucketList View/getObjectStorageBucketDetail |
- | Trigger | View list of Object Storage Bucket Event Rules. |
| View | View/getObjectStorageBucketEventRuleDetail | View/getObjectStorageBucketList View/getObjectStorageBucketDetail View/getObjectStorageBucketEventRuleList |
ObjectStorage:Bucket | Trigger | View Object Storage Bucket Event Rule details. |
| View | View/getSourceCommitRepositoryList | - | - | Trigger | View list of Source Commit Repositories. |
| View | View/getSourceCommitRepositoryDetail | View/getSourceCommitRepositoryList | SourceCommit:Repository | Trigger | View Source Commit Repository details. |
| View | View/getSourceCommitWebhookList | View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail |
- | Trigger | View Source Commit Repository Webhook list. |
| View | View/getSourceCommitWebhookDetail | View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail View/getSourceCommitWebhookList |
SourceCommit:Repository | Trigger | View Source Commit Repository Webhook details. |
| View | View/getSecretManagerSecretList | - | - | Trigger | View list of Secret Manager's Secrets. |
| View | View/getSecretManagerSecretDetail | View/getSecretManagerSecretList | SecretManager:Secret | Trigger | View Secret Manager's Secret details. |
| View | View/getResourceManagerObserverList | - | - | Action | View list of Resource Manager observers. |
| View | View/getResourceManagerObserverDetail | View/getResourceManagerObserverList | ResourceManager:Observer | Action | View Resource Manager observer details. |
| View | View/getVPCList | - | - | Action | View VPC list. |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | Action | View VPC details. |
| View | View/getSubnetList | - | - | Action | View Subnet list. |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Action | View Subnet details. |
| View | View/getActionVersionList | View/getActionDetail | Action | Action | View action version list. |
| View | View/getActionVersionDetail | View/getActionDetail View/getActionVersionList |
Action | Action | View action version details. |
| View | View/getDashboard | View/getActionActivationList | - | Activation | View Dashboard. |
| View | View/getMonitoringAction | View/getActionActivationList | Action | Activation | View action monitoring information. |
| View | View/getMonitoringTrigger | View/getTriggerActivationList | Trigger | Activation | View trigger monitoring information. |
| Change | Change/createAPI | View/getProductList View/getProductDetail View/getAPIList |
APIGateway:API | Trigger | Create API in API Gateway. |
| Change | Change/createAction | View/getPackageList View/getPackageDetail View/getActionList View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail Change/createNetworkInterface |
- | Action | Create action. |
| Change | Change/createActionLinkTrigger | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Action | Action | Connect trigger to action. |
| Change | Change/createNetworkInterface | - | - | Action | Create Network Interface. |
| Change | Change/createObjectStorageBucketEventRule | - | - | Trigger | Create Object Storage Bucket Event Rule. |
| Change | Change/createSourceCommitWebhook | - | - | Trigger | Create Source Commit Repository Webhook. |
| Change | Change/createPackage | View/getPackageList | - | Package | Create package. |
| Change | Change/createProduct | View/getProductList | - | Trigger | Create product in API Gateway. |
| Change | Change/createTrigger | View/getTriggerList View/getTriggerDetail View/getProductList View/getProductDetail View/getAPIList View/getAPIDetail Change/updateAPI Change/createProduct Change/createAPI View/getEventRuleList View/getEventRuleDetail Change/updateEventRule View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList Change/createObjectStorageBucketEventRule View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail View/getSourceCommitWebhookList View/getSourceCommitWebhookDetail Change/createSourceCommitWebhook View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
- | Trigger | Create trigger. |
| Change | Change/createTriggerLinkAction | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Trigger | Trigger | Connect action to trigger. |
| Change | Change/deleteAction | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail Change/deleteNetworkInterface View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail |
Action | Action | Delete action. |
| Change | Change/createActionVersion | View/getActionDetail View/getActionVersionList View/getActionVersionDetail |
Action | Action | Create a version with the current configuration of an action. |
| Change | Change/deleteActionVersion | View/getActionDetail View/getActionVersionList View/getActionVersionDetail |
Action | Action | Delete a version. |
| Change | Change/deleteActionLinkTrigger | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Action | Action | Disconnect trigger from action. |
| Change | Change/deleteNetworkInterface | - | VPCServer:NetworkInterface | Action | Return Network Interface. |
| Change | Change/secureActionParameter | - | - | Action | Use the key from the Key Management Service to encrypt or decrypt the parameters of an action. |
| Change | Change/deletePackage | View/getPackageList View/getPackageDetail |
Package | Package | Delete package. |
| Change | Change/deleteTrigger | View/getTriggerList View/getTriggerDetail View/getEventRuleList View/getEventRuleDetail Change/updateEventRule View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList View/getSourceCommitRepositoryList View/getSourceCommitWebhookList View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
Trigger | Trigger | Delete trigger. |
| Change | Change/deleteTriggerLinkAction | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Trigger | Trigger | Disconnect action from trigger. |
| Change | Change/invokeAction | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail |
Action | Action | Run action. |
| Change | Change/invokeTrigger | View/getTriggerList View/getTriggerDetail Change/invokeAction |
Trigger | Trigger | Run trigger. |
| Change | Change/updateAPI | View/getProductList View/getProductDetail View/getAPIList View/getAPIDetail |
APIGateway:API | Trigger | Edit API in API Gateway. |
| Change | Change/updateAction | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail Change/createNetworkInterface Change/deleteNetworkInterface View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail |
Action | Action | Edit action. |
| Change | Change/updateEventRule | View/getEventRuleList View/getEventRuleDetail |
CloudInsight:EventRule | Trigger | Edit Cloud Insight Event Rule. |
| Change | Change/updatePackage | View/getPackageList View/getPackageDetail |
Package | Package | Edit package. |
| Change | Change/updateTrigger | View/getTriggerList View/getTriggerDetail View/getProductList View/getProductDetail View/getAPIList View/getAPIDetail Change/updateAPI Change/createProduct Change/createAPI View/getEventRuleList View/getEventRuleDetail Change/updateEventRule View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList Change/createObjectStorageBucketEventRule View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail View/getSourceCommitWebhookList View/getSourceCommitWebhookDetail Change/createSourceCommitWebhook View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
Trigger | Trigger | Edit trigger. |
Caution
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, you will not be able to perform tasks properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, the system will determine that it was done intentionally by the main account user and will not forcibly include them. Therefore, be careful when setting permissions.