Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Functions. Sub Account provides system-managed policies and user-created policies for setting management and administration permissions.
Note
Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see Services > Management & Governance > Sub Account menu and Sub Account user guides on the NAVER Cloud Platform portal.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Functions. The following describes Cloud Functions' system-managed policies:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main account. |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal. |
| NCP_VPC_CLOUD_FUNCTIONS_MANAGER | Permission to use the full Cloud Functions feature sets in VPC. |
| NCP_VPC_CLOUD_FUNCTIONS_VIEWER | Permission to only use the View list and Search features in Cloud Functions in VPC. |
User-defined policies
User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following describes Cloud Functions' user-created policies:
| Type | Action name | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getPackageList | - | - | Package | View package list. |
| View | View/getPackageDetail | View/getPackageList | Package | Package | View package details. |
| View | View/getActionList | View/getPackageList View/getPackageDetail |
- | Action | View action list |
| View | View/getActionDetail | View/getPackageList View/getPackageDetail View/getActionList View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getAPIList View/getAPIDetail View/getResourceManagerObserverList View/getResourceManagerObserverDetail |
Action | Action | View action details. |
| View | View/getActionActivationList | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail |
Action | Activation | View list of action run history. |
| View | View/getActionActivationDetail | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail View/getActionActivationList |
Action | Activation | View action run history details. |
| View | View/getTriggerList | - | Trigger | Trigger | View trigger list. |
| View | View/getTriggerDetail | View/getTriggerList View/getAPIList View/getAPIDetail View/getEventRuleList View/getEventRuleDetail View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList View/getSourceCommitRepositoryList View/getSourceCommitWebhookList View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
Trigger | Trigger | View trigger details. |
| View | View/getTriggerActivationList | View/getTriggerList View/getTriggerDetail |
Trigger | Activation | View list of trigger run history. |
| View | View/getTriggerActivationDetail | View/getTriggerList View/getTriggerDetail View/getTriggerActivationList |
Trigger | Activation | View trigger run history details. |
| View | View/getProductList | - | - | Trigger | View list of API Gateway products. |
| View | View/getProductDetail | View/getProductList | APIGateway:Product | Trigger | View API Gateway product details. |
| View | View/getAPIList | View/getProductList View/getProductDetail |
- | Trigger | View list of API Gateway APIs. |
| View | View/getAPIDetail | View/getProductList View/getProductDetail View/getAPIList |
APIGateway:API | Trigger | View API Gateway API details. |
| View | View/getEventRuleList | - | - | Trigger | View list of Cloud Insight event rules. |
| View | View/getEventRuleDetail | View/getEventRuleList | CloudInsight:EventRule | Trigger | View Cloud Insight event rule details. |
| View | View/getObjectStorageBucketList | - | - | Trigger | View list of Object Storage buckets. |
| View | View/getObjectStorageBucketDetail | View/getObjectStorageBucketList | ObjectStorage:Bucket | Trigger | View Object Storage bucket details. |
| View | View/getObjectStorageBucketEventRuleList | View/getObjectStorageBucketList View/getObjectStorageBucketDetail |
- | Trigger | View list of Object Storage bucket event rules. |
| View | View/getObjectStorageBucketEventRuleDetail | View/getObjectStorageBucketList View/getObjectStorageBucketDetail View/getObjectStorageBucketEventRuleList |
ObjectStorage:Bucket | Trigger | View Object Storage bucket event rule details. |
| View | View/getSourceCommitRepositoryList | - | - | Trigger | View list of SourceCommit repositories. |
| View | View/getSourceCommitRepositoryDetail | View/getSourceCommitRepositoryList | SourceCommit:Repository | Trigger | View SourceCommit repository details. |
| View | View/getSourceCommitWebhookList | View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail |
- | Trigger | View SourceCommit repository webhook list. |
| View | View/getSourceCommitWebhookDetail | View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail View/getSourceCommitWebhookList |
SourceCommit:Repository | Trigger | View SourceCommit repository webhook details. |
| View | View/getSecretManagerSecretList | - | - | Trigger | View list of secret manager's secrets. |
| View | View/getSecretManagerSecretDetail | View/getSecretManagerSecretList | SecretManager:Secret | Trigger | View secret manager's secret details. |
| View | View/getResourceManagerObserverList | - | - | Action | View list of Resource Manager observers. |
| View | View/getResourceManagerObserverDetail | View/getResourceManagerObserverList | ResourceManager:Observer | Action | View Resource Manager observer details. |
| View | View/getVPCList | - | - | Action | View VPC list. |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | Action | View VPC details. |
| View | View/getSubnetList | - | - | Action | View subnet list. |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Action | View subnet details. |
| View | View/getDashboard | View/getActionActivationList | - | Activation | View dashboard. |
| View | View/getMonitoringAction | View/getActionActivationList | Action | Activation | View action monitoring information. |
| View | View/getMonitoringTrigger | View/getTriggerActivationList | Trigger | Activation | View trigger monitoring information. |
| Change | Change/createAPI | View/getProductList View/getProductDetail View/getAPIList |
APIGateway:API | Trigger | Create API Gateway API. |
| Change | Change/createAction | View/getPackageList View/getPackageDetail View/getActionList View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail Change/createNetworkInterface |
- | Action | Create action. |
| Change | Change/createActionLinkTrigger | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Action | Action | Connect trigger to action. |
| Change | Change/createNetworkInterface | - | - | Action | Create network interface. |
| Change | Change/createObjectStorageBucketEventRule | - | - | Trigger | Create Object Storage bucket event rule. |
| Change | Change/createSourceCommitWebhook | - | - | Trigger | Create SourceCommit repository webhook. |
| Change | Change/createPackage | View/getPackageList | - | Package | Create package. |
| Change | Change/createProduct | View/getProductList | - | Trigger | Create API Gateway product. |
| Change | Change/createTrigger | View/getTriggerList View/getTriggerDetail View/getProductList View/getProductDetail View/getAPIList View/getAPIDetail Change/updateAPI Change/createProduct Change/createAPI View/getEventRuleList View/getEventRuleDetail Change/updateEventRule View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList Change/createObjectStorageBucketEventRule View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail View/getSourceCommitWebhookList View/getSourceCommitWebhookDetail Change/createSourceCommitWebhook View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
- | Trigger | Create trigger. |
| Change | Change/createTriggerLinkAction | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Trigger | Trigger | Connect action to trigger. |
| Change | Change/deleteAction | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail Change/deleteNetworkInterface View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail |
Action | Action | Delete action. |
| Change | Change/deleteActionLinkTrigger | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Action | Action | Disconnect trigger from action. |
| Change | Change/deleteNetworkInterface | - | VPCServer:NetworkInterface | Action | Return network interface. |
| Change | Change/deletePackage | View/getPackageList View/getPackageDetail |
Package | Package | Delete package. |
| Change | Change/deleteTrigger | View/getTriggerList View/getTriggerDetail View/getEventRuleList View/getEventRuleDetail Change/updateEventRule View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList View/getSourceCommitRepositoryList View/getSourceCommitWebhookList View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
Trigger | Trigger | Delete trigger. |
| Change | Change/deleteTriggerLinkAction | View/getTriggerList View/getTriggerDetail View/getActionList View/getActionDetail |
Trigger | Trigger | Disconnect action from trigger. |
| Change | Change/invokeAction | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail |
Action | Action | Run action. |
| Change | Change/invokeTrigger | View/getTriggerList View/getTriggerDetail Change/invokeAction |
Trigger | Trigger | Run trigger. |
| Change | Change/updateAPI | View/getProductList View/getProductDetail View/getAPIList View/getAPIDetail |
APIGateway:API | Trigger | Edit API Gateway API. |
| Change | Change/updateAction | View/getPackageList View/getPackageDetail View/getActionList View/getActionDetail Change/createNetworkInterface Change/deleteNetworkInterface View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail |
Action | Action | Edit action. |
| Change | Change/updateEventRule | View/getEventRuleList View/getEventRuleDetail |
CloudInsight:EventRule | Trigger | Edit Cloud Insight event rule. |
| Change | Change/updatePackage | View/getPackageList View/getPackageDetail |
Package | Package | Edit package. |
| Change | Change/updateTrigger | View/getTriggerList View/getTriggerDetail View/getProductList View/getProductDetail View/getAPIList View/getAPIDetail Change/updateAPI Change/createProduct Change/createAPI View/getEventRuleList View/getEventRuleDetail Change/updateEventRule View/getObjectStorageBucketList View/getObjectStorageBucketEventRuleList Change/createObjectStorageBucketEventRule View/getSourceCommitRepositoryList View/getSourceCommitRepositoryDetail View/getSourceCommitWebhookList View/getSourceCommitWebhookDetail Change/createSourceCommitWebhook View/getSecretManagerSecretList View/getSecretManagerSecretDetail |
Trigger | Trigger | Edit trigger. |
Caution
Even when you are granted permission for a specific action, you cannot perform tasks properly if you are not also granted permissions for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, the system will determine that it was done intentionally by the main account user and will not forcibly include them. Therefore, be careful when setting permissions.