- Print
- PDF
Managing Cloud Hadoop permissions
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud Hadoop. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, refer to the Service > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud Hadoop. The following is a brief description about System Managed policies of Cloud Hadoop.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_VPC_CLOUD_HADOOP_MANAGER | Permission to use all features within VPC-based Cloud Hadoop |
NCP_VPC_CLOUD_HADOOP_VIEWER | Permission to only use the View list and Search features in VPC-based Cloud Hadoop |
User Created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Cloud Hadoop.
Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getClusterList | - | - | Cluster | View cluster list |
View | View/getClusterDetail | View/getClusterList | Cluster | Cluster | View cluster details |
View | View/getVPCList | - | - | Cluster | View VPC list |
View | View/getVPCDetail | View/getVPCList | VPC:VPC | Cluster | Select a VPC to place the cluster in |
View | View/getSubnetList | - | - | Cluster | View subnet list |
View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Cluster | Select subnet to place cluster |
View | View/getLoginKeyList | - | - | Cluster | View authentication key list |
View | View/getBucketList | - | - | Cluster | View bucket list |
View | View/getBucketDetail | View/getBucketList | Object Storage:Bucket | Cluster | Select bucket to connect |
View | View/getClusterACGDetail | - | Cluster | Cluster | View ACG details |
View | View/getDBUserList | View/getDBServiceList View/getDBServiceDetail View/getClusterList View/getClusterDetail | Cluster VPCCloudDBforMySQL:Service | Cluster | View user list on Cloud DB for MySQL |
View | View/getDBServiceList | View/getClusterList View/getClusterDetail | Cluster | Cluster | View service (DB) list on Cloud DB for MySQL |
View | View/getDBServiceDetail | View/getDBServiceList View/getClusterList View/getClusterDetail | Cluster VPCCloudDBforMySQL:Service | Cluster | View service (DB) details on Cloud DB for MySQL |
View | View/getObjectList | View/getBucketList | Object Storage:Bucket | Cluster | Views bucket object list and details |
View | View/getHadoopDashboard | View/getClusterList | Cluster | Cluster | Views Hadoop monitoring dashboard of cluster |
View | View/getOSDashboard | View/getClusterList | Cluster | Cluster | Views OS monitoring dashboard of cluster |
View | View/getNotebookList | Notebook | View notebook list | ||
View | View/getNotebookDetail | View/getNotebookList | Notebook | Notebook | View notebook details |
View | View/getNotebookACGDetail | Notebook | Notebook | Check Notebook ACG details | |
View | View/getNotebookBucketDetail | View/getBucketList | Object Storage:Bucket | Notebook | Select a bucket to connect to the notebook |
View | View/getDependentClusterList | View/getClusterList View/getClusterDetail | Cluster | Notebook | View Cloud Hadoop cluster list to connect to the notebook |
View | View/getNotebookBucketList | Notebook | View Cloud Hadoop bucket list to connect to the notebook | ||
View | View/getHadoopClusterEventList | View/getClusterList | Cluster | Query event history of Cloud Hadoop cluster. | |
Change | Change/createCloudHadoopCluster | View/getClusterList View/getVPCList View/getSubnetList View/getLoginKeyList View/getBucketList View/getVPCDetail View/getSubnetDetail View/getBucketDetail View/getObjectList | ObjectStorage:Bucket VPC:Subnet VPC:VPC | Cluster | Create cluster |
Change | Change/createLoginKey | - | - | Cluster | Create authentication key |
Change | Change/deleteCloudHadoopCluster | View/getClusterList View/getClusterDetail | Cluster | Cluster | Delete cluster |
Change | Change/changeCountOfDataNode | View/getClusterList View/getClusterDetail | Cluster | Cluster | Change the number of cluster nodes |
Change | Change/resetAdminPassword | View/getClusterList View/getClusterDetail | Cluster | Cluster | Initialize cluster admin password |
Change | Change/manageLoginKey | View/getClusterList View/getClusterDetail View/getLoginKeyList | - | Cluster | Manage authentication key |
Change | Change/changeSpec | View/getClusterList View/getClusterDetail | Cluster | Cluster | Change cluster specifications |
Change | Change/connectExternalHiveMetastore | View/getDBServiceList View/getDBServiceDetail View/getClusterList View/getClusterDetail View/getDBUserList | Cluster | Cluster | Connect an external Hive metastore with the Cloud Hadoop cluster in operation. |
Change | Change/createCloudHadoopNotebook | View/getNotebookList View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getLoginKeyList View/getNotebookBucketList View/getNotebookBucketDetail View/getDependentClusterList View/getClusterList View/getClusterDetail | Notebook | Create Cloud Hadoop Notebook | |
Change | Change/deleteCloudHadoopNotebook | View/getNotebookList View/getNotebookDetail | Notebook | Notebook | Delete Cloud Hadoop Notebook |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.