Available in VPC
You can set different access permissions for Cloud Hadoop using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Cloud Hadoop. Here are the available system-managed policies for Cloud Hadoop:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services with the same scope as the main account |
| NCP_INFRA_MANAGER | Permission to access all services, except the My Account > Billing information and cost management > Billing and payment management menu in the console, which is restricted. |
| NCP_FINANCE_MANAGER | Permission to access only the Cost Explorer service and the My Account > Billing information and cost management > Billing and payment management menu in the console. |
| NCP_VPC_CLOUD_HADOOP_MANAGER | Full access to all Cloud Hadoop features on the VPC platform |
| NCP_VPC_CLOUD_HADOOP_VIEWER | View-only access to all Cloud Hadoop features on the VPC platform |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Cloud Hadoop:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getClusterList | - | - | Cluster | View cluster list |
| View | View/getClusterDetail | View/getClusterList | Cluster | Cluster | View cluster details |
| View | View/getVPCList | - | - | Cluster | View VPC list |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | Cluster | Select a VPC to place the cluster |
| View | View/getSubnetList | - | - | Cluster | View subnet list |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Cluster | Select subnet to place cluster |
| View | View/getLoginKeyList | - | - | Cluster | View authentication key list |
| View | View/getBucketList | - | - | Cluster | View bucket list |
| View | View/getBucketDetail | View/getBucketList | Object Storage:Bucket | Cluster | Select bucket to connect |
| View | View/getClusterACGDetail | - | Cluster | Cluster | View ACG details |
| View | View/getDBUserList | View/getDBServiceList View/getDBServiceDetail View/getClusterList View/getClusterDetail |
Cluster VPCCloudDBforMySQL:Service |
Cluster | View user list on Cloud DB for MySQL |
| View | View/getDBServiceList | View/getClusterList View/getClusterDetail |
Cluster | Cluster | View service (DB) list on Cloud DB for MySQL |
| View | View/getDBServiceDetail | View/getDBServiceList View/getClusterList View/getClusterDetail |
Cluster VPCCloudDBforMySQL:Service |
Cluster | View service (DB) details on Cloud DB for MySQL |
| View | View/getObjectList | View/getBucketList | Object Storage:Bucket | Cluster | View bucket object list and details |
| View | View/getHadoopDashboard | View/getClusterList | Cluster | Cluster | View Hadoop monitoring dashboard of cluster |
| View | View/getOSDashboard | View/getClusterList | Cluster | Cluster | View OS monitoring dashboard of cluster |
| View | View/getNotebookList | Notebook | View notebook list | ||
| View | View/getNotebookDetail | View/getNotebookList | Notebook | Notebook | View notebook details |
| View | View/getNotebookACGDetail | Notebook | Notebook | Check Notebook ACG details | |
| View | View/getNotebookBucketDetail | View/getNotebookBucketList | Object Storage:Bucket | Notebook | Select a bucket to connect to the notebook |
| View | View/getDependentClusterList | View/getClusterList View/getClusterDetail |
Cluster | Notebook | View Cloud Hadoop cluster list to connect to the notebook |
| View | View/getNotebookBucketList | Notebook | View Cloud Hadoop bucket list to connect to the notebook | ||
| View | View/getHadoopClusterEventList | View/getClusterList | Cluster | Query event history of Cloud Hadoop cluster. | |
| Change | Change/createCloudHadoopCluster | View/getClusterList View/getVPCList View/getSubnetList View/getLoginKeyList View/getBucketList View/getVPCDetail View/getSubnetDetail View/getBucketDetail View/getObjectList |
ObjectStorage:Bucket VPC:Subnet VPC:VPC |
Cluster | Create cluster |
| Change | Change/createLoginKey | - | - | Cluster | Create authentication key |
| Change | Change/deleteCloudHadoopCluster | View/getClusterList View/getClusterDetail |
Cluster | Cluster | Delete cluster |
| Change | Change/changeCountOfDataNode | View/getClusterList View/getClusterDetail |
Cluster | Cluster | Change the number of cluster nodes |
| Change | Change/resetAdminPassword | View/getClusterList View/getClusterDetail |
Cluster | Cluster | Initialize cluster admin password |
| Change | Change/manageLoginKey | View/getClusterList View/getClusterDetail View/getLoginKeyList |
- | Cluster | Manage authentication key |
| Change | Change/changeSpec | View/getClusterList View/getClusterDetail |
Cluster | Cluster | Change cluster specifications |
| Change | Change/connectExternalHiveMetastore | View/getDBServiceList View/getDBServiceDetail View/getClusterList View/getClusterDetail View/getDBUserList |
Cluster | Cluster | Connect an external Hive metastore with the Cloud Hadoop cluster in operation. |
| Change | Change/createCloudHadoopNotebook | View/getNotebookList View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getLoginKeyList View/getNotebookBucketList View/getNotebookBucketDetail View/getDependentClusterList View/getClusterList View/getClusterDetail |
Notebook | Create Cloud Hadoop Notebook | |
| Change | Change/deleteCloudHadoopNotebook | View/getNotebookList View/getNotebookDetail |
Notebook | Notebook | Delete Cloud Hadoop Notebook |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.