Managing Cloud DB for MongoDB permissions

System-managed policies

System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud DB for MongoDB. The following is a brief description of the system-managed policies of Cloud DB for MongoDB.

Policy	Policy description
NCP_ADMINISTRATOR	Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
NCP_INFRA_MANAGER	Permission to use all services in NAVER Cloud Platform and access My page > Manage notifications in the portal
NCP_VPC_CLOUD_DB_FOR_MONGODB_MANAGER	Permission to use all the features in VPC-based Cloud DB for MongoDB
NCP_VPC_CLOUD_DB_FOR_MONGODB_VIEWER	Permission to only use the view list and search features in VPC-based Cloud DB for MongoDB

Policy

Policy description

NCP_ADMINISTRATOR

Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts

NCP_INFRA_MANAGER

Permission to use all services in NAVER Cloud Platform and access My page > Manage notifications in the portal

NCP_VPC_CLOUD_DB_FOR_MONGODB_MANAGER

Permission to use all the features in VPC-based Cloud DB for MongoDB

NCP_VPC_CLOUD_DB_FOR_MONGODB_VIEWER

Permission to only use the view list and search features in VPC-based Cloud DB for MongoDB

User-created policies

User-created policies are policies that users may create. Once user-created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user created policies of Cloud DB for MongoDB.

Division	Action name	Related action(s)	Resource type	Group by resource type	Action description
View	View/getDBDashboard	View/getServiceList View/getServiceDetail	Service	Service	View service’s DB dashboard
View	View/getDBLogs	View/getServiceList View/getServiceDetail	Service	Service	View service DB log
View	View/getOSDashboard	View/getServiceList View/getServiceDetail	Service	Service	View service’s OS dashboard
View	View/getQueryTimeline	View/getServiceList View/getServiceDetail	Service	Service	View service query timeline
View	View/getServiceBackupDetail	View/getServiceBackupList View/getServiceList View/getServiceDetail	Service	Service	View service backup details
View	View/getServiceBackupList	View/getServiceList	-	Service	View service backup settings list
View	View/getServiceDetail	View/getServiceList	Service	Service	Check service details
View	View/getServiceList	-	-	Service	View service list
View	View/getServiceServerEventDetail	View/getServiceList View/getServiceDetail View/getServiceServerEventList	Service	Service	View service’s server event details
View	View/getServiceServerEventList	View/getServiceList	-	Service	View service server event list
View	View/getSubnetDetail	View/getSubnetList	VPC:Subnet	Service	Check accessible subnet for service
View	View/getSubnetList	-	-	Service	View subnet list required for service
View	View/getVPCDetail	View/getVPCList	VPC:VPC	Service	Check accessible VPCs for service
View	View/getVPCList	-	-	Service	View VPC list required for service
View	View/getBucketList	-	-	Service	View bucket list to export selected file
View	View/getBucketDetail	View/getBucketList	ObjectStorage:Bucket	Service	Select bucket to export the selected file
Change	Change/changePrimary	View/getServiceList View/getServiceDetail	Service	Service	Change primary of replica set
Change	Change/changeSpec	View/getServiceList View/getServiceDetail	Service	Service	Change service specifications
Change	Change/createConnectString	View/getServiceList View/getServiceDetail	Service	Service	Create service access string
Change	Change/createService	View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getServiceList	-	Service	Create service
Change	Change/createServiceWithBackupFile	View/getServiceList View/getServiceDetail View/getServiceBackupList View/getServiceBackupDetail	Service	Service	Create new service using backup file
Change	Change/deleteService	View/getServiceList View/getServiceDetail	Service	Service	Delete service
Change	Change/deleteServiceBackup	View/getServiceBackupList View/getServiceBackupDetail	Service	Service	Delete service backup
Change	Change/manageAdminUser	View/getServiceList View/getServiceDetail	Service	Service	Manage service’s admin user
Change	Change/manageConfigServer	Change/manageConfigServer View/getServiceDetail	Service	Service	Manage service’s config server
Change	Change/manageDBUser	View/getServiceList View/getServiceDetail	Service	Service	Manage service DB users
Change	Change/manageMongos	Change/manageMongos View/getServiceDetail	Service	Service	Manage service’s mongos
Change	Change/managePublicDomain	View/getServiceList View/getServiceDetail	Service	Service	Manage public domain that allows external access to service
Change	Change/manageReplicaSet	View/getServiceList View/getServiceDetail	Service	Service	Manage replica set of service
Change	Change/manageServiceBackupTime	View/getServiceList View/getServiceDetail View/getServiceBackupList View/getServiceBackupDetail	Service	Service	Manage service backup settings
Change	Change/manageShard	View/getServiceList View/getServiceDetail	Service	Service	Manage service shard
Change	Change/restartService	View/getServiceList View/getServiceDetail	Service	Service	Restart service
Change	Change/exportBackupToObjectStorage	View/getServiceList View/getServiceDetail View/getBucketList View/getBucketDetail View/getServiceBackupDetail View/getServiceBackupList	Service	Service	Export the selected backup file to Object Storage
Change	Change/upgradeDBVersion	View/getDBServiceList View/getDBServiceDetail	Service	Service	Upgrade service’s MongoDB version (DB)

Division

Action name

Related action(s)

Resource type

Group by resource type

Action description

View

View/getDBDashboard

View/getServiceList
View/getServiceDetail

Service

View service’s DB dashboard

View

View/getDBLogs

View/getServiceList
View/getServiceDetail

Service

View service DB log

View

View/getOSDashboard

View/getServiceList
View/getServiceDetail

Service

View service’s OS dashboard

View

View/getQueryTimeline

View/getServiceList
View/getServiceDetail

Service

View service query timeline

View

View/getServiceBackupDetail

View/getServiceBackupList
View/getServiceList
View/getServiceDetail

Service

View service backup details

View

View/getServiceBackupList

View/getServiceList

Service

View service backup settings list

View

View/getServiceDetail

View/getServiceList

Service

Check service details

View

View/getServiceList

Service

View service list

View

View/getServiceServerEventDetail

View/getServiceList
View/getServiceDetail
View/getServiceServerEventList

Service

View service’s server event details

View

View/getServiceServerEventList

View/getServiceList

Service

View service server event list

View

View/getSubnetDetail

View/getSubnetList

VPC:Subnet

Service

Check accessible subnet for service

View

View/getSubnetList

Service

View subnet list required for service

View

View/getVPCDetail

View/getVPCList

VPC:VPC

Service

Check accessible VPCs for service

View

View/getVPCList

Service

View VPC list required for service

View

View/getBucketList

Service

View bucket list to export selected file

View

View/getBucketDetail

View/getBucketList

ObjectStorage:Bucket

Service

Select bucket to export the selected file

Change

Change/changePrimary

View/getServiceList
View/getServiceDetail

Service

Change primary of replica set

Change

Change/changeSpec

View/getServiceList
View/getServiceDetail

Service

Change service specifications

Change

Change/createConnectString

View/getServiceList
View/getServiceDetail

Service

Create service access string

Change

Change/createService

View/getVPCList
View/getVPCDetail
View/getSubnetList
View/getSubnetDetail
View/getServiceList

Service

Create service

Change

Change/createServiceWithBackupFile

View/getServiceList
View/getServiceDetail
View/getServiceBackupList
View/getServiceBackupDetail

Service

Create new service using backup file

Change

Change/deleteService

View/getServiceList
View/getServiceDetail

Service

Delete service

Change

Change/deleteServiceBackup

View/getServiceBackupList
View/getServiceBackupDetail

Service

Delete service backup

Change

Change/manageAdminUser

View/getServiceList
View/getServiceDetail

Service

Manage service’s admin user

Change

Change/manageConfigServer

Change/manageConfigServer
View/getServiceDetail

Service

Manage service’s config server

Change

Change/manageDBUser

View/getServiceList
View/getServiceDetail

Service

Manage service DB users

Change

Change/manageMongos

Change/manageMongos
View/getServiceDetail

Service

Manage service’s mongos

Change

Change/managePublicDomain

View/getServiceList
View/getServiceDetail

Service

Manage public domain that allows external access to service

Change

Change/manageReplicaSet

View/getServiceList
View/getServiceDetail

Service

Manage replica set of service

Change

Change/manageServiceBackupTime

View/getServiceList
View/getServiceDetail
View/getServiceBackupList
View/getServiceBackupDetail

Service

Manage service backup settings

Change

Change/manageShard

View/getServiceList
View/getServiceDetail

Service

Manage service shard

Change

Change/restartService

View/getServiceList
View/getServiceDetail

Service

Restart service

Change

Change/exportBackupToObjectStorage

View/getServiceList
View/getServiceDetail
View/getBucketList
View/getBucketDetail
View/getServiceBackupDetail
View/getServiceBackupList

Service

Export the selected backup file to Object Storage

Change

Change/upgradeDBVersion

View/getDBServiceList
View/getDBServiceDetail

Service

Upgrade service’s MongoDB version (DB)

Caution

Even when you are granted permission for a specific action, you cannot perform jobs properly if you are not also granted permissions for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.

Managing Cloud DB for MongoDB permissions

System-managed policies

User-created policies

What's Next