Cloud DB for MongoDB permissions management

Prev Next

Available in VPC

You can set different access permissions for Cloud DB for MongoDB using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.

Note

Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.

System-managed policies

System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Cloud DB for MongoDB. Here are the available system-managed policies for Cloud DB for MongoDB:

Policy name Policy description
NCP_ADMINISTRATOR Full access to all services, with the same scope as the main account
NCP_INFRA_MANAGER Access to all services, except the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console
NCP_FINANCE_MANAGER Access only to the Cost Explorer service and the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console
NCP_VPC_CLOUD_DB_FOR_MONGODB_MANAGER Full access to all Cloud DB for MongoDB features on the VPC platform
NCP_VPC_CLOUD_DB_FOR_MONGODB_VIEWER View-only access to list and query VPC-based Cloud DB for MongoDB

User-defined policies

User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions, you've allowed. Here are the available user-defined policies for Cloud DB for MongoDB:

| Type | Action | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getDBDashboard | View/getServiceList
View/getServiceDetail | Service | Service | View the DB dashboard for the service. |
| View | View/getDBLogs | View/getServiceList
View/getServiceDetail | Service | Service | View DB logs for the service |
| View | View/getOSDashboard | View/getServiceList
View/getServiceDetail | Service | Service | View the OS dashboard for the service. |
| View | View/getQueryTimeline | View/getServiceList
View/getServiceDetail | Service | Service | View the query timeline for the service. |
| View | View/getServiceBackupDetail | View/getServiceBackupList
View/getServiceList
View/getServiceDetail | Service | Service | View detailed backup information for the service. |
| View | View/getServiceBackupList | View/getServiceList | - | Service | View the list of backup configurations for the service. |
| View | View/getServiceDetail | View/getServiceList | Service | Service | View detailed information about the service. |
| View | View/getServiceList | - | - | Service | View the list of services. |
| View | View/getServiceServerEventDetail | View/getServiceList
View/getServiceDetail
View/getServiceServerEventList | Service | Service | View detailed server event information for the service. |
| View | View/getServiceServerEventList | View/getServiceList | - | Service | View the list of server events for the service. |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Service | Check the subnets accessible for the service. |
| View | View/getSubnetList | - | - | Service | View the list of subnets required for the service. |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | Service | Check the VPCs accessible for the service. |
| View | View/getVPCList | - | - | Service | View the list of VPCs required for the service. |
| View | View/getBucketList | - | - | Service | View the list of buckets to which the selected file can be exported. |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Service | Select a bucket to which the selected file will be exported. |
| View | View/getDBServerLogs | View/getServiceList
View/getServiceDetail | Service | Service | View log files for the selected DB server. |
| View | View/getOperatingSystemConfig | View/getDBServiceList
View/getDBServiceDetail | Service | Service | View the settings required for upgrading the operating system of the service (DB) |
| Change | Change/changePrimary | View/getServiceList
View/getServiceDetail | Service | Service | Change the primary of the replica set. |
| Change | Change/changeSpec | View/getServiceList
View/getServiceDetail | Service | Service | Change the service specifications |
| Change | Change/createConnectString | View/getServiceList
View/getServiceDetail | Service | Service | Create a service connection string. |
| Change | Change/createService | View/getVPCList
View/getVPCDetail
View/getSubnetList
View/getSubnetDetail
View/getServiceList | - | Service | Create a service. |
| Change | Change/createServiceWithBackupFile | View/getServiceList
View/getServiceDetail
View/getServiceBackupList
View/getServiceBackupDetail | Service | Service | Create a new service using a backup file. |
| Change | Change/deleteService | View/getServiceList
View/getServiceDetail | Service | Service | Delete the service. |
| Change | Change/deleteServiceBackup | View/getServiceBackupList
View/getServiceBackupDetail | Service | Service | Delete service backups. |
| Change | Change/manageAdminUser | View/getServiceList
View/getServiceDetail | Service | Service | Manage the admin users for the service. |
| Change | Change/manageConfigServer | Change/manageConfigServer
View/getServiceDetail | Service | Service | Manage the config server for the service. |
| Change | Change/manageDBUser | View/getServiceList
View/getServiceDetail | Service | Service | Manage DB users for the service. |
| Change | Change/manageMongos | Change/manageMongos
View/getServiceDetail | Service | Service | Manage Mongos for the service. |
| Change | Change/managePublicDomain | View/getServiceList
View/getServiceDetail | Service | Service | Manage the public domain that allows external access to the service. |
| Change | Change/manageReplicaSet | View/getServiceList
View/getServiceDetail | Service | Service | Manage the replica set for the service. |
| Change | Change/manageServiceBackupTime | View/getServiceList
View/getServiceDetail
View/getServiceBackupList
View/getServiceBackupDetail | Service | Service | Manage backup settings for the service. |
| Change | Change/manageShard | View/getServiceList
View/getServiceDetail | Service | Service | Manage shards for the service. |
| Change | Change/restartService | View/getServiceList
View/getServiceDetail | Service | Service | Restart the service. |
| Change | Change/exportBackupToObjectStorage | View/getServiceList
View/getServiceDetail
View/getBucketList
View/getBucketDetail
View/getServiceBackupDetail
View/getServiceBackupList | Service | Service | Export the selected backup file to Object Storage |
| Change | Change/upgradeDBVersion | View/getDBServiceList
View/getDBServiceDetail | Service | Service | Upgrade the MongoDB version of the service (DB). |
| Change | Change/deleteDBServerLog | View/getDBServiceList
View/getDBServiceDetail
View/getDBServerLogs | Service | Service | Delete log files for the selected DB server. |
| Change | Change/exportDBServerLogsToObjectStorage | View/getServiceList
View/getServiceDetail
View/getDBServerLogs
View/getBucketList
View/getBucketDetail | Service | Service | Export the selected log files to Object Storage. |
| Change | Change/manageOperatingSystem | View/getDBServiceList
View/getDBServiceDetail
View/getOperatingSystemConfig | Service | Service | Upgrade the operating system of the service (DB) |

Caution

If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.