Cloud DB for MongoDB permissions management
- Print
- PDF
Cloud DB for MongoDB permissions management
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud DB for MongoDB. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Note
Sub Account is a service provided free of charge upon subscription request. For more information about Sub Account, see Services > Management & Governance > Sub Account in NAVER Cloud Platform portal, as well as the Sub Account user guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud DB for MongoDB. The following is a brief description of the system-managed policies of Cloud DB for MongoDB.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
| NCP_VPC_CLOUD_DB_FOR_MONGODB_MANAGER | Permission to use all the features in VPC-based Cloud DB for MongoDB |
| NCP_VPC_CLOUD_DB_FOR_MONGODB_VIEWER | Permission to only use the view list and search features in VPC-based Cloud DB for MongoDB |
User-defined policies
User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user created policies of Cloud DB for MongoDB.
| Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getDBDashboard | View/getServiceList View/getServiceDetail | Service | Service | View service’s DB Dashboard |
| View | View/getDBLogs | View/getServiceList View/getServiceDetail | Service | Service | View service DB log |
| View | View/getOSDashboard | View/getServiceList View/getServiceDetail | Service | Service | View service’s OS dashboard |
| View | View/getQueryTimeline | View/getServiceList View/getServiceDetail | Service | Service | View service Query Timeline |
| View | View/getServiceBackupDetail | View/getServiceBackupList View/getServiceList View/getServiceDetail | Service | Service | View service backup details |
| View | View/getServiceBackupList | View/getServiceList | - | Service | View service backup settings list |
| View | View/getServiceDetail | View/getServiceList | Service | Service | Check service details |
| View | View/getServiceList | - | - | Service | View service list |
| View | View/getServiceServerEventDetail | View/getServiceList View/getServiceDetail View/getServiceServerEventList | Service | Service | View service’s server event details |
| View | View/getServiceServerEventList | View/getServiceList | - | Service | View service server event list |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Service | Check accessible subnet for service |
| View | View/getSubnetList | - | - | Service | View subnet list required for service |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | Service | Check accessible VPCs for service |
| View | View/getVPCList | - | - | Service | View VPC list required for service |
| View | View/getBucketList | - | - | Service | View bucket list to export selected file |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Service | Select Bucket to export the selected file |
| View | View/getDBServerLogs | View/getServiceList View/getServiceDetail | Service | Service | View the log file of the selected DB Server |
| Change | Change/changePrimary | View/getServiceList View/getServiceDetail | Service | Service | Change Primary of Replica Set |
| Change | Change/changeSpec | View/getServiceList View/getServiceDetail | Service | Service | Change service specifications |
| Change | Change/createConnectString | View/getServiceList View/getServiceDetail | Service | Service | Create service access string |
| Change | Change/createService | View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getServiceList | - | Service | Create service |
| Change | Change/createServiceWithBackupFile | View/getServiceList View/getServiceDetail View/getServiceBackupList View/getServiceBackupDetail | Service | Service | Create new service using backup file |
| Change | Change/deleteService | View/getServiceList View/getServiceDetail | Service | Service | Delete service |
| Change | Change/deleteServiceBackup | View/getServiceBackupList View/getServiceBackupDetail | Service | Service | Delete service backup |
| Change | Change/manageAdminUser | View/getServiceList View/getServiceDetail | Service | Service | Manage service’s Admin User |
| Change | Change/manageConfigServer | Change/manageConfigServer View/getServiceDetail | Service | Service | Manage service’s Config Server |
| Change | Change/manageDBUser | View/getServiceList View/getServiceDetail | Service | Service | Manage service DB users |
| Change | Change/manageMongos | Change/manageMongos View/getServiceDetail | Service | Service | Manage service’s Mongos |
| Change | Change/managePublicDomain | View/getServiceList View/getServiceDetail | Service | Service | Manage public domain that allows external access to service |
| Change | Change/manageReplicaSet | View/getServiceList View/getServiceDetail | Service | Service | Manage replica set of service |
| Change | Change/manageServiceBackupTime | View/getServiceList View/getServiceDetail View/getServiceBackupList View/getServiceBackupDetail | Service | Service | Manage service backup settings |
| Change | Change/manageShard | View/getServiceList View/getServiceDetail | Service | Service | Manage service shard |
| Change | Change/restartService | View/getServiceList View/getServiceDetail | Service | Service | Restart service |
| Change | Change/exportBackupToObjectStorage | View/getServiceList View/getServiceDetail View/getBucketList View/getBucketDetail View/getServiceBackupDetail View/getServiceBackupList | Service | Service | Export the selected backup file to Object Storage |
| Change | Change/upgradeDBVersion | View/getDBServiceList View/getDBServiceDetail | Service | Service | Upgrade MongoDB version of Service (DB) |
| Change | Change/deleteDBServerLog | View/getDBServiceList View/getDBServiceDetail View/getDBServerLogs | Service | Service | Delete log file for the selected DB server |
| Change | Change/exportDBServerLogsToObjectStorage | View/getServiceList View/getServiceDetail View/getDBServerLogs View/getBucketList View/getBucketDetail | Service | Service | Export the selected log file to Object Storage |
Caution
Even when you are granted permission for a specific action, you won't be able to perform the task properly unless you are also granted permission for the required related actions. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. Use care when setting permissions.
Was this article helpful?