Managing Cloud DB for Redis permissions (VPC)
- Print
- PDF
Managing Cloud DB for Redis permissions (VPC)
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Cloud DB for Redis. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Note
Sub Account is a free service provided upon subscription request without additional charge. For more information about Sub Account, see Services > Management & Governance > Sub Account in NAVER Cloud Platform portal, as well as the Sub Account user guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once the system-managed policies are granted to a sub account created in Sub Account, that sub account can use Cloud DB for Redis. The following is a brief description of the system-managed policies of Cloud DB for Redis.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
| NCP_VPC_CLOUD_DB_FOR_REDIS_MANAGER | Permission to use all the features in VPC-based Cloud DB for Redis |
| NCP_VPC_CLOUD_DB_FOR_REDIS_VIEWER | Permission to use See list and View features in VPC-based Cloud DB for Redis |
User-defined policies
User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-defined policies of Cloud DB for Redis.
| Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getServiceBackupDetail | View/getServiceBackupList | Service | Service | View service backup details |
| View | View/getServiceBackupList | - | - | Service | View service backup settings list |
| View | View/getServiceDetail | View/getServiceList | Service | Service | View service details |
| View | View/getServiceList | - | - | Service | View service list |
| View | View/getServiceListOfConfigGroup | View/getConfigGroupList View/getConfigGroupDetail | ConfigGroup | Service | View service list with config group applied |
| View | View/getServiceServerEventDetail | View/getServiceList View/getServiceDetail View/getServiceServerEventList | Service | Service | View server event details of service |
| View | View/getServiceServerEventList | View/getServiceList | - | Service | View server event list for the service |
| View | View/getConfigGroupDetail | View/getConfigGroupList | ConfigGroup | ConfigGroup | View Config Group details |
| View | View/getConfigGroupList | - | - | ConfigGroup | View Config Group list |
| View | View/getOSDashboard | View/getServiceList View/getServiceDetail | Service | Service | View OS dashboard of the nodes comprising the service |
| View | View/getRedisDashboard | View/getServiceList View/getServiceDetail | Service | Service | View Redis dashboard of the nodes comprising the service |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Service | Check accessible subnet for service |
| View | View/getSubnetList | - | - | Service | View the list of subnets required for service |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | Service | Check accessible VPCs for service |
| View | View/getVPCList | - | - | Service | View VPC list required for service |
| View | View/getBucketList | - | - | Service | View bucket list to export selected file |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Service | Select bucket to export selected file |
| View | View/getServiceBackupManualList | - | - | Service | View manual backup settings list of service |
| View | View/getServiceBackupManualDetail | View/getServiceBackupManualList | Service | Service | View manual backup details of service |
| View | View/exportDBServiceList | View/getDBServiceList | Service | Service | Download service (DB) list |
| Change | Change/createService | View/getServiceList View/getVPCList View/getVPCDetail View/getSubnetList View/getSubnetDetail View/getConfigGroupList View/getConfigGroupDetail | - | Service | Create service |
| Change | Change/createServiceWithBackupFile | View/getServiceList View/getServiceDetail View/getServiceBackupList View/getServiceBackupDetail View/getServiceBackupManualList View/getServiceBackupManualDetail | Service | Service | Create new service with backup file |
| Change | Change/createConfigGroup | View/getConfigGroupList | - | ConfigGroup | Create Config Group |
| Change | Change/deleteService | View/getServiceList View/getServiceDetail | Service | Service | Delete service |
| Change | Change/deleteConfigGroup | View/getConfigGroupList View/getConfigGroupDetail | ConfigGroup | ConfigGroup | Delete Config Group |
| Change | Change/manageServiceBackup | View/getServiceList View/getServiceDetail | Service | Service | Service backup settings |
| Change | Change/manageServiceConfigGroup | View/getServiceList View/getServiceDetail View/getConfigGroupList View/getConfigGroupDetail | Service | Service | Manage service config group |
| Change | Change/manageServiceNode | View/getServiceList View/getServiceDetail | Service | Service | Manage service nodes |
| Change | Change/changeServiceSpec | View/getServiceList View/getServiceDetail | Service | Service | Change service specifications |
| Change | Change/manageConfigGroup | View/getConfigGroupList View/getConfigGroupDetail View/getServiceListOfConfigGroup | ConfigGroup | ConfigGroup | Change Config Group |
| Change | Change/restartService | View/getServiceList View/getServiceDetail | Service | Service | Restart service |
| Change | Change/changeFlushAll | View/getServiceList View/getServiceDetail | Service | Service | Delete all data from Redis server |
| Change | Change/exportBackupToObjectStorage | View/getServiceList View/getServiceDetail View/getBucketList View/getBucketDetail View/getServiceBackupList View/getServiceBackupDetail View/getServiceBackupManualList View/getServiceBackupManualDetail | Service | Service | Export the selected backup file to object storage |
| Change | Change/createManualBackup | View/getServiceList View/getServiceDetail View/getServiceBackupManualList | Service | Service | Start manual backup for service |
| Change | Change/deleteManualBackupFile | View/getServiceList View/getServiceDetail View/getServiceBackupManualList View/getServiceBackupManualDetail | Service | Service | Delete manual backup file of service |
| Change | Change/manageDBServerName | View/getServiceList View/getServiceDetail | Service | Service | Change DB server name |
| Change | Change/upgradeDBVersion | View/getServiceList View/getServiceDetail View/getConfigGroupList View/getConfigGroupDetail | Service | Service | Upgrade Redis engine version of service (DB) |
Caution
Even when you are granted permission for a specific action, you won't be able to perform the task properly unless you are also granted permission for the required related actions. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. Use care when setting permissions.
Was this article helpful?