Available in VPC
You can set various access permissions for Data Catalog using Sub Account, NAVER CLOUD PLATFORM's account management service. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Note
Sub Account is a service provided free of charge upon subscription request. For a detailed description of Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. When you grant a managed policy to a subaccount created in the Sub Account, the authorized Sub Account will access the Data Catalog. Here is a brief description of managed policies in the Data Catalog.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
| NCP_VPC_DATA_CATALOG_MANAGER | Full access to all features of the VPC-based Data Catalog |
| NCP_VPC_DATA_CATALOG_VIEWER | Permission to use the lookup feature of the VPC-based Data Catalog only |
User-defined policies
User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. A brief description of custom policies in the Data Catalog is provided below.
| Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getBucketList | View/getObjectList | ObjectStorage :Bucket |
ObjectStorage :Bucket |
View details about a classifier |
| View | View/getClassifierDetail | View/getClassifierList | Classifier | Classifier | View details about a classifier |
| View | View/getClassifierList | - | - | Classifier | View a list of classifiers |
| View | View/getConnectionDetail | View/getConnectionList | Connection | Connection | View details about a connection |
| View | View/getConnectionList | - | - | Connection | View a list of connections |
| View | View/getDatabaseDetail | View/getDatabaseList View/getTableDetail View/getTableList View/getTagTemplateDetail View/getTagTemplateList |
Database | Database | View detailed information about a database in the Data Catalog |
| View | View/getDatabaseList | - | - | Database | View a list of databases in the Data Catalog |
| View | View/getMongoDBServiceDetail | View/getMongoDBServiceList | VPCCloudDBforMongoDB :Service |
VPCCloudDBforMongoDB :Service |
View CDB for MongoDB Service (DB) details |
| View | View/getMongoDBServiceList | - | - | VPCCloudDBMongoDB :Service |
View CDB for MongoDB Service (DB) list |
| View | View/getMssqlDBServiceDetail | View/getMssqlDBServiceList | VPCCloudDBforMssqlDB :Service |
VPCCloudDBforMssqlDB :Service |
View CDB for MssqlDB Service (DB) details |
| View | View/getMssqlDBServiceList | - | - | VPCCloudDBforMssqlDB :Service |
View CDB for MssqlDB Service (DB) list |
| View | View/getMysqlDBServiceDetail | View/getMysqlDBServiceList | VPCCloudDBforMysqlDB :Service |
VPCCloudDBforMysqlDB :Service |
View CDB for MysqlDB Service (DB) details |
| View | View/getMysqlDBServiceList | - | - | VPCCloudDBforMySQL :Service |
View CDB for MysqlDB Service (DB) List |
| View | View/getPostgreSQLDBServiceDetail | View/getPostgreSQLDBServiceList | VPCCloudDBforPostgreSQLDB :Service |
VPCCloudDBforPostgreSQLDB :Service |
View CDB for PostgreSQLDB Service (DB) Details |
| View | View/getPostgreSQLDBServiceList | - | - | VPCCloudDBforPostgreSQLDB :Service |
View CDB for PostgreSQLDB Service (DB) list |
| View | View/getObjectList | View/getBucketList | ObjectStorage :Bucket |
ObjectStorage :Bucket |
Perform a read operation on an object in Object Storage |
| View | View/getScannerDetail | View/getScannerList | Scanner | Scanner | View scanner details |
| View | View/getScannerList | - | - | Scanner | View a list of scanners |
| View | View/getTableDetail | View/getTableList | Table | Table | View table details for a table in the Data Catalog |
| View | View/getTableList | - | - | Table | View a list of tables in the Data Catalog |
| View | View/getTagTemplateDetail | View/getTagTemplateList | TagTemplate | TagTemplate | View details about a tag template |
| View | View/getTagTemplateList | - | - | TagTemplate | View a list of tag templates |
| Change | Change/createClassifier | - | - | Classifier | Create a classifier |
| Change | Change/createConnection | View/getMongoDBServiceDetail View/getMongoDBServiceList View/getMssqlDBServiceDetail View/getMssqlDBServiceList View/getMysqlDBServiceDetail View/getMysqlDBServiceList View/getPostgreSQLDBServiceDetail View/getPostgreSQLDBServiceList |
- | Connection | Create a connection |
| Change | Change/createDatabase | View/getTagTemplateDetail View/getTagTemplateList View/getBucketList View/getObjectList |
- | Database | Create a database for the Data Catalog |
| Change | Change/createScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList Change/createConnection Change/createClassifier View/getBucketList View/getObjectList |
- | Scanner | Create a scanner |
| Change | Change/createTable | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList |
- | Table | Creating tables in the Data Catalog |
| Change | Change/createTagTemplate | - | - | TagTemplate | Create a tag template |
| Change | Change/deleteClassifier | View/getClassifierDetail View/getClassifierList |
Classifier | Classifier | Delete a classifier |
| Change | Change/deleteConnection | View/getConnectionDetail View/getConnectionList |
Connection | Connection | Delete a connection |
| Change | Change/deleteDatabase | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList |
Database | Database | Deleting databases in the Data Catalog |
| Change | Change/deleteScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList |
Scanner | Scanner | Delete a scanner |
| Change | Change/deleteTable | View/getTableDetail View/getTableList |
Table | Table | Deleting tables in the Data Catalog |
| Change | Change/deleteTagTemplate | View/getTagTemplateDetail View/getTagTemplateList |
TagTemplate | TagTemplate | Delete a tag template |
| Change | Change/pauseScannerSchedule | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList |
Scanner | Scanner | Pause the scanner's run cycle |
| Change | Change/reloadDataCatalog | - | Catalog | Catalog | Reload Data Catalog settings information |
| Change | Change/resumeScannerSchedule | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList |
Scanner | Scanner | Restart the scanner's run cycle |
| Change | Change/runScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList |
Scanner | Scanner | Run the scanner |
| Change | Change/stopScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList |
Scanner | Scanner | Stop scanner from running |
| Change | Change/subscribeProduct | - | Catalog | Catalog | Using or terminating the Data Catalog service |
| Change | Change/updateClassifier | View/getClassifierDetail View/getClassifierList |
Classifier | Classifier | Modifying classifiers |
| Change | Change/updateConnection | View/getScannerDetail View/getScannerList |
Connection | Connection | Modifying connections |
| Change | Change/updateDatabase | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList View/getBucketList View/getObjectList |
Database | Database | Modifying databases in the Data Catalog |
| Change | Change/updateScanner | View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList View/getClassifierDetail View/getClassifierList |
Scanner | Scanner | Edit the scanner |
| Change | Change/updateTable | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList |
Table | Table | Modifying tables in the Data Catalog |
| Change | Change/updateTagTemplate | View/getTagTemplateDetail View/getTagTemplateList |
TagTemplate | TagTemplate | Modifying tag templates |
Caution
Even when you are granted permission for a specific action, you won't be able to perform the task properly unless you are also granted permission for the required related actions. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. Use care when setting permissions.