- Print
- PDF
Managing Data Catalog permissions
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Data Catalog. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, see the Service > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system managed policies are granted to a sub account created in Sub Account, that sub account can use Data Catalog. The following is a brief description about System Managed policies of Data Catalog.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_VPC_DATA_CATALOG_MANAGER | Permission to use all features within VPC-based Data Catalog |
NCP_VPC_DATA_CATALOG_VIEWER | Permission to use only the view feature in VPC-based Data Catalog |
User Created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Data Catalog.
Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getBucketList | View/getClassifierList | ObjectStorage :Bucket | ObjectStorage :Bucket | Get the list of buckets in use in Object Storage. |
View | View/getClassifierDetail | View/getClassifierList | Classifier | Classifier | View detailed information of classifier |
View | View/getClassifierList | - | - | Classifier | View lists of classifier |
View | View/getConnectionDetail | View/getConnectionList | Connection | Connection | View detailed information of connection |
View | View/getConnectionList | - | - | Connection | View lists of connection |
View | View/getDatabaseDetail | View/getDatabaseList View/getTableDetail View/getTableList View/getTagTemplateDetail View/getTagTemplateList | Database | Database | View details of Data Catalog’s database |
View | View/getDatabaseList | - | - | Database | View lists of Data Catalog’s database |
View | View/getDBServiceDetail | View/getDBServiceList | VPCCloudDBforMySQL :Service | VPCCloudDBforMySQL :Service | View detailed information of CDB for MySQL's Service(DB) |
View | View/getDBServiceList | View/getDBServiceList | - | VPCCloudDBforMySQL :Service | View Lists of CDB for MySQL's Service(DB) |
View | View/getObjectList | View/getBucketList | ObjectStorage :Bucket | ObjectStorage :Bucket | Read of Object Storage's Object |
View | View/getScannerDetail | View/getScannerList | Scanner | Scanner | View detailed information of scanner |
View | View/getScannerList | - | - | Scanner | View lists of scanner |
View | View/getTableDetail | View/getTableList | Table | Table | View details of Data Catalog’s table |
View | View/getTableList | - | - | Table | View lists of Data Catalog’s table |
View | View/getTagTemplateDetail | View/getTagTemplateList | TagTemplate | TagTemplate | View tag template details |
View | View/getTagTemplateList | - | - | TagTemplate | View tag template lists |
Change | Change/createClassifier | - | - | Classifier | Create classifier |
Change | Change/createConnection | View/getDBServiceList View/getDBServiceDetail View/getBucketList View/getObjectList | - | Connection | Create connection |
Change | Change/createDatabase | View/getTagTemplateDetail View/getTagTemplateList View/getBucketList View/getObjectList | - | Database | Create Data Catalog’s database |
Change | Change/createScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList Change/createConnection Change/createClassifier | - | Scanner | Create scanner |
Change | Change/createTable | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList | - | Table | Create Data Catalog’s table |
Change | Change/createTagTemplate | - | - | TagTemplate | Create tag template |
Change | Change/deleteClassifier | View/getClassifierDetail View/getClassifierList | Classifier | Classifier | Delete classifier |
Change | Change/deleteConnection | View/getConnectionDetail View/getConnectionList | Connection | Connection | Delete connection |
Change | Change/deleteDatabase | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList | Database | Database | Delete Data Catalog’s database |
Change | Change/deleteScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList | Scanner | Scanner | Delete scanner |
Change | Change/deleteTable | View/getTableDetail View/getTableList | Table | Table | Delete Data Catalog’s table |
Change | Change/deleteTagTemplate | View/getTagTemplateDetail View/getTagTemplateList | TagTemplate | TagTemplate | Delete tag template |
Change | Change/pauseScannerSchedule | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList View/getTableDetail View/getTableList View/getTagTemplateDetail View/getTagTemplateList | - | - | Pause scanner running cycle |
Change | Change/reloadDataCatalog | - | Catalog | Catalog | Reload setting information of Data Catalog |
Change | Change/resumeScannerSchedule | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList | Scanner | Scanner | Restart scanner running cycle |
Change | Change/runScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList | Scanner | Scanner | Run scanner |
Change | Change/stopScanner | View/getClassifierDetail View/getClassifierList View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList | Scanner | Scanner | Stop running scanner |
Change | Change/subscribeProduct | - | Catalog | Catalog | Request subscription or cancellation to Data Catalog |
Change | Change/updateClassifier | View/getClassifierDetail View/getClassifierList | Classifier | Classifier | Edit classifier |
Change | Change/updateConnection | View/getScannerDetail View/getScannerList | Connection | Connection | Edit connection |
Change | Change/updateDatabase | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList View/getBucketList View/getObjectList | Database | Database | Edit Data Catalog’s database |
Change | Change/updateScanner | View/getConnectionDetail View/getConnectionList View/getDatabaseDetail View/getDatabaseList View/getScannerDetail View/getScannerList View/getClassifierDetail View/getClassifierList | Scanner | Scanner | Edit scanner |
Change | Change/updateTable | View/getDatabaseDetail View/getDatabaseList View/getTagTemplateDetail View/getTagTemplateList | Table | Table | Edit Data Catalog’s table |
Change | Change/updateTagTemplate | View/getTagTemplateDetail View/getTagTemplateList | TagTemplate | TagTemplate | Edit tag template |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.