Available in VPC
You can set different access permissions for Datafence using NAVER Cloud Platform's Sub Account service. Sub Account offers both systemmanaged (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see [Services > Management & Governance > Sub Account] on the NAVER Cloud Platform portal and the [Sub Account user guide].
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Datafence. Here are the available system-managed policies for Datafence:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_FINANCE_MANAGER | Access limited to the Cost Explorer services and My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_VPC_DATAFENCE_MANAGER | Full access to all features of the VPC-based Datafence |
| NCP_VPC_DATAFENCE_VIEWER | View-only access to all Datafence features on the VPC platform |
| NCP_DATA_FENCE_SERVICE_ROLE | Access for the Datafence service role |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Datafence:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
| :---- | :---- | :---- | :---- | :---- | :---- |
| View | View/downloadDataFenceUsage | View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Download current Datafence usage. |
| View | View/getApprovalDetail | View/getApprovalList
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View details about export review requests. |
| View | View/getApprovalList | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View list of export review requests. |
| View | View/getBoxAcgRuleList | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View ACG of box servers. |
| View | View/getBoxDetail | View/getBoxList
View/getDataFence
View/getDataFenceDetail | Box | Box | View box details. |
| View | View/getBoxList | View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | View box list. |
| View | View/getBoxServerImage | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail
Change/createBox
Change/modifyBox | Datafence | Datafence | View box server image created in Datafence. |
| View | View/getBucketList | - | ObjectStorage:Bucket | ObjectStorage:Bucket | View buckets used for import and export requests and export review. |
| View | View/getDataExportDetail | View/getDataExportList
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View export request details. |
| View | View/getDataExportList | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View list of export requests. |
| View | View/getDataFence | - | - | Datafence | View Datafence. |
| View | View/getDataFenceDetail | View/getDataFence | Datafence | Datafence | View Datafence details. |
| View | View/getDataGroupAccessList | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View the box's share data view status. |
| View | View/getDataGroupDetail | View/getDataGroupList
View/getDataFence
View/getDataFenceDetail | DataGroup | DataGroup | View data group details. |
| View | View/getDataGroupList | - | - | DataGroup | View data group list. |
| View | View/getDataImportDetail | View/getDataImportList
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View import request details. |
| View | View/getDataImportList | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | View list of import requests. |
| View | View/getFenceAcgRuleList | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail
Change/modifyFenceAcgRule | Datafence | Datafence | View ACG of Datafence server within Datafence. |
| View | View/getFenceBoxAcgRuleList | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail
Change/modifyFenceBoxAcgRule | Datafence | Datafence | View ACG between Datafence server and box server within Datafence. |
| View | View/getFenceInfraList | View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | View infrastructure list within Datafence. |
| View | View/getFenceServerImage | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail
Change/modifyFenceInfra | Datafence | Datafence | View Datafence server image created in Datafence. |
| View | View/getObjectList | View/getBucketList | ObjectStorage:Bucket | ObjectStorage:Bucket | View files in buckets. |
| View | View/getSslVpnList | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail
Change/setSslVpn | Datafence | Datafence | View integrated SSL VPN list. |
| Change | Change/cancelDataExport | View/getDataExportList
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Cancel export request. |
| Change | Change/createBox | View/getDataFence
View/getDataFenceDetail
View/getBoxList
View/getBoxServerImage | Datafence | Datafence | Create box within Datafence. |
| Change | Change/createBoxServerImage | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Create box server image. |
| Change | Change/createDataExport | View/getDataExportList
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail
View/getBucketList
View/getObjectList | Box | Box | Request to export data in the box. |
| Change | Change/createDataFence | View/getDataFence
View/getBucketList
View/getObjectList | Datafence | Datafence | Create a Datafence. |
| Change | Change/createDataGroup | View/getDataFence
View/getDataFenceDetail
View/getDataGroupList | DataGroup | DataGroup | Create data group. |
| Change | Change/createDataImport | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail
View/getBucketList
View/getObjectList
View/getDataImportList | Box | Box | Request to import data in the box. |
| Change | Change/createFenceServerImage | View/getDataFence
View/getDataFenceDetail
View/getFenceInfraList | Datafence | Datafence | Create Datafence server image in Datafence. |
| Change | Change/deleteDataGroup | View/getDataGroupList | DataGroup | DataGroup | Return data group. |
| Change | Change/editBoxMemo | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Edit box memo. |
| Change | Change/editDataExportMemo | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail
View/getDataExportList
View/getDataExportDetail | Box | Box | Edit export request memo. |
| Change | Change/editDataFenceMemo | View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Edit Datafence memo. |
| Change | Change/editDataGroupMemo | View/getDataFence
View/getDataFenceDetail
View/getDataGroupList
View/getDataGroupDetail | DataGroup | DataGroup | Edit data group memo. |
| Change | Change/editDataImportMemo | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail
View/getDataImportList
View/getDataImportDetail | Box | Box | Edit import request memo. |
| Change | Change/manageApproval | View/getApprovalList
View/getApprovalDetail
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Approve or reject export requests. |
| Change | Change/manageBoxServer | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Adjust box server. |
| Change | Change/manageFenceServer | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Adjust Datafence server. |
| Change | Change/modifyBox | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail
Change/createBox
View/getBoxServerImage | Box | Box | Edit infrastructure in the box. |
| Change | Change/modifyBoxAcgRule | View/getBoxAcgRuleList
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Edit box's ACG. |
| Change | Change/modifyBoxInternetAccess | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Edit box's external network block status. |
| Change | Change/modifyBoxNAS | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Edit box's NAS. |
| Change | Change/modifyDataGroupAccess | View/getDataGroupAccessList
View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Change viewing permission of shared data by box. |
| Change | Change/modifyFenceAcgRule | View/getFenceInfraList
View/getFenceAcgRuleList
View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Edit Datafence server's ACG. |
| Change | Change/modifyFenceBoxAcgRule | View/getFenceInfraList
View/getFenceBoxAcgRuleList
View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Edit ACG between Datafence server and box server. |
| Change | Change/modifyFenceInfra | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail
View/getFenceServerImage | Datafence | Datafence | Edit infrastructure of Datafence component. |
| Change | Change/modifyFenceNAS | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Edit NAS of the Datafence component. |
| Change | Change/resetBoxServerPassword | View/getBoxList
View/getBoxDetail
View/getDataFence
View/getDataFenceDetail | Box | Box | Edit box server's access password. |
| Change | Change/resetFenceServerPassword | View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Edit Datafence server's access password. |
| Change | Change/returnBox | View/getBoxList
View/getDataFence
View/getDataFenceDetail | Box | Box | Return box in Datafence. |
| Change | Change/returnDataFence | View/getDataFence | Datafence | Datafence | Return Datafence. |
| Change | Change/setSslVpn | View/getSslVpnList
View/getFenceInfraList
View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Specify SSL VPN in Datafence. |
| Change | Change/modifyNotificationRecipient | View/getDataFence
View/getDataFenceDetail | Datafence | Datafence | Add and remove notification recipients when the Datafence configuration is changed.|
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.