Available in VPC
You can set different access permissions for Data Flow using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see [Services > Management & Governance > Sub Account] on the NAVER Cloud Platform portal and the [Sub Account user guide].
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Data Flow. Here are the available system-managed policies for Data Flow:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_FINANCE_MANAGER | Access limited to the Cost Explorer services and My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_DATA_FLOW_MANAGER | Full access to all features of the VPC-based Data Flow |
| NCP_DATA_FLOW_VIEWER | View-only access to all Data Flow features on the VPC platform |
| NCP_DATA_FLOW_SERVICE_ROLE | Access for the Data Flow service role |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Data Flow:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getWorkflowList | - | - | Workflow | View workflow list |
| View | View/getWorkflowDetail | View/getWorkflowList | Workflow | Workflow | View workflow details |
| View | View/getJobList | - | - | Job | View job list |
| View | View/getJobDetail | View/getJobList | Job | Job | View job details |
| View | View/getBucketList | - | - | - | View the list of bucket currently in use in Object Storage |
| View | View/getObjectList | View/getBucketList | ObjectStorage:Bucket | - | Get the list of files in the Object Storage bucket and view bucket details |
| View | View/getDatacatalogDBList | - | - | - | View the Data Catalog database list |
| View | View/getDatacatalogTableList | - | DataCatalog:Database | - | View the Data Catalog table list |
| View | View/getDatacatalogSchemaVersionList | - | DataCatalog:Database | - | View the Data Catalog schema version list |
| View | View/getDatacatalogSchemaVersionDetail | View/getDatacatalogSchemaVersionList | - | - | View the Data Catalog schema version details |
| View | View/getDatacatalogConnectionList | - | - | - | View the Data Catalog connection list |
| View | View/getTriggerList | - | - | Trigger | View the Data Flow trigger list |
| View | View/getTriggerDetail | View/getTriggerList | Trigger | Trigger | View the Data Flow trigger details |
| View | View/getServiceRoleList | - | - | - | View Service Role list |
| Change | Change/SubscribeProduct | - | - | - | Subscribe or unsubscribe of Data Flow service |
| Change | Change/createWorkflow | View/getWorkflowList View/getJobList View/getJobDetail View/getTriggerList Change/createTrigger |
Workflow | Workflow | Create Data Flow workflow |
| Change | Change/deleteWorkflow | View/getWorkflowList | Workflow | Workflow | Delete Data Flow workflow |
| Change | Change/updateWorkflow | View/getWorkflowList View/getWorkflowDetail View/getJobList View/getJobDetail View/getTriggerList Change/createTrigger |
Workflow | Workflow | Temporarily save or set information save with Data Flow workflow |
| Change | Change/createJob | View/getJobList View/getBucketList View/getObjectList View/getDatacatalogDBList View/getDatacatalogTableList View/getDatacatalogSchemaVersionList View/getDatacatalogSchemaVersionDetail View/getDatacatalogConnectionList |
- | Job | Create Data Flow job |
| Change | Change/deleteJob | View/getJobList | Job | Job | Delete Data Flow job |
| Change | Change/executeJob | View/getJobList View/getJobDetail View/getServiceRoleList Change/updateJobExecution Change/createServiceRole |
Job | Job | Execute Data Flow job |
| Change | Change/updateJobExecution | View/getJobList View/getJobDetail View/getServiceRoleList Change/createServiceRole |
Job | Job | Edit Data Flow job execution option |
| Change | Change/updateJob | View/getJobList View/getJobDetail View/getBucketList View/getObjectList View/getDatacatalogDBList View/getDatacatalogTableList View/getDatacatalogSchemaVersionList View/getDatacatalogSchemaVersionDetail View/getDatacatalogConnectionList |
Job | Job | Edit Data Flow job details |
| Change | Change/createTrigger | - | - | Trigger | Create Data Flow trigger |
| Change | Change/deleteTrigger | View/getTriggerList | Trigger | Trigger | Delete Data Flow trigger |
| Change | Change/createServiceRole | View/getServiceRoleList | - | - | Create Service Role for executing Data Flow job |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.