- Print
- PDF
Managing Data Flow permissions
- Print
- PDF
Available in VPC
You can use Sub Account, the account management service of NAVER Cloud Platform, to set various access permissions for Data Flow. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see Service > Management & Governance > Sub Account on the NAVER Cloud Platform console or see Sub Account user guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system managed policies are granted to a sub account created in Sub Account, that sub account can use Data Flow. The following is a brief description about system managed policies of Data Flow.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform except some of the options in My Page (Manage usage, manage payments, solution usages) |
NCP_DATA_FLOW_MANAGER | Permission to use all features within VPC-based Data Flow |
NCP_DATA_FLOW_VIEWER | Permission to only use the view feature of the VPC-based Data Flow |
NCP_DATA_FLOW_SERVICE_ROLE | Permission given for the service role of the Data Flow service |
User-created policies
User-created policies are policies created by users. User-created policies can be assigned to sub accounts created on Sub Account to allow the sub account to use combinations of actions assigned by the user. The following is a brief description about user-created policies of Data Flow.
Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getWorkflowList | - | - | Workflow | View workflow list |
View | View/getWorkflowDetail | View/getWorkflowList | Workflow | Workflow | View workflow details |
View | View/getJobList | - | - | Job | View job list |
View | View/getJobDetail | View/getJobList | Job | Job | View job details |
View | View/getBucketList | - | - | Job | View the list of bucket currently in use in Object Storage |
View | View/getObjectList | View/getBucketList | Object Storage:Bucket | Job | Get the list of files in the Object Storage bucket and view bucket details |
View | View/getDatacatalogDBList | - | - | Job | View the Data Catalog database list |
View | View/getDatacatalogDBDetail | View/getDatacatalogDBList | Data Catalog:Database | Job | View the Data Catalog database details |
View | View/getDatacatalogTableList | - | - | Job | View the Data Catalog table list |
View | View/getDatacatalogTableDetail | View/getDatacatalogTableList | Data Catalog:Database | Job | View the Data Catalog table details |
View | View/getDatacatalogSchemaVersionList | - | - | Job | View the Data Catalog schema version list |
View | View/getDatacatalogSchemaVersionDetail | View/getDatacatalogSchemaVersionList | Data Catalog:Database | Job | View the Data Catalog schema version details |
View | View/getDatacatalogConnectionList | - | - | Job | View the Data Catalog connection list |
View | View/getDatacatalogConnectionDetail | View/getDatacatalogConnectionList | Data Catalog:Connection | Job | View the Data Catalog connection details |
View | View/getTriggerList | - | - | Trigger | View the Data Flow trigger list |
View | View/getTriggerDetail | View/getTriggerList | Trigger | Trigger | View the Data Flow trigger details |
View | View/getServiceRoleList | - | - | Job | View Service Role list |
View | View/getServiceRoleDetail | View/getServiceRoleList | Subaccount:Role | Job | View ServiceRole details |
Change | Change/SubscribeProduct | - | - | - | Subscribe or unsubscribe of Data Flow service |
Change | Change/createWorkflow | View/getWorkflowList View/getWorkflowDetail View/getJobList View/getJobDetail View/getTriggerList View/getTriggerDetail Change/createTrigger | Workflow | Workflow | Create Data Flow workflow |
Change | Change/deleteWorkflow | View/getWorkflowList View/getWorkflowDetail | Workflow | Workflow | Delete Data Flow workflow |
Change | Change/updateWorkflow | View/getWorkflowList View/getWorkflowDetail | Workflow | Workflow | Temporarily save or set information save with Data Flow workflow |
Change | Change/createJob | Change/createBucket View/getJobList View/getJobDetail View/getBucketList View/getObjectList View/getDatacatalogDBList View/getDatacatalogDBDetail View/getDatacatalogTableList View/getDatacatalogTableDetail View/getDatacatalogSchemaVersionList View/getDatacatalogSchemaVersionDetail View/getDatacatalogConnectionList View/getDatacatalogConnectionDetail | - | Job | Create Data Flow job |
Change | Change/deleteJob | View/getJobList View/getJobDetail | Job | Job | Delete Data Flow job |
Change | Change/executeJob | Change/writeObject View/getWorkflowList View/getWorkflowDetail View/getJobList View/getJobDetail View/getTriggerList View/getTriggerDetail | Job | Job | Execute Data Flow job |
Change | Change/updateJobExecution | View/getWorkflowList View/getWorkflowDetail View/getJobList View/getJobDetail View/getTriggerList View/getTriggerDetail | Job | Job | Edit Data Flow job execution option |
Change | Change/writeObject | View/getBucketList View/getObjectList | Object Storage:Bucket | Job | Create or change object of Object Storage bucket |
Change | Change/createBucket | View/getBucketList | - | Job | Create Data Flow bucket in Object Storage |
Change | Change/updateJob | View/getWorkflowList View/getWorkflowDetail View/getJobList View/getJobDetail View/getTriggerList View/getTriggerDetail | Job | Job | Edit Data Flow job details |
Change | Change/createTrigger | - | - | Trigger | Create Data Flow trigger |
Change | Change/deleteTrigger | View/getTriggerList View/getTriggerDetail | Trigger | Trigger | Delete Data Flow trigger |
Change | Change/createServiceRole | View/getServiceRoleList | Subaccount:Role | Job | Create Service Role for executing Data Flow job |
If you are granted permission for a certain action but not for the required actions that are related, you cannot run the job properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect the related actions that are automatically assigned, the system considers it as having been done intentionally and does not forcibly include them. Thus, take caution when setting permissions.