Managing Data Query permissions

Prev Next

Available in VPC

You can use Sub Account, the account management service of NAVER Cloud Platform, to set various access permissions for Data Query. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

Note

Sub Account is a service provided free of charge upon subscription request. For a detailed description of Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.

System-managed policies

System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system managed policies are granted to a sub account created in Sub Account, that sub account can use Data Query. The following is a brief description about system-managed policies of Data Query.

Policy name Policy description
NCP_ADMINISTRATOR Full access to all services with the same scope as the main account
NCP_INFRA_MANAGER Permission to access all services, except the My Account > Billing information and cost management > Billing and payment management menu in the console, which is restricted.
NCP_FINANCE_MANAGER Permission to access only the Cost Explorer service and the My Account > Billing information and cost management > Billing and payment management menu in the console.
NCP_VPC_DATA_QUERY_MANAGER Permission to use all features within VPC-based Data Query
NCP_VPC_DATA_QUERY_VIEWER Permission to use only the view feature of VPC-based Data Query

User-defined policies

User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about user-managed policies of Data Query.

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getDataSourceList - - DataSource View Data Source list
View View/getDataSourceDetail View/getDataSourceList DataSource DataSource View Data Source details
View View/getSavedQueryList - - Project View myQuery list
View View/getSavedQueryDetail View/getSavedQueryList Project Project View myQuery details
View View/getSavedQueryScheduleDetail View/getSavedQueryList
View/getSavedQueryDetail		 Project Project View myQuery Schedule details
View View/getQueryHistoryList - - Project View query execution history list
View View/getQueryHistoryDetail View/getQueryHistoryList Project Project View query execution history details
View View/getDashboard - Project Project View dashboard
Change Change/subscribeProduct - - Project Subscribe or unsubscribe to Data Query service
Change Change/setConfiguration ObjectStorage:View/getBucketList
ObjectStorage:View/getObjectList		 Project Project Set query result saving location
Change Change/createDataSource DataCatalog:View/getConnectionList
DataCatalog:View/getConnectionDetail		 - DataSource Add Data Source
Change Change/deleteDataSource View/getDataSourceList
View/getDataSourceDetail		 DataSource DataSource Delete Data Source
Change Change/executeSelectQuery View/getDataSourceList
View/getDataSourceDetail
DataCatalog:View/getDatabaseList
DataCatalog:View/getDatabaseDetail		 Project Project Run SELECT, EXPLAIN, and DESCRIBE queries
Change Change/executeDMLQuery View/getDataSourceList
View/getDataSourceDetail
DataCatalog:View/getDatabaseList
DataCatalog:View/getDatabaseDetail
Change/executeSelectQuery		 Project Project Run DML(INSERT, UPDATE, DELETE, MERGE, ANALYZE, and ALTER_TABLE_EXECUTE) queries
Change Change/executeDDLQuery View/getDataSourceList
View/getDataSourceDetail
DataCatalog:View/getDatabaseList
DataCatalog:View/getDatabaseDetail
DataCatalog:Change/createDatabase
DataCatalog:Change/updateDatabase
DataCatalog:Change/deleteDatabase
Change/executeSelectQuery
Change/executeDMLQuery		 Project Project Run DDL(DATA_DEFINITION) query
Change Change/stopQuery View/getDataSourceList
View/getDataSourceDetail
DataCatalog:View/getDatabaseList
DataCatalog:View/getDatabaseDetail		 Project Project Stop query execution
Change Change/executeDryRunQuery View/getDataSourceList
View/getDataSourceDetail
DataCatalog:View/getDatabaseList
DataCatalog:View/getDatabaseDetail		 Project Project Simulate a query
Change Change/createSavedQuery - Project Project Create myQuery
Change Change/updateSavedQuery View/getSavedQueryList
View/getSavedQueryDetail		 Project Project Update myQuery
Change Change/deleteSavedQuery View/getSavedQueryList
View/getSavedQueryDetail		 Project Project Delete myQuery
Change Change/createSavedQuerySchedule View/getSavedQueryList
View/getSavedQueryDetail		 Project Project Create myQuery Schedule
Change Change/updateSavedQuerySchedule View/getSavedQueryList
View/getSavedQueryDetail		 Project Project Update myQuery Schedule
Change Change/deleteSavedQuerySchedule View/getSavedQueryList
View/getSavedQueryDetail		 Project Project Delete myQuery Schedule
Caution

Even when you are granted permission for a specific action, you will not be able to perform the task properly unless you are also granted permission for the required related actions. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and will not forcibly include them. Therefore, be careful when setting permissions.

Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.