- Print
- PDF
Managing Data Query permissions
- Print
- PDF
Available in VPC
You can set up various permissions of the access to Data Query service by using Sub Account service which is the user management service of NAVER Cloud Platform. Sub Account service provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a free service provided upon subscription request without additional charge. For more details about Sub Account, see Service > Management & Governance > Sub Account in NAVER Cloud Platform portal, as well as the Sub Account User Guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. When you assign system-managed policies to the sub account created in the Sub Account, the sub account with the permissions can use the Data Query service. The following is a brief description of the system-managed policies of the Data Query service.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform with restricted access to some features (Manage usage, Manage payment, Solution usage status) of my page in the portal |
NCP_VPC_DATA_QUERY_MANAGER | Permission to use all features within VPC-based Data Query service |
NCP_VPC_DATA_QUERY_VIEWER | Permission to only use the view feature of the VPC-based Data Query service |
User-defined policies
User-defined policies are policies that users may create. Once user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about system user-defined policies of the Data Query service:
Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getDashboard | - | Project | Project | View dashboard |
View | View/getBucketList | - | - | Project | View the list of buckets currently in use |
View | View/getObjectList | View/getBucketList | Object Storage:Bucket | Project | Get the list of files in the bucket and view bucket details |
View | View/getDatacatalogConnectionList | - | - | Project | View the Data Catalog service connection list |
View | View/getDatacatalogConnectionDetail | View/getDatacatalogConnectionList | Data Catalog:Connection | Project | Check the Data Catalog service connection details |
View | View/getDataSourceList | - | - | Project | View the list of data sources |
View | View/getDataSourceDetail | View/getDataSourceList | Project | Project | Check details of data source |
View | View/getDatabaseList | View/getDataSourceList View/getDataSourceDetail | - | Project | View databases within the data source |
View | View/getDatabaseDetail | View/getDataSourceList View/getDataSourceDetail View/getDatabaseList | Data Catalog:Database | Project | Check the database details within the data source |
View | View/getSavedQueryList | - | - | Project | View the list of saved queries |
View | View/getSavedQueryDetail | View/getSavedQueryList | Project | Project | Check saved query details |
View | View/getQueryHistoryList | - | - | Project | View the query history list |
View | View/getQueryHistoryDetail | View/getQueryHistoryList | Project | Project | Check query history details |
Change | Change/subscribeProduct | - | - | Project | Subscribe or unsubscribe to the service |
Change | Change/addDataSource | View/getDatacatalogConnectionList View/getDatacatalogConnectionDetail | Project | Project | Add data source |
Change | Change/deleteDataSource | View/getDataSourceList View/getDataSourceDetail | Project | Project | Delete data source |
Change | Change/executeQuery | View/getDataSourceList View/getDataSourceDetail View/getDatabases View/getTables View/getColumns | Project | Project | Execute query |
Change | Change/stopQuery | View/getDataSourceList View/getDataSourceDetail View/getDatabases View/getTables View/getColumns | Project | Project | Stop query execution |
Change | Change/executeDryRunQuery | View/getDataSourceList View/getDataSourceDetail View/getDatabases View/getTables View/getColumns | Project | Project | Simulate query |
Change | Change/createSavedQuery | - | Project | Project | Save query |
Change | Change/deleteSavedQuery | View/getSavedQueryList View/getSavedQueryDetail | Project | Project | Delete saved query |
Change | Change/updateSavedQuery | View/getSavedQueryList View/getSavedQueryDetail | Project | Project | Edit saved query |
Even when you are granted permission for a specific action, you won't be able to perform the task properly unless you are also granted permission for the required related actions. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. Use care when setting permissions.