Available in VPC
You can set different access permissions for Data Stream using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see [Services > Management & Governance > Sub Account] on the NAVER Cloud Platform portal and the [Sub Account user guide].
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Data Stream. Here are the available system-managed policies for Data Stream
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage billing information and expense > Manage billing and payment on the console |
| NCP_FINANCE_MANAGER | Access limited to the Cost Explorer services and My Account > Manage billing information and expense > Manage billing and payment on the console |
| NCP_VPC_DATA_STREAM_MANAGER | Full access to all Data Stream features on the VPC platform |
| NCP_VPC_DATA_STREAM_VIEWER | View-only access to all Data Stream features on the VPC platform |
| NCP_DATA_STREAM_SERVICE_ROLE | Access granted to the Service Role of the Data Stream service |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Data Stream.
| Type | Action | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getTopicSummary | - | - | - | View topic summary information |
| View | View/getTopicMetrics | - | - | - | View topic metrics list |
| View | View/getTopicList | - | - | - | View topic list |
| View | View/getTopicDetail | - | - | - | View topic details |
| View | View/getPreviewData | - | - | - | View topic recent data |
| View | View/getConsumersMetrics | - | - | - | View entire consumer metrics list |
| View | View/getConsumerMetrics | - | - | - | View specific consumer metrics list |
| View | View/getConnector | - | - | - | View connector information |
| View | View/getBucketList | - | - | - | View bucket list |
| View | View/getObjectList | - | - | - | View the list of objects in the bucket and bucket details |
| View | View/getServiceRoleList | - | - | - | View the Service Role for the connector |
| View | View/getSchemaList | - | - | - | View schema list |
| View | View/getSchemaDetail | - | - | - | View schema details |
| Change | Change/createTopic | - | - | - | Create topic |
| Change | Change/updateTopic | - | - | - | Edit topic information |
| Change | Change/deleteTopic | - | - | - | Delete topic |
| Change | Change/createConnector | - | - | - | Create connector |
| Change | Change/updateConnector | - | - | - | Edit connector information |
| Change | Change/deleteConnector | - | - | - | Delete connector |
| Change | Change/createServiceRole | - | - | - | Create the Service Role for the connector |
| Change | Change/produceData | - | - | - | Data Storage APIs usage permissions |
| Change | Change/consumeData | - | - | - | Data Reading APIs usage permissions |
| Change | Change/createSchema | - | - | - | Create schema |
| Change | Change/deleteSchema | - | - | - | Delete schema |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.