Cloud DB Serverless permissions management

Available in VPC

You can set different access permissions for Cloud DB Serverless using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.

Note

Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.

System-managed policies

System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Cloud DB Serverless. Here are the available system-managed policies for Cloud DB Serverless.

Policy name	Policy description
NCP_ADMINISTRATOR	Full access to all services, with the same scope as the main account
NCP_INFRA_MANAGER	Access to all services, except the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console
NCP_FINANCE_MANAGER	Access only to the Cost Explorer service and the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console
NCP_CLOUD_DB_SERVRELESS_MANAGER	Full access to all Cloud DB Serverless.
NCP_CLOUD_DB_SERVERLESS_VIEWER	View-only access to all Cloud DB Serverless features.

User-defined policies

User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions, you've allowed. Here are the available user-defined policies for Cloud DB Serverless.

| Type | Action | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getDBServiceList | | Cluster | DB Cluster | View the service (DB) list. |
| View | View/getDBServiceDetail | View/getDBServiceList | Cluster | DB Cluster | View detailed information about the service (DB). |
| View | View/getVPCList | | | | View the list of VPCs required for the service (DB). |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | | View VPCs accessible for the service (DB). |
| View | View/getSubnetList | | | | View the list of subnets required for the service (DB). |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet| | View subnets accessible for the service (DB). |
| View | View/getDBDashboard | View/getDBServiceList
View/getDBServiceDetail | Cluster | Monitoring | View the DB dashboard of the service (DB). |
| View | View/getOSDashboard | View/getDBServiceList
View/getDBServiceDetail | Cluster | Monitoring | View the OS dashboard of the service (DB). |
| View | View/getDBLogs | View/getDBServiceList
View/getDBServiceDetail | Cluster | Monitoring | View DB logs of the service (DB). |
| View | View/getDBInstanceDetail | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | View detailed instance information of the service (DB). |
| View | View/getDatabaseList | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | View the database list. |
| View | View/getDBConfig | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | View config settings of the service (DB). |
| View | View/getDBUser | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | View users of the service (DB). |
| View | View/getDBInstanceLogs | View/getDBServiceList
View/getDBServiceDetail
View/getDBInstanceDetail | Compute | DB Cluster | View log files of the selected instance. |
| View | View/getBucketList | | | | View the list of buckets to export selected files. |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | | Select a bucket to export selected files. |
| View | View/getDBBackupList | View/getDBServiceList | Cluster | Backup | View the backup list of the service (DB). |
| View | View/getDBserverEventList | View/getDBServiceList | | DB Cluster | View the event list of the service (DB). |
| View | View/getBucketList | | | DB Cluster | View the list of buckets to export selected files. |
| Change | Change/createDBService | View/getVPCList
View/getSubnetList
View/getDBServiceList
View/getVPCDetail
View/getSubnetDetail | Cluster | DB Cluster | Create the service (DB). |
| Change | Change/restartDBService | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | Restart the service (DB) |
| Change | Change/deleteDBService | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | Delete the service (DB). |
| Change | Change/changeUnitConfig | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | Change unit settings of the service (DB). |
| Change | Change/changeAutoScalingConfig | View/getDBServiceList
View/getDBServiceDetail | Cluster | DB Cluster | Change auto scaling settings of the service (DB). |
| Change | Change/manageDatabase | View/getDBServiceList
View/getDBServiceDetail
View/getDatabaseList | Cluster | DB Cluster | Manage databases. |
| Change | Change/manageDBConfig | View/getDBServiceList
View/getDBServiceDetail
View/getDBConfig | Cluster | DB Cluster | Manage config settings of the service (DB). |
| Change | Change/manageDBUser | View/getDBServiceList
View/getDBServiceDetail
View/getDBUser | Cluster | DB Cluster | Manage users of the service (DB). |
| Change | Change/changeDBServiceLogConfig | View/getDBServiceList
View/getDBServiceDetail
View/getDBLogs | Cluster | DB Cluster | Change DB log settings of the service (DB). |
| Change | Change/manageBackup | View/getDBServiceList
View/getDBServiceDetail
View/getDBBackupList
View/getDBBackupDetail | Cluster | Backup | Manage backup settings of the service (DB). |
| Change | Change/exportDBInstanceLogsToObjectStorage | View/getDBServiceList
View/getDBServiceDetail
View/getBucketList
View/getBucketDetail
View/getDBInstanceLogs | Compute | DB Cluster | Export selected log files to Object Storage. |
| Change | Change/deleteDBInstanceLog | View/getDBServiceList
View/getDBServiceDetail
View/getDBInstanceLogs | Compute | DB Cluster | Delete log files of the selected instance. |
| Change | Change/killDBServiceMultipleSession | View/getDBServiceList
View/getDBServiceDetail
View/getDBInstanceDetail | Cluster| DB Cluster | Forcefully terminate all sessions (ID) of the service (DB). |
| Change | Change/restoreWithBackupFile | View/getDBServiceList
View/getDBServiceDetail
View/getDBBackupList
View/getDBBackupDetail
View/getVPCList
View/getVPCDetail
View/getSubnetList
View/getSubnetDetail | Cluster| Backup | Recover the service (DB) using a backup file. |
| Change | Change/exportBackupToObjectStorage | View/getDBServiceList
View/getDBServiceDetail
View/getDBBackupList
View/getDBBackupDetail
View/getBucketList
View/getBucketDetail | Cluster| Backup | Export selected backup files to Object Storage. |

Caution

If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.