- Print
- PDF
Managing SourceCommit permissions
- Print
- PDF
Available in Classic and VPC
You may set various access permissions for SourceCommit using Sub Account, which is an account management service provided by NAVER Cloud Platform. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, and Sub Account user guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use SourceCommit. The following is a brief description about System Managed policies of SourceCommit.
Policy | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My page > Manage notifications in the portal |
NCP_SOURCECOMMIT_MANAGER | Permission to use all the features in SourceCommit |
NCP_SOURCECOMMIT_VIEWER | Permission to only use the View list and Search features in SourceCommit |
NCP_SOURCECOMMIT_ADMIN | Admin permissions template previously managed in SourceCommit. Permission to create the ADMIN permissions policy previously managed in SourceCommit through the Load policy function |
NCP_SOURCECOMMIT_WRITE | WRITE permissions template previously managed in SourceCommit. Permission to create the WRITE permissions policy previously managed in SourceCommit through the Load policy function |
NCP_SOURCECOMMIT_READ | READ permissions template previously managed in SourceCommit. Permission to create the READ permissions policy managed in SourceCommit through the Load policy function |
User Created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of User created policies of SourceCommit.
Division | Action | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getRepositoryList | - | - | Repository | View repository list |
View | View/getRepositoryDetail | View/getRepositoryList View/accessFileSafer View/getGitContents Change/changeGitContents | Repository | Repository | View repository details |
View | View/getGitContents | View/getRepositoryList View/getRepositoryDetail | Repository | Git Remote | View remote repository (clone, pull, etc.) |
View | View/getPullRequestList | View/getRepositoryList View/getRepositoryDetail | Repository | Pull Request | View pull request list |
View | View/getPullRequestDetail | View/getRepositoryList View/getRepositoryDetail View/getPullRequestList | Repository | Pull Request | View pull request details |
View | View/accessFileSafer | View/getRepositoryList View/getRepositoryDetail View/getPullRequestList | Repository | File Safer | Connect to File Safer |
View | View/getWebhookList | View/getRepositoryList View/getRepositoryDetail | - | Webhook | View webhook list |
View | View/getCloudFunctionsTriggerList | View/getRepositoryList View/getRepositoryDetail View/getWebhookList | - | Webhook | View Cloud Functions Trigger list |
View | View/getCloudFunctionsActionList | View/getRepositoryList View/getRepositoryDetail View/getWebhookList View/getCloudFunctionsTriggerList | - | Webhook | View Cloud Functions Action list |
Change | Change/createRepository | View/getRepositoryList View/accessFileSafer | Repository | Repository | Create repository |
Change | Change/importRepository | View/getRepositoryList View/accessFileSafer | Repository | Repository | Copy external repository |
Change | Change/changeRepository | View/getRepositoryList View/getRepositoryDetail View/accessFileSafer | Repository | Repository | Change repository settings |
Change | Change/deleteRepository | View/getRepositoryList View/getRepositoryDetail | Repository | Repository | Delete repository |
Change | Change/changeGitPassword | View/getRepositoryList | Repository | Git Remote | Set git account information (password/ssh) |
Change | Change/changeGitContents | View/getRepositoryList View/getRepositoryDetail View/getGitContents | Repository | Git Remote | Edit remote repository (push, etc.) |
Change | Change/createPullRequest | View/getRepositoryList View/getRepositoryDetail View/getPullRequestList View/getPullRequestDetail | Repository | Pull Request | Create pull request |
Change | Change/changePullRequest | View/getRepositoryList View/getRepositoryDetail View/getPullRequestList View/getPullRequestDetail | Repository | Pull Request | Edit pull request details |
Change | Change/mergePullRequest | View/getRepositoryList View/getRepositoryDetail View/getPullRequestList View/getPullRequestDetail | Repository | Pull Request | Merge pull request |
Change | Change/closePullRequest | View/getRepositoryList View/getRepositoryDetail View/getPullRequestList View/getPullRequestDetail | Repository | Pull Request | Close pull request |
Change | Change/createWebhook | View/getRepositoryList View/getRepositoryDetail View/getWebhookList View/getCloudFunctionsTriggerList View/getCloudFunctionsActionList | - | Webhook | Create webhook |
Change | Change/changeWebhook | View/getRepositoryList View/getRepositoryDetail View/getWebhookList View/getCloudFunctionsTriggerList View/getCloudFunctionsActionList | Repository | Webhook | Change webhook settings |
Change | Change/deleteWebhook | View/getRepositoryList View/getRepositoryDetail View/getWebhookList | Repository | Webhook | Delete webhook |
Change | Change/createCloudFunctionsTrigger | View/getCloudFunctionsTriggerList View/getCloudFunctionsActionList | - | Webhook | Create Cloud Functions Trigger |
Even when you are granted permissions for a specific action, if you are not also granted permissions for the related actions that are required, you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a function that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, the system determines that it was done intentionally by the main account user and won't forcibly include them. Thus, be careful when setting permissions.