Available in Classic and VPC
You can set different access permissions for SourceCommit using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to SourceCommit. Here are the available system-managed policies for SourceCommit:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services with the same scope as the main account |
| NCP_INFRA_MANAGER | Access to all services, except for the My Account > Manage billing information and expense > Manage billing and payment menu on the console |
| NCP_FINANCE_MANAGER | Access to only the Cost Explorer service and the My Account > Manage billing information and expense > Manage billing and payment menu on the console |
| NCP_SOURCECOMMIT_MANAGER | Full access to all SourceCommit features |
| NCP_SOURCECOMMIT_VIEWER | List and view-only access to all SourceCommit features |
| NCP_SOURCECOMMIT_ADMIN | Admin permission template managed in SourceCommit. Permission to create the admin permission policy managed in the existing SourceCommit through the load policy feature |
| NCP_SOURCECOMMIT_WRITE | Write permission template managed in SourceCommit. Permission to create the write permission policy managed in the existing SourceCommit through the load policy feature |
| NCP_SOURCECOMMIT_READ | Read permission template managed in SourceCommit. Permission to create the read permission policy managed in the existing SourceCommit through the load policy feature |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for SourceCommit:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getRepositoryList | - | - | Repository | View repository list. |
| View | View/getRepositoryDetail | View/getRepositoryList, View/accessFileSafer, View/getGitContents, Change/changeGitContents | Repository | Repository | View repository details. |
| View | View/getGitContents | View/getRepositoryList, View/getRepositoryDetail | Repository | Git Remote | View remote repository (clone, pull, etc.). |
| View | View/getPullRequestList | View/getRepositoryList, View/getRepositoryDetail | Repository | Pull Request | View pull request list. |
| View | View/getPullRequestDetail | View/getRepositoryList, View/getRepositoryDetail, View/getPullRequestList | Repository | Pull Request | View pull request details. |
| View | View/accessFileSafer | View/getRepositoryList, View/getRepositoryDetail, View/getPullRequestList | Repository | File Safer | Integrate with File Safer. |
| View | View/getWebhookList | View/getRepositoryList, View/getRepositoryDetail | - | Webhook | View webhook list. |
| View | View/getCloudFunctionsTriggerList | View/getRepositoryList, View/getRepositoryDetail, View/getWebhookList | - | Webhook | View Cloud Functions trigger list. |
| View | View/getCloudFunctionsActionList | View/getRepositoryList, View/getRepositoryDetail, View/getWebhookList, View/getCloudFunctionsTriggerList | - | Webhook | View Cloud Functions action list. |
| View | View/getBucketList | - | - | Object Storage | View Object Storage bucket list. |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Object Storage | View Object Storage bucket details. |
| View | View/accessObjectStorage | View/getRepositoryList, View/getRepositoryDetail | - | Object Storage | View Object Storage integration status. |
| Change | Change/createRepository | View/getRepositoryList, View/accessFileSafer | Repository | Repository | Create repository. |
| Change | Change/importRepository | View/getRepositoryList, View/accessFileSafer | Repository | Repository | Copy external repository. |
| Change | Change/changeRepository | View/getRepositoryList, View/getRepositoryDetail, View/accessFileSafer | Repository | Repository | Edit repository settings. |
| Change | Change/deleteRepository | View/getRepositoryList, View/getRepositoryDetail | Repository | Repository | Delete repository. |
| Change | Change/changeGitPassword | View/getRepositoryList | Repository | Git Remote | Set git account information (password/ssh). |
| Change | Change/changeGitContents | View/getRepositoryList, View/getRepositoryDetail, View/getGitContents | Repository | Git Remote | Edit remote repository (push, etc.). |
| Change | Change/createPullRequest | View/getRepositoryList, View/getRepositoryDetail, View/getPullRequestList, View/getPullRequestDetail | Repository | Pull Request | Create pull request. |
| Change | Change/changePullRequest | View/getRepositoryList, View/getRepositoryDetail, View/getPullRequestList, View/getPullRequestDetail | Repository | Pull Request | Edit pull request content. |
| Change | Change/mergePullRequest | View/getRepositoryList, View/getRepositoryDetail, View/getPullRequestList, View/getPullRequestDetail | Repository | Pull Request | Merge pull request. |
| Change | Change/closePullRequest | View/getRepositoryList, View/getRepositoryDetail, View/getPullRequestList, View/getPullRequestDetail | Repository | Pull Request | Close pull request. |
| Change | Change/createWebhook | View/getRepositoryList, View/getRepositoryDetail, View/getWebhookList, View/getCloudFunctionsTriggerList, View/getCloudFunctionsActionList | - | Webhook | Create webhook. |
| Change | Change/changeWebhook | View/getRepositoryList, View/getRepositoryDetail, View/getWebhookList, View/getCloudFunctionsTriggerList, View/getCloudFunctionsActionList | Repository | Webhook | Change webhook settings. |
| Change | Change/deleteWebhook | View/getRepositoryList, View/getRepositoryDetail, View/getWebhookList | Repository | Webhook | Delete webhook. |
| Change | Change/createCloudFunctionsTrigger | View/getCloudFunctionsTriggerList, View/getCloudFunctionsActionList | - | Webhook | Create Cloud Functions trigger. |
| Change | Change/linkObjectStorageBucket | View/accessObjectStorage | - | Object Storage | Change Object Storage bucket integration settings. |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.