- Print
- PDF
Managing SourceBuild permissions
- Print
- PDF
Available in Classic and VPC
You may set various access permissions for SourceBuild using Sub Account, which is an account management service provided by NAVER Cloud Platform. Sub Account provides the system-managed and user-created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, see Services > Management & Governance > Sub Account of NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once the system-managed policies are granted to a sub account created in Sub Account, that sub account can use SourceBuild. The following is a brief description of the System Managed policies of SourceBuild.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_SOURCEBUILD_MANAGER | Permission to use all the features in SourceBuild |
NCP_SOURCEBUILD_VIEWER | Permission to only use the View list and Search features in SourceBuild |
NCP_SOURCEBUILD_ADMIN | User permissions template managed in SourceBuild. Permission to create the ADMIN permissions policy managed in SourceCommit through the Load policy feature |
NCP_SOURCEBUILD_USER | User permissions template managed in SourceBuild. Permission to create the USER permissions policy managed in SourceCommit through the Load policy feature |
User-created policies
User-created policies are policies that users may create. Once the user-created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-created policies of SourceBuild.
Type | Action name | Related action | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getProjectList | - | - | SourceBuild | View project list |
View | View/getProjectDetail | View/getProjectList View/downloadArtifact | Project | SourceBuild | View project details |
View | View/getHistoryList | View/getProjectList View/getProjectDetail View/downloadArtifact | Project | SourceBuild | View build task result list |
View | View/downloadArtifact | View/getProjectList View/getProjectDetail | Project | SourceBuild | Download build result |
View | View/getRepositoryList | View/getProjectList View/getProjectDetail | Project | SourceCommit | View SourceCommmit repository list |
View | View/getRepositoryDetail | View/getRepositoryList | SourceCommit:Repository | SourceCommit | View SourceCommmit repository details |
View | View/getBucketList | View/getRepositoryList | SourceCommit:Repository | Object Storage | View Object Storage bucket list |
View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Object Storage | Select Object Storage bucket to save build result |
View | View/getRegistryList | View/getBucketList | ObjectStorage:Bucket | Container Registry | View Container Registry list |
View | View/getRegistryDetail | View/getRegistryList | ContainerRegistry:Registry | Container Registry | View Container Registry details |
View | View/accessFileSafer | View/getRegistryList | ContainerRegistry:Registry | File Safer | Connect to File Safer |
View | View/accessCloudLogAnalytics | View/getRegistryList | ContainerRegistry:Registry | Cloud Log Analytics | Cloud Log Analytics integration |
View | View/getNotificationList | - | Project | SourceBuild | View notification recipient list |
View | View/getSourceBandOrganizationList | - | - | SourceBand | View SourceBand organization list |
View | View/getSourceBandOrganizationDetail | View/getSourceBandOrganizationList | SourceBand:Organization | SourceBand | View SourceBand organization details |
View | View/getSourceBandProjectList | View/getSourceBandOrganizationDetail | - | SourceBand | View SourceBand project list |
View | View/getSourceBandProjectDetail | View/getSourceBandProjectList | SourceBand:Project | SourceBand | View SourceBand project details |
Change | Change/createProject | View/getProjectList View/getRepositoryList View/getRepositoryDetail View/getBucketList View/getBucketDetail View/getRegistryList View/getRegistryDetail View/accessFileSafer View/accessCloudLogAnalytics | ContainerRegistry:Registry | SourceBuild | Create project |
Change | Change/changeProject | View/getProjectList View/getProjectDetail View/getRepositoryList View/getRepositoryDetail View/getBucketList View/getBucketDetail View/getRegistryList View/getRegistryDetail View/accessFileSafer View/accessCloudLogAnalytics | Project | SourceBuild | Change project settings |
Change | Change/deleteProject | View/getProjectList View/getProjectDetail | Project | SourceBuild | Delete project |
Change | Change/doBuild | View/getProjectList View/getProjectDetail View/getHistoryList View/getRepositoryDetail View/getBucketList View/getBucketDetail View/getRegistryList View/getRegistryDetail | Project | SourceBuild | Execute/cancel project (build) |
Even when you are granted a permission for a specific action, you won't be able to perform the task properly unless you are also granted a permission for the related actions that are required. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system will not forcibly include them since it regards such de-selection done intentionally by the main account user. Thus, caution is advised when setting permissions.