SourceDeploy permissions management

Available in Classic and VPC

By using Sub Account, NAVER Cloud Platform's account management service, you can set different access permissions for SourceDeploy. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.

Note

Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.

System-managed policies

System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use SourceDeploy. Here are the available system-managed policies for SourceDeploy.

Classic

Policy name	Policy description
NCP_ADMINISTRATOR	Full access to all services, same as the main account
NCP_INFRA_MANAGER	Access to all services, except My Account > Billing Information and Cost Management > Billing and Payment Management in the console
NCP_FINANCE_MANAGER	Access to only the Cost Explorer service and the console menu My Account > Billing Information and Cost Management > Billing and Payment Management
NCP_SOURCEDEPLOY_MANAGER	Full access to all SourceDeploy features
NCP_SOURCEDEPLOY_VIEWER	Permission to only use the View list and Search features in SourceDeploy
NCP_SOURCEDEPLOY_APPROVER	APPROVER (deployment approval admin) permission managed in SourceDeploy
NCP_SOURCEDEPLOY_USER	USER permission managed in SourceDeploy
NCP_SOURCEDEPLOY_ADMIN	ADMIN permission managed in SourceDeploy

VPC

Policy name	Policy description
NCP_ADMINISTRATOR	Full access to all services, same as the main account
NCP_INFRA_MANAGER	Access to all services, except My Account > Billing Information and Cost Management > Billing and Payment Management in the console
NCP_FINANCE_MANAGER	Access to only the Cost Explorer service and the console menu My Account > Billing Information and Cost Management > Billing and Payment Management
NCP_VPC_SOURCEDEPLOY_MANAGER	Full access to all SourceDeploy features on the VPC platform
NCP_VPC_SOURCEDEPLOY_VIEWER	Permission to only use the View list and Search features in VPC-based SourceDeploy
NCP_VPC_SOURCEDEPLOY_APPROVER	APPROVER (deployment approval admin) permission managed in VPC-based SourceDeploy
NCP_VPC_SOURCEDEPLOY_USER	USER permission managed in VPC-based SourceDeploy
NCP_VPC_SOURCEDEPLOY_ADMIN	ADMIN permission managed in VPC-based SourceDeploy

User-defined policies

User-created policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. The following describes user-created policies of SourceDeploy:

Classic

VPC

| Type | Action | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getProjectList | - | - | SourceDeploy | View project list. |
| View | View/getProjectDetail | View/getProjectList | Project | SourceDeploy | View project details. |
| View | View/getHistoryList | - | Project | SourceDeploy | View deployment history list. |
| View | View/getServerList | - | - | Server | View Server list. |
| View | View/getServerDetail | View/getServerList | VPCServer:Server | Server | View Server details. |
| View | View/getAutoScalingGroupList | - | - | Auto Scaling | View Auto Scaling Group list in Auto Scaling. |
| View | View/getAutoScalingGroupDetail | View/getAutoScalingGroupList | VPCAutoScaling:AutoScalingGroup | Auto Scaling | View Auto Scaling Group details in Auto Scaling. |
| View | View/getKubernetesClusterList | - | - | Kubernetes Service | View cluster list in Kubernetes Service. |
| View | View/getKubernetesClusterDetail | View/getKubernetesClusterList | VPCKubernetesService:Cluster | Kubernetes Service | View cluster details in Kubernetes Service. |
| View | View/getBuildProjectList | - | - | SourceBuild | View SourceBuild project list. |
| View | View/getBuildProjectDetail | - | SourceBuild:Project | SourceBuild | View SourceBuild project details. |
| View | View/getBucketList | - | - | Object Storage | View Object Storage bucket list. |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Object Storage | View Object Storage bucket details. |
| View | View/getRepositoryList | - | - | SourceCommit | View repository list in SourceCommit. |
| View | View/getRepositoryDetail | View/getRepositoryList | SourceCommit:Repository | SourceCommit | View repository details in SourceCommit. |
| View | View/getLoadBalancerList | - | - | Load Balancer | View Load Balancer list. |
| View | View/getLoadBalancerDetail | View/getLoadBalancerList | VPCLoadBalancer:LoadBalancer | Load Balancer | View Load Balancer details. |
| View | View/getSourceBandOrganizationList | - | - | SourceBand | View SourceBand organization list. |
| View | View/getSourceBandOrganizationDetail | View/getSourceBandOrganizationList | SourceBand:Organization | SourceBand | View SourceBand organization details. |
| View | View/getSourceBandProjectList | View/getSourceBandOrganizationList
View/getSourceBandOrganizationDetail | - | SourceBand | View SourceBand project list. |
| View | View/getSourceBandProjectDetail | View/getSourceBandOrganizationList
View/getSourceBandProjectList
View/getSourceBandOrganizationDetail | SourceBand:Project | SourceBand | View SourceBand project details. |
| Change | Change/createProject | View/getProjectList
View/getProjectDetail
View/getServerDetail
View/getServerList
View/getAutoScalingGroupDetail
View/getAutoScalingGroupList
View/getKubernetesClusterDetail
View/getKubernetesClusterList
View/getBuildProjectDetail
View/getBuildProjectList
View/getRepositoryList
View/getRepositoryDetail
View/getBucketList
View/getBucketDetail | - | SourceDeploy | Create project. |
| Change | Change/changeProject | View/getProjectList
View/getProjectDetail
View/getServerDetail
View/getServerList
View/getAutoScalingGroupDetail
View/getAutoScalingGroupList
View/getKubernetesClusterDetail
View/getKubernetesClusterList
View/getBuildProjectDetail
View/getBuildProjectList
View/getRepositoryList
View/getRepositoryDetail
View/getBucketList
View/getBucketDetail | Project | SourceDeploy | Change project settings. |
| Change | Change/deleteProject | View/getProjectDetail
View/getProjectList | Project | SourceDeploy | Delete project. |
| Change | Change/doDeploy | View/getProjectList
View/getProjectDetail
View/getHistoryList
View/getBucketList
View/getBucketDetail
View/getBuildProjectDetail
View/getBuildProjectList | Project | SourceDeploy | Run project deployment quickstart. |
| Change | Change/requestDeploy | View/getProjectList
View/getProjectDetail
View/getHistoryList
View/getBucketList
View/getBucketDetail
View/getBuildProjectDetail
View/getBuildProjectList | Project | SourceDeploy | Request to run project deployment quickstart. |
| Change | Change/approveDeploy | View/getProjectList
View/getProjectDetail
View/getHistoryList | Project | SourceDeploy | Approve the run request for a project deployment quickstart. |

Caution

If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.