Managing SourceDeploy permissions
-
Print
-
PDF
Managing SourceDeploy permissions
-
Print
-
PDF
It is available in a Classic/VPC environment.
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for SourceDeploy. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Note
Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use SourceDeploy. The following is a brief description about System Managed policies of SourceDeploy.
Classic
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
| NCP_SOURCEDEPLOY_MANAGER | Permission to use all the features in SourceDeploy |
| NCP_SOURCEDEPLOY_VIEWER | Permission to only use the View list and Search features in SourceDeploy |
| NCP_SOURCEDEPLOY_APPROVER | Approver permission managed in SourceDeploy |
| NCP_SOURCEDEPLOY_USER | User permission managed in SourceDeploy |
| NCP_SOURCEDEPLOY_ADMIN | Admin permission managed in SourceDeploy |
VPC
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
| NCP_VPC_SOURCEDEPLOY_MANAGER | Permission to use all the features in VPC-based SourceDeploy |
| NCP_VPC_SOURCEDEPLOY_VIEWER | Permission to only use the View list and Search features in VPC-based SourceDeploy |
| NCP_VPC_SOURCEDEPLOY_APPROVER | Approver permission managed in VPC-based SourceDeploy |
| NCP_VPC_SOURCEDEPLOY_USER | User permission managed in VPC-based SourceDeploy |
| NCP_VPC_SOURCEDEPLOY_ADMIN | Admin permission managed in VPC-based SourceDeploy |
User Created policies
User Created policies are policies that users can create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User created policies of SourceDeploy.
Classic
| Type | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getProjectList | - | - | SourceDeploy | View project list. |
| View | View/getProjectDetail | View/getProjectList | Project | SourceDeploy | View project details. |
| View | View/getHistoryList | View/getProjectList | Project | SourceDeploy | View deployment history list. |
| View | View/getServerList | View/getProjectList | Project | Server | View Server's server list. |
| View | View/getServerDetail | View/getServerList | Server:Server | Server | View Server details. |
| View | View/getAutoScalingGroupList | View/getServerList | Server:Server | Auto Scaling | View Auto Scaling Group list in Auto Scaling. |
| View | View/getAutoScalingGroupDetail | View/getAutoScalingGroupList | AutoScaling:AutoScalingGroup | Auto Scaling | View Auto Scaling Group details in Auto Scaling. |
| View | View/getKubernetesClusterList | View/getAutoScalingGroupList | AutoScaling:AutoScalingGroup | Kubernetes Service | View cluster list in Kubernetes Service. |
| View | View/getKubernetesClusterDetail | View/getKubernetesClusterList | KubernetesService:Cluster | Kubernetes Service | View cluster details in Kubernetes Service. |
| View | View/getBuildProjectList | View/getKubernetesClusterList | KubernetesService:Cluster | SourceBuild | View SourceBuild project list. |
| View | View/getBuildProjectDetail | View/getKubernetesClusterList | SourceBuild:Project | SourceBuild | View SourceBuild project details. |
| View | View/getBucketList | View/getKubernetesClusterList | SourceBuild:Project | Object Storage | View Object Storage bucket list. |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Object Storage | View bucket details in Object Storage. |
| View | View/getRepositoryList | View/getBucketList | ObjectStorage:Bucket | SourceCommit | View repository list in SourceCommit. |
| View | View/getRepositoryDetail | View/getRepositoryList | SourceCommit:Repository | SourceCommit | View repository details in SourceCommit. |
| View | View/getLoadBalancerList | View/getRepositoryList | SourceCommit:Repository | Load Balancer | View load balancer list. |
| View | View/getLoadBalancerDetail | View/getLoadBalancerList | LoadBalancer:Instance | Load Balancer | View load balancer details. |
| Change | Change/createProject | View/getProjectList View/getProjectDetail View/getServerDetail View/getServerList View/getAutoScalingGroupDetail View/getAutoScalingGroupList View/getKubernetesClusterDetail View/getKubernetesClusterList View/getBuildProjectDetail View/getBuildProjectList View/getRepositoryList View/getRepositoryDetail View/getBucketList View/getBucketDetail |
LoadBalancer:Instance | SourceDeploy | Create project. |
| Change | Change/changeProject | View/getProjectList View/getProjectDetail View/getServerDetail View/getServerList View/getAutoScalingGroupDetail View/getAutoScalingGroupList View/getKubernetesClusterDetail View/getKubernetesClusterList View/getBuildProjectDetail View/getBuildProjectList View/getRepositoryList View/getRepositoryDetail View/getBucketList View/getBucketDetail |
Project | SourceDeploy | Change project settings. |
| Change | Change/deleteProject | View/getProjectDetail View/getProjectList |
Project | SourceDeploy | Delete project. |
| Change | Change/doDeploy | View/getProjectList View/getProjectDetail View/getHistoryList View/getBucketList View/getBucketDetail View/getBuildProjectDetail View/getBuildProjectList |
Project | SourceDeploy | Run project deployment scenario. |
| Change | Change/requestDeploy | View/getProjectList View/getProjectDetail View/getHistoryList View/getBucketList View/getBucketDetail View/getBuildProjectDetail View/getBuildProjectList |
Project | SourceDeploy | Request to run project deployment scenario. |
| Change | Change/approveDeploy | View/getProjectList View/getProjectDetail View/getHistoryList |
Project | SourceDeploy | Approve the run request for a project deployment scenario. |
VPC
| Type | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getProjectList | - | - | SourceDeploy | View project list. |
| View | View/getProjectDetail | View/getProjectList | Project | SourceDeploy | View project details. |
| View | View/getHistoryList | View/getProjectList | Project | SourceDeploy | View deployment history list. |
| View | View/getServerList | View/getProjectList | Project | Server | View Server's server list. |
| View | View/getServerDetail | View/getServerList | VPCServer:Server | Server | View Server details. |
| View | View/getAutoScalingGroupList | View/getServerList | VPCServer:Server | Auto Scaling | View Auto Scaling Group list in Auto Scaling. |
| View | View/getAutoScalingGroupDetail | View/getAutoScalingGroupList | VPCAutoScaling:AutoScalingGroup | Auto Scaling | View Auto Scaling Group details in Auto Scaling. |
| View | View/getKubernetesClusterList | View/getAutoScalingGroupList | VPCAutoScaling:AutoScalingGroup | Kubernetes Service | View cluster list in Kubernetes Service. |
| View | View/getKubernetesClusterDetail | View/getKubernetesClusterList | VPCKubernetesService:Cluster | Kubernetes Service | View cluster details in Kubernetes Service. |
| View | View/getBuildProjectList | View/getKubernetesClusterList | VPCKubernetesService:Cluster | SourceBuild | View SourceBuild project list. |
| View | View/getBuildProjectDetail | View/getKubernetesClusterList | SourceBuild:Project | SourceBuild | View SourceBuild project details. |
| View | View/getBucketList | View/getKubernetesClusterList | SourceBuild:Project | Object Storage | View Object Storage bucket list. |
| View | View/getBucketDetail | View/getBucketList | ObjectStorage:Bucket | Object Storage | View Object Storage bucket details. |
| View | View/getRepositoryList | View/getBucketList | ObjectStorage:Bucket | SourceCommit | View repository list in SourceCommit. |
| View | View/getRepositoryDetail | View/getRepositoryList | SourceCommit:Repository | SourceCommit | View repository details in SourceCommit. |
| View | View/getLoadBalancerList | View/getRepositoryList | SourceCommit:Repository | Load Balancer | View load balancer list. |
| View | View/getLoadBalancerDetail | View/getLoadBalancerList | VPCLoadBalancer:LoadBalancer | Load Balancer | View load balancer details. |
| Change | Change/createProject | View/getProjectList View/getProjectDetail View/getServerDetail View/getServerList View/getAutoScalingGroupDetail View/getAutoScalingGroupList View/getKubernetesClusterDetail View/getKubernetesClusterList View/getBuildProjectDetail View/getBuildProjectList View/getRepositoryList View/getRepositoryDetail View/getBucketList View/getBucketDetail |
VPCLoadBalancer:LoadBalancer | SourceDeploy | Create project. |
| Change | Change/changeProject | View/getProjectList View/getProjectDetail View/getServerDetail View/getServerList View/getAutoScalingGroupDetail View/getAutoScalingGroupList View/getKubernetesClusterDetail View/getKubernetesClusterList View/getBuildProjectDetail View/getBuildProjectList View/getRepositoryList View/getRepositoryDetail View/getBucketList View/getBucketDetail |
Project | SourceDeploy | Change project settings. |
| Change | Change/deleteProject | View/getProjectDetail View/getProjectList |
Project | SourceDeploy | Delete project. |
| Change | Change/doDeploy | View/getProjectList View/getProjectDetail View/getHistoryList View/getBucketList View/getBucketDetail View/getBuildProjectDetail View/getBuildProjectList |
Project | SourceDeploy | Run project deployment scenario. |
| Change | Change/requestDeploy | View/getProjectList View/getProjectDetail View/getHistoryList View/getBucketList View/getBucketDetail View/getBuildProjectDetail View/getBuildProjectList |
Project | SourceDeploy | Request to run project deployment scenario. |
| Change | Change/approveDeploy | View/getProjectList View/getProjectDetail View/getHistoryList |
Project | SourceDeploy | Approve project deployment scenario execution request. |
Caution
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be careful when setting permissions.
Was this article helpful?