Available in VPC
You can set different access permissions for Data Forest using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Data Forest. Here are the available system-managed policies for Data Forest:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_FINANCE_MANAGER | Access limited to the Cost Explorer services and My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_DATA_FOREST_VIEWER | View-only access to all Data Forest features and lists |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Data Forest:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getAccountList | - | - | Account | View account list |
| View | View/getAccountDetail | View/getAccountList | Account | Account | View account details |
| View | View/downloadAccountKerberosKeytab | View/getAccountList View/getAccountDetail |
Account | Account | Download account's Kerberos keytab |
| View | View/getAppList | View/getAccountList View/getAccountDetail |
- | Data | View app list |
| View | View/getAppDetail | View/getAccountList View/getAccountDetail View/getAppList |
App | Data Forest | View app details |
| View | View/getMonitoring | View/getAccountList View/getAccountDetail View/getAppList |
- | - | App monitoring |
| Change | Change/createAccount | View/getAccountList | - | Account | Create account |
| Change | Change/deleteAccount | View/getAccountList View/getAccountDetail |
Account | Account | Delete account |
| Change | Change/setAccountQuota | View/getAccountList View/getAccountDetail |
Account | Account | Change account's quota |
| Change | Change/resetAccountKerberosKeytab | View/getAccountList View/getAccountDetail |
Account | Account | Initialize account's Kerberos keytab |
| Change | Change/resetAccountPassword | View/getAccountList View/getAccountDetail |
Account | Account | Initialize account password |
| Change | Change/createApp | View/getAccountList View/getAccountDetail View/getAppList View/getAppDetail |
Account | Data Forest | Create app |
| Change | Change/deleteApp | View/getAccountList View/getAccountDetail View/getAppList View/getAppDetail |
App | Data Forest | Delete app |
| Change | Change/setAppLifetime | View/getAccountList View/getAccountDetail View/getAppList View/getAppDetail |
App | Data Forest | Change app's lifetime |
| Change | Change/setAppContainerCount | View/getAccountList View/getAccountDetail View/getAppList View/getAppDetail |
App | Data Forest | Change the number of app's Component Containers |
| Change | Change/startApp | View/getAccountList View/getAccountDetail Viewf/getAppList View/getAppDetail |
App | Data Forest | Start app |
| Change | Change/stopApp | View/getAccountList View/getAccountDetail View/getAppList View/getAppDetail |
App | Data Forest | Stop app |
| Change | Change/killApplicationMaster | View/getAccountList View/getAccountDetail View/getAppList View/getAppDetail |
App | Data Forest | Restart app's Application Master |
| Change | Change/killAppContainer | View/getAccountList View/getAccountDetail View/getAppList View/getAppDetail |
App | Data Forest | Restart app's Component Container |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.