Available in Classic and VPC
You can set different access permissions for IPsec VPN using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to IPsec VPN. Here are the available system-managed policies for IPsec VPN:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, with the same scope as the main account |
| NCP_INFRA_MANAGER | Access to all services, except the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console |
| NCP_FINANCE_MANAGER | Access only to the Cost Explorer service and the My Account > Billing Information and Cost Management > Billing and Payment Management menu in the console |
| NCP_VPC_IPSEC_VPN_VIEWER | View-only access to all IPsec VPN list and view features on the VPC platform |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for IPsec VPN:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getIPsecVPNGatewayList | - | - | IPsec VPN (VPC) | View the IPsec VPN Gateway list |
| Veiw/getIPsecVPNGatewayDetail | View/getIPsecVPNGatewayList | IPsecVPNGateway | IPsec VPN (VPC) | View detailed information about the IPsec VPN Gateway | |
| View/getIPsecVPNTunnelList | - | - | IPsec VPN (VPC) | View the list of IPsec VPN Tunnels | |
| View/getIPsecVPNTunnelDetail | View/getIPsecVPNTunnelList | IPsecVPNTunnel | IPsec VPN (VPC) | View detailed information about the IPsec VPN Tunnel | |
| View/getRentalIPsecVPNList | - | - | IPsec VPN (VPC) | View the list of customer VPN gateway rental devices | |
| View/getRentalIPsecVPNDetail | View/getRentalIPsecVPNList | RentalIPsecVPN | IPsec VPN (VPC) | View detailed information about customer VPN gateway rental devices | |
| View/getVirtualPrivateGatewayList | - | - | IPsec VPN (VPC) | View Virtual Private Gateway list | |
| View/getVirtualPrivateGatewayGroupList | - | - | IPsec VPN (VPC) | View the list of Virtual Private Gateway Group | |
| View/getVirtualPrivateGatewayGroupDetail | - | - | IPsec VPN (VPC) | View detailed information about the Virtual Private Gateway Group | |
| Change | Change/createIPsecVPNGateway |
|
- | IPsec VPN (VPC) | Create IPsec VPN Gateway |
| Change/deleteIPsecVPNGateway |
|
IPsecVPNGateway | IPsec VPN (VPC) | Delete IPsec VPN Gateway | |
| Change/updateIPsecVPNGatewayDescription |
|
IPsecVPNGateway | IPsec VPN (VPC) | Change the IPsec VPN Gateway memo | |
| Change/createIPsecVPNTunnel |
|
- | IPsec VPN (VPC) | Create IPsec VPN Tunnel | |
| Change/deleteIPsecVPNTunnel |
|
IPsecVPNTunnel | IPsec VPN (VPC) | Delete IPsec VPN Tunnel | |
| Change/updateIPsecVPNTunnel |
|
IPsecVPNTunnel | IPsec VPN (VPC) | Change IPsec VPN Tunnel settings | |
| Change/updateIPsecVPNTunnelDescrtiption |
|
IPsecVPNTunnel | IPsec VPN (VPC) | Change the IPsec VPN Tunnel memo | |
| Change/createRentalIPsecVPN | View/getRentalIPsecVPNList | - | IPsec VPN (VPC) | Request rental of customer VPN Gateway equipment |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.