- Print
- PDF
IPsec VPN Permission Management
- Print
- PDF
Available in Classic and VPC.
By using Sub Account – NAVER Cloud Platform's account management service – you can set various access permissions for IPsec VPN. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, refer to the Service > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use IPsec VPN. The following is a brief description about System Managed policies of IPsec VPN.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_IPSEC_VPN_MANAGER | Permission to use all features of IPsec VPN |
NCP_VPC_IPSEC_VPN_MANAGER | Permission to use all the features in VPC-based IPsec VPN |
NCP_VPC_IPSEC_VPN_VIEWER | Permission to only use the View list and Search features in VPC-based IPsec VPN |
User Created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of IPsec VPN.
Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getIPsecVPNGatewayList | - | - | IPsec VPN (VPC) | View IPsec VPN gateway list |
Veiw/getIPsecVPNGatewayDetail | View/getIPsecVPNGatewayList | IPsecVPNGateway | IPsec VPN (VPC) | View IPsec VPN gateway details | |
View/getIPsecVPNTunnelList | - | - | IPsec VPN (VPC) | View IPsec VPN tunnel list | |
View/getIPsecVPNTunnelDetail | View/getIPsecVPNTunnelList | IPsecVPNTunnel | IPsec VPN (VPC) | View IPsec VPN Tunnel details | |
View/getRentalIPsecVPNList | - | - | IPsec VPN (VPC) | List of customer VPN gateway rental equipment | |
View/getRentalIPsecVPNDetail | View/getRentalIPsecVPNList | RentalIPsecVPN | IPsec VPN (VPC) | View detailed information of customer VPN gateway rental equipment | |
View/getVirtualPrivateGatewayList | - | - | IPsec VPN (VPC) | View virtual private gateway list | |
View/getVirtualPrivateGatewayGroupList | - | - | IPsec VPN (VPC) | View virtual private gateway group list | |
View/getVirtualPrivateGatewayGroupDetail | - | - | IPsec VPN (VPC) | View virtual private gateway group details | |
Change | Change/createIPsecVPNGateway | View/getVirtualPrivateGatewayGroupList View/getVirtualPrivateGatewayGroupDetail View/getIPsecVPNGatewayList | - | IPsec VPN (VPC) | Create IPsec VPN gateway |
Change/deleteIPsecVPNGateway | View/getIPsecVPNGatewayList View/getIPsecVPNGatewayDetail | IPsecVPNGateway | IPsec VPN (VPC) | Delete IPsec VPN gateway | |
Change/updateIPsecVPNGatewayDescription | View/getIPsecVPNGatewayList View/getIPsecVPNGatewayDetail | IPsecVPNGateway | IPsec VPN (VPC) | Edit IPsec VPN gateway memo | |
Change/createIPsecVPNTunnel | View/getIPsecVPNGatewayList View/getIPsecVPNGatewayDetail View/getIPsecVPNTunnelList View/getIPsecVPNTunnelDetail View/getVirtualPrivateGatewayList View/getVirtualPrivateGatewayGroupDetail | - | IPsec VPN (VPC) | Create IPsec VPN tunnel | |
Change/deleteIPsecVPNTunnel | View/getIPsecVPNTunnelList View/getIPsecVPNTunnelDetail | IPsecVPNTunnel | IPsec VPN (VPC) | Delete IPsec VPN tunnel | |
Change/updateIPsecVPNTunnel | View/getIPsecVPNTunnelList View/getIPsecVPNTunnelDetail | IPsecVPNTunnel | IPsec VPN (VPC) | Edit IPsec VPN tunnel settings | |
Change/updateIPsecVPNTunnelDescrtiption | View/getIPsecVPNTunnelList View/getIPsecVPNTunnelDetail | IPsecVPNTunnel | IPsec VPN (VPC) | Edit IPsec VPN tunnel memo | |
Change/createRentalIPsecVPN | View/getRentalIPsecVPNList | - | IPsec VPN (VPC) | Application for rental of customer VPN gateway equipment |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you will not be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.