- Print
- PDF
Managing Load Balancer permissions
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Load Balancer. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use Load Balancer. The following is a brief description about System Managed policies of Load Balancer.
Policy name | Policy description |
---|---|
NCP_VPC_LOAD_BALANCER_MANAGER | Permission to use all features of the VPC-based Load Balancer product |
NCP_VPC_LOAD_BALANCER_VIEWER | Permission to only use the View feature of the VPC-based Load Balancer product |
User Created policies
User Created policies are policies that users can create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Load Balancer.
Type | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getLoadBalancerInstanceDetail | View/getLoadBalancerInstanceList | LoadBalancer | LoadBalancer | Select server to apply load balancer. |
View | View/getLoadBalancerInstanceList | - | - | LoadBalancer | View list of servers to apply load balancer. |
View | View/getLoadBalancerMonitor | View/getLoadBalancerListenerList View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail | LoadBalancer | LoadBalancer | Load balancer monitoring |
View | View/getSSLCertificateDetail | View/getSSLCertificateList | CertificateManager:Certificate | LoadBalancer | Select certificate for HTTPS listener configuration. |
View | View/getSSLCertificateList | - | - | LoadBalancer | View certificate list for HTTPS listener configuration. |
View | View/downloadLoadBalancerList | - | LoadBalancer | LoadBalancer | Download load balancer information. |
View | View/getVPCList | - | - | VPC | View VPC list to create servers. |
View | View/getVPCDetail | View/getVPCList | VPC:VPC | VPC | View VPC details. |
View | View/downloadTargetGroupList | - | TargetGroup | TargetGroup | Download target group information. |
View | View/getLoadBalancerListenerDetail | View/getLoadBalancerListenerList | Listener | Listener | Select load balancer listener and view its details. |
View | View/getLoadBalancerListenerList | View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail | LoadBalancer | Listener | View load balancer listener list. |
View | View/getLoadBalancerRuleDetail | View/getLoadBalancerInstanceList | Rule | Rule | View load balancer’s branching rule details. |
View | View/getLoadBalancerRuleList | View/getLoadBalancerListenerList View/getLoadBalancerInstanceDetail View/getLoadBalancerInstanceList | Listener | Rule | View load balancer branching rule list. |
View | View/getServerInstanceDetail | View/getServerInstanceList | VPCServer:Server | Server | View server details. |
View | View/getServerInstanceList | - | - | Server | View server instance (VM) list. |
View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | Subnet | View subnet details. |
View | View/getSubnetList | - | - | Subnet | View subnet list. |
View | View/getTargetGroupDetail | View/getTargetGroupList | TargetGroup | TargetGroup | Select target group and view its details. |
View | View/getTargetGroupList | View/getTargetGroupDetail | - | TargetGroup | Download target group list. |
View | View/getTargetGroupMonitor | View/getTargetGroupDetail View/getTargetGroupList | TargetGroup | TargetGroup | Target group monitoring |
View | View/getTargetList | View/getTargetGroupDetail View/getTargetGroupList | TargetGroup | TargetGroup | View binding target list. |
Change | Change/changeLoadBalancerInstanceConfiguration | View/getSSLCertificateDetail Change/setLoadbalancerAccesslog View/getSSLCertificateList View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail | LoadBalancer | LoadBalancer | Modify load balancer settings. |
Change | Change/changeLoadBalancerListenerConfiguration | View/getSSLCertificateDetail View/getLoadBalancerListenerList View/getSSLCertificateList View/getLoadBalancerListenerDetail | Listener | Listener | Modify load balancer details. |
Change | Change/changeLoadBalancerRuleConfiguration | View/getTargetGroupDetail View/getLoadBalancerListenerList View/getTargetGroupList View/getLoadBalancerListenerDetail View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail View/getLoadBalancerRuleList | Rule | Rule | Modify load balancer rule settings. |
Change | Change/changeTargetGroupConfiguration | View/getTargetGroupDetail View/getTargetGroupList | TargetGroup | TargetGroup | Modify target group settings. |
Change | Change/changeTargetGroupHealthCheckConfiguration | View/getTargetGroupDetail View/getTargetGroupList | TargetGroup | TargetGroup | Modify target group’s health check rule. |
Change | Change/createLoadBalancerInstance | View/getSubnetList View/getSSLCertificateDetail View/getTargetGroupDetail View/getTargetGroupList View/getSubnetDetail View/getServerInstanceList View/getSSLCertificateList View/getServerInstanceDetail View/getLoadBalancerInstanceList View/getVPCDetail View/getVPCList | - | LoadBalancer | Create load balancer. |
Change | Change/createLoadBalancerListener | View/getSSLCertificateDetail View/getTargetGroupDetail View/getLoadBalancerListenerList View/getTargetGroupList View/getSSLCertificateList View/getLoadBalancerListenerDetail | - | Listener | Create load balancer listener. |
Change | Change/createLoadBalancerRule | View/getTargetGroupDetail View/getLoadBalancerListenerList View/getTargetGroupList View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail View/getLoadBalancerRuleList | - | Rule | Create load balancer branching rule. |
Change | Change/createTargetGroup | View/getTargetGroupDetail View/getTargetGroupList View/getServerInstanceList View/getServerInstanceDetail View/getVPCDetail View/getVPCList | - | TargetGroup | Create target group. |
Change | Change/deleteLoadBalancerInstance | View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail | LoadBalancer | LoadBalancer | Delete load balancer. |
Change | Change/deleteLoadBalancerListener | View/getLoadBalancerListenerList View/getLoadBalancerListenerDetail | Listener | Listener | Delete load balancer listener. |
Change | Change/deleteLoadBalancerRule | View/getLoadBalancerListenerList View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail View/getLoadBalancerRuleDetail View/getLoadBalancerRuleList | Rule | Rule | Delete load balancer branching rule. |
Change | Change/deleteTargetGroup | View/getTargetGroupList | TargetGroup | TargetGroup | Delete targetGroup. |
Change | Change/setLoadBalancerDescription | View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail | LoadBalancer | LoadBalancer | Modify load balancer memo. |
Change | Change/setLoadBalancerInstanceSubnet | View/getSubnetList View/getSubnetDetail View/getLoadBalancerInstanceList View/getLoadBalancerInstanceDetail | LoadBalancer | LoadBalancer | Set load balancer subnet. |
Change | Change/setLoadbalancerAccesslog | - | LoadBalancer | LoadBalancer | Collect load balancer’s access log and link with the CLA service. |
Change | Change/setTarget | View/getTargetGroupList View/getServerInstanceList View/getServerInstanceDetail | TargetGroup | TargetGroup | Set target group’s binding target. |
Change | Change/setTargetGroupDescription | View/getTargetGroupList | TargetGroup | TargetGroup | Modify target group memo. |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be careful when setting permissions.