Available in Classic and VPC
You can set different access permissions for Resource Manager using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account menu on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Resource Manager. Here are the available system-managed policies for Resource Manager:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage billing information and expense > Manage billing and payment in the console |
| NCP_FINANCE_MANAGER | Access limited to Cost Explorer services and My Account > Manage billing information and expense > Manage billing and payment in the console |
| NCP_RESOURCE_MANAGER_MANAGER | Permission to use all the features in Resource Manager |
| NCP_RESOURCE_MANAGER_VIEWER | Permission to only use the view list and view feature in Resource Manager |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Resource Manager:
| Type | Action | Related action | Resource type | Group by resource type | Action description | Condition Key |
|---|---|---|---|---|---|---|
| View | View/getGroupDetail | View/getGroupList | Group | Group | Viewing Group Details. | - All principal properties condition keys |
| View | View/getGroupList | - | - | Group | View group lists | - All principal properties condition keys |
| View | View/getObserverDetail | View/getObserverList | Observer | Observer | View observer details | - All principal properties condition keys - ncp:resourceTag |
| View | View/getObserverList | - | - | Observer | View observer list | - All principal properties condition keys |
| View | View/getResourceHistory | View/getResourceList | - | Resource | View resource task history | - All principal properties condition keys |
| View | View/getResourceList | - | - | Resource | View resource list | - All principal properties condition keys |
| View | view/getRecipientList | change/manageNotificationSetting | - | Observer | View the notification recipient group and recipients under notification recipient | - All principal properties condition keys |
| View | view/getActionList | change/manageNotificationSetting | - | Observer | View the list of actions in Cloud Functions | - All principal properties condition keys |
| View | view/getActionDetail | change/manageNotificationSetting | Cloud Functions:Action | Observer | View the details of an action in Cloud Functions | - All principal properties condition keys |
| Change | Change/createGroup | View/getGroupList | - | Group | Create groups | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
| Change | Change/createObserver | View/getObserverList | - | Observer | Create observer | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
| Change | Change/deleteGroup | View/getGroupList View/getGroupDetail |
Group | Group | Delete groups | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/deleteObserver | View/getObserverList View/getObserverDetail |
Observer | Observer | Delete observer | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/updateGroup | View/getGroupList View/getGroupDetail |
Group | Group | Change group settings | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/updateObserver | get/observerList get/ObserverDetail get/RecipientDetail change/manageNotificationSetting get/actionList get/actionDetail |
Observer | Observer | Change observer settings | - All principal properties condition keys - ncp:resourceTag |
| Change | Change/updateResourceTag | View/getResourceList | - | Resource | Manage resource tags | - All principal properties condition keys - ncp:requestTag - ncp:resourceTag |
| Change | Change/manageNotificationSetting | View/getResourceList | - | Observer | Configure action in observer | - All principal properties condition keys |
| Change | Change/tagObserver | View/getObserverList View/getObserverDetail |
Observer | Observer | Tagging an Observer | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
| Change | Change/untagObserver | View/getObserverList View/getObserverDetail |
Observer | Observer | Delete an Observer's tags | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
| Change | Change/tagGroup | View/getGroupList View/getGroupDetail |
Group | Group | Tagging a Group | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
| Change | Change/untagGroup | View/getGroupList View/getGroupDetail |
Group | Group | Delete a tag in a Group | - All principal properties condition keys - ncp:resourceTag - ncp:requestTag |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.