Managing Virtual Private Cloud (VPC) permissions
  • PDF

Managing Virtual Private Cloud (VPC) permissions

  • PDF

Available in VPC

By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for VPC. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

Note

Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.

System Managed policies

System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use VPC. The following is a brief description about System Managed policies of VPC.

Policy name Policy description
NCP_VPC_MANAGER Permission to use all features within Virtual Private Cloud (VPC)
NCP_INFRA_MANAGER Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal

User Created policies

User Created policies are policies that users can create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User created policies of VPC.

Type Action name Related action(s) Resource type Group by resource type Action description
View View/getNATGatewayDetail View/getNATGatewayList NATGateway NATGateway View NAT gateway details.
View View/getNATGatewayList - - NATGateway View NAT gateway list.
View View/getNetworkACLDenyAllowGroupDetail View/getNetworkACLDenyAllowGroupList NetworkACLDenyAllowGroup NetworkACLDenyAllowGroup View NACL Deny-Allow group details.
View View/getNetworkACLDenyAllowGroupList - - NetworkACLDenyAllowGroup View NACL Deny-Allow group list.
View View/getNetworkACLDetail View/getNetworkACLList NetworkACL NetworkACL View network ACL details.
View View/getNetworkACLList - - NetworkACL View network ACL list.
View View/getOnPremiseGatewayDetail View/getOnPremiseGatewayList OnPremiseGateway OnPremiseGateway View on-premise gateway details/
View View/getOnPremiseGatewayList - - OnPremiseGateway View on-premise gateway list.
View View/getRouteTableDetail View/getRouteTableList RouteTable RouteTable View route table details.
View View/getRouteTableList - - RouteTable View route table list.
View View/getSubnetDetail View/getSubnetList Subnet Subnet View accessible subnets for service.
View View/getSubnetList - - Subnet View subnet list.
View View/getVPCDetail View/getVPCList VPC VPC View accessible VPCs for service.
View View/getVPCList - - VPC View VPC list.
View View/getVPCPeeringDetail View/getVPCPeeringList VPCPeering VPCPeering View VPC peering details.
View View/getVPCPeeringList - - VPCPeering View VPC peering list.
View View/getVirtualPrivateGatewayDetail View/getVirtualPrivateGatewayList VirtualPrivateGateway VirtualPrivateGateway View virtual private gateway details.
View View/getVirtualPrivateGatewayGroupDetail View/getVirtualPrivateGatewayGroupList VirtualPrivateGatewayGroup VirtualPrivateGatewayGroup View virtual private gateway group list.
View View/getVirtualPrivateGatewayGroupList - - VirtualPrivateGatewayGroup View virtual private gateway group list.
View View/getVirtualPrivateGatewayList - - VirtualPrivateGateway View virtual private gateway list.
Change Change/changeNetworkACLDenyAllowGroupIP View/getNetworkACLDenyAllowGroupList
View/getNetworkACLDenyAllowGroupDetail
NetworkACLDenyAllowGroup NetworkACLDenyAllowGroup Set IP for NACL Deny-Allow group.
Change Change/createNATGateway View/getNATGatewayList
View/getVPCDetail
View/getVPCList
- NATGateway Create NAT gateway.
Change Change/createNetworkACL View/getNetworkACLList
View/getVPCDetail
View/getVPCList
- NetworkACL Create network ACL.
Change Change/createNetworkACLDenyAllowGroup View/getNetworkACLDenyAllowGroupList
View/getVPCDetail
View/getVPCList
- NetworkACLDenyAllowGroup Create NACL Deny-Allow group.
Change Change/createOnPremiseGateway View/getVPCDetail
View/getOnPremiseGatewayList
View/getVPCList
- OnPremiseGateway Create on-premise gateway.
Change Change/createRouteTable View/getRouteTableList
View/getVPCDetail
View/getVPCList
- RouteTable Create route table.
Change Change/createSubnet View/getSubnetList
View/getNetworkACLList
View/getVPCDetail
View/getNetworkACLDetail
View/getVPCList
- Subnet Create subnet.
Change Change/createVPC View/getVPCList - VPC Create VPC.
Change Change/createVPCPeering View/getVPCPeeringList
View/getVPCDetail
View/getVPCList
- VPCPeering Create VPC peering.
Change Change/createVirtualPrivateGateway View/getVirtualPrivateGatewayList
View/getVPCDetail
View/getVPCList
- VirtualPrivateGateway Create virtual private gateway.
Change Change/createVirtualPrivateGatewayGroup View/getVirtualPrivateGatewayDetail
View/getVirtualPrivateGatewayGroupDetail
View/getVirtualPrivateGatewayGroupList
- VirtualPrivateGatewayGroup Create virtual private gateway group.
Change Change/createVirtualPrivateGatewayGroupAssociationProposal View/getVirtualPrivateGatewayDetail
View/getVirtualPrivateGatewayList
VirtualPrivateGateway VirtualPrivateGatewayGroup Request to be added to another account's virtual private gateway group.
Change Change/deleteNATGateway View/getNATGatewayDetail
View/getNATGatewayList
NATGateway NATGateway Delete NAT gateway.
Change Change/deleteNetworkACL View/getNetworkACLList
View/getNetworkACLDetail
NetworkACL NetworkACL Delete network ACL.
Change Change/deleteNetworkACLDenyAllowGroup View/getNetworkACLDenyAllowGroupList
View/getNetworkACLDenyAllowGroupDetail
NetworkACLDenyAllowGroup NetworkACLDenyAllowGroup Delete NACL Deny-Allow group.
Change Change/deleteOnPremiseGateway View/getOnPremiseGatewayDetail
View/getOnPremiseGatewayList
OnPremiseGateway OnPremiseGateway Delete on-premise gateway.
Change Change/deleteRouteTable View/getRouteTableList
View/getRouteTableDetail
RouteTable RouteTable Delete route table.
Change Change/deleteSubnet View/getSubnetList
View/getSubnetDetail
Subnet Subnet Delete subnet.
Change Change/deleteVPC View/getVPCDetail
View/getVPCList
VPC VPC Delete VPC.
Change Change/deleteVPCPeering View/getVPCPeeringDetail
View/getVPCPeeringList
VPCPeering VPCPeering Delete VPC peering.
Change Change/deleteVirtualPrivateGateway View/getVirtualPrivateGatewayDetail
View/getVirtualPrivateGatewayList
VirtualPrivateGateway VirtualPrivateGateway Delete virtual private gateway.
Change Change/deleteVirtualPrivateGatewayGroup View/getVirtualPrivateGatewayGroupDetail
View/getVirtualPrivateGatewayGroupList
VirtualPrivateGatewayGroup VirtualPrivateGatewayGroup Delete virtual private gateway group.
Change Change/manageVPCPeeringRequest View/getVPCPeeringList
View/getVPCDetail
Change/deleteVPCPeering
VPC VPCPeering Manage VPC peering request.
Change Change/setNATGatewayMemo View/getNATGatewayDetail
View/getNATGatewayList
NATGateway NATGateway Edit NAT gateway memo.
Change Change/setNetworkACLDenyAllowGroupMemo View/getNetworkACLDenyAllowGroupList
View/getNetworkACLDenyAllowGroupDetail
NetworkACLDenyAllowGroup NetworkACLDenyAllowGroup Edit NACL Deny-Allow group memo.
Change Change/setNetworkACLMemo View/getNetworkACLList
View/getNetworkACLDetail
NetworkACL NetworkACL Edit network ACL memo.
Change Change/setRouteTableMemo View/getRouteTableList
View/getRouteTableDetail
RouteTable RouteTable Edit route table memo.
Change Change/setSubnetNetworkACL View/getSubnetList
View/getSubnetDetail
View/getNetworkACLList
View/getNetworkACLDetail
Subnet Subnet Change subnet's network ACL.
Change Change/setVPCPeeringMemo View/getVPCPeeringDetail
View/getVPCPeeringList
VPCPeering VPCPeering Edit VPC peering memo.
Change Change/setVirtualPrivateGatewayMemo View/getVirtualPrivateGatewayDetail
View/getVirtualPrivateGatewayList
VirtualPrivateGateway VirtualPrivateGateway Edit virtual private gateway memo.
Change Change/updateNetworkACLRule View/getNetworkACLDenyAllowGroupList
View/getNetworkACLDenyAllowGroupDetail
View/getNetworkACLList
View/getNetworkACLDetail
NetworkACL NetworkACL Set network ACL rules.
Change Change/updateOnPremiseGatewayRoute View/getOnPremiseGatewayDetail
View/getOnPremiseGatewayList
OnPremiseGateway OnPremiseGateway Set on-premise gateway route table rules.
Change Change/updateRouteTableRule View/getRouteTableList
View/getRouteTableDetail
RouteTable RouteTable Set route table rules.
Change Change/updateRouteTableSubnet View/getSubnetList
View/getRouteTableList
View/getRouteTableDetail
View/getSubnetDetail
RouteTable RouteTable Set route table's related subnet.
Change Change/updateVirtualPrivateGatewayDescrtiption View/getVirtualPrivateGatewayDetail
View/getVirtualPrivateGatewayList
VirtualPrivateGateway VirtualPrivateGateway Edit virtual private gateway memo.
Change Change/updateVirtualPrivateGatewayGroup View/getVirtualPrivateGatewayDetail
View/getVirtualPrivateGatewayGroupDetail
View/getVirtualPrivateGatewayGroupList
VirtualPrivateGatewayGroup VirtualPrivateGatewayGroup Change virtual private gateway group settings.
Caution

Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be careful when setting permissions.


Was this article helpful?