Login
      Contents x
      Managing Virtual Private Cloud (VPC) permissions
        • Print
        • PDF
        Contents

        Managing Virtual Private Cloud (VPC) permissions

          • Print
          • PDF
          Article Summary

          Available in VPC

          By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for VPCs. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

          Note

          Sub Account is a free service provided upon subscription request without additional charge. For more information about Sub Account, see Services > Management & Governance > Sub Account in NAVER Cloud Platform portal, as well as the Sub Account user guide.

          System-managed policies

          System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use VPCs. The following is a brief description about System Managed policies of VPCs.

          Policy namePolicy description
          NCP_VPC_MANAGERPermission to use all functions within the Virtual Private Cloud (VPC)
          NCP_INFRA_MANAGERPermission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal

          User-defined policies

          User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about use-defined policies of VPCs:

          ClassificationAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getNATGatewayDetailView/getNATGatewayListNATGatewayNATGatewayViews NAT Gateway details
          ViewView/getNATGatewayList--NATGatewayViews NAT Gateway list
          ViewView/getNetworkACLDenyAllowGroupDetailView/getNetworkACLDenyAllowGroupListNetworkACLDenyAllowGroupNetworkACLDenyAllowGroupViews NACL Deny-Allow group details
          ViewView/getNetworkACLDenyAllowGroupList--NetworkACLDenyAllowGroupViews NACL Deny-Allow group list
          ViewView/getNetworkACLDetailView/getNetworkACLListNetworkACLNetworkACLViews Network ACL details
          ViewView/getNetworkACLList--NetworkACLViews Network ACL list
          ViewView/getOnPremiseGatewayDetailView/getOnPremiseGatewayListOnPremiseGatewayOnPremiseGatewayViews on-premise gateway details
          ViewView/getOnPremiseGatewayList--OnPremiseGatewayViews on-premise gateway list
          ViewView/getRouteTableDetailView/getRouteTableListRouteTableRouteTableViews route table details
          ViewView/getRouteTableList--RouteTableViews rote table list
          ViewView/getSubnetDetailView/getSubnetListSubnetSubnetViews accessible subnets for service
          ViewView/getSubnetList--SubnetViews subnet list
          ViewView/getVPCDetailView/getVPCListVPCVPCViews accessible VPCs for service
          ViewView/getVPCList--VPCViews VPC list
          ViewView/getVPCPeeringDetailView/getVPCPeeringListVPCPeeringVPCPeeringViews VPC peering details
          ViewView/getVPCPeeringList--VPCPeeringViews VPC peering list
          ViewView/getVirtualPrivateGatewayDetailView/getVirtualPrivateGatewayListVirtualPrivateGatewayVirtualPrivateGatewayViews virtual private gateway group details
          ViewView/getVirtualPrivateGatewayGroupDetailView/getVirtualPrivateGatewayGroupListVirtualPrivateGatewayGroupVirtualPrivateGatewayGroupView virtual private gateway group list
          ViewView/getVirtualPrivateGatewayGroupList--VirtualPrivateGatewayGroupView virtual private gateway group list
          ViewView/getVirtualPrivateGatewayList--VirtualPrivateGatewayViews virtual private gateway list
          ViewView/getEndpointRouteTableList--EndpointRouteTableViews Endpoint Route Table list
          ViewView/getEndpointRouteTableDetailView/getEndpointRouteTableListEndpointRouteTableEndpointRouteTableViews Endpoint Route Table details
          ViewView/getServiceFunctionChainList--ServiceFunctionChainViews Server Function Chain list
          ViewView/getServiceFunctionChainDetailView/getServiceFunctionChainListServiceFunctionChainServiceFunctionChainViews Server Function Chain details
          ViewView/getTransitVpcConnectList--TransitVpcConnectViews transit VPC connect list
          ViewView/getTransitVpcConnectDetailView/getServiceFunctionChainListTransitVpcConnectTransitVpcConnectViews transit VPC connect details
          ChangeChange/changeNetworkACLDenyAllowGroupIPView/getNetworkACLDenyAllowGroupList
          View/getNetworkACLDenyAllowGroupDetail          		NetworkACLDenyAllowGroupNetworkACLDenyAllowGroupSets NACL Deny-Allow group's IP
          ChangeChange/createNATGatewayView/getNATGatewayList
          View/getVPCDetail
          View/getVPCList          		-NATGatewayCreate NAT Gateway
          ChangeChange/createNetworkACLView/getNetworkACLList
          View/getVPCDetail
          View/getVPCList          		-NetworkACLCreates network ACL
          ChangeChange/createNetworkACLDenyAllowGroupView/getNetworkACLDenyAllowGroupList
          View/getVPCDetail
          View/getVPCList          		-NetworkACLDenyAllowGroupCreates NACL Deny-Allow group
          ChangeChange/createOnPremiseGatewayView/getVPCDetail
          View/getOnPremiseGatewayList
          View/getVPCList          		-OnPremiseGatewayCreates on-premise gateway
          ChangeChange/createRouteTableView/getRouteTableList
          View/getVPCDetail
          View/getVPCList          		-RouteTableCreates route table
          ChangeChange/createSubnetView/getSubnetList
          View/getNetworkACLList
          View/getVPCDetail
          View/getNetworkACLDetail
          View/getVPCList          		-SubnetCreate subnet
          ChangeChange/createVPCView/getVPCList-VPCCreate VPC
          ChangeChange/createVPCPeeringView/getVPCPeeringList
          View/getVPCDetail
          View/getVPCList          		-VPCPeeringCreates VPC peering
          ChangeChange/createVirtualPrivateGatewayView/getVirtualPrivateGatewayList
          View/getVPCDetail
          View/getVPCList          		-VirtualPrivateGatewayCreates virtual private gateway
          ChangeChange/createVirtualPrivateGatewayGroupView/getVirtualPrivateGatewayDetail
          View/getVirtualPrivateGatewayGroupDetail
          View/getVirtualPrivateGatewayGroupList          		-VirtualPrivateGatewayGroupCreate virtual private gateway group
          ChangeChange/createVirtualPrivateGatewayGroupAssociationProposalView/getVirtualPrivateGatewayDetail
          View/getVirtualPrivateGatewayList          		VirtualPrivateGatewayVirtualPrivateGatewayGroupRequests to be added to another account's virtual private gateway group
          ChangeChange/deleteNATGatewayView/getNATGatewayDetail
          View/getNATGatewayList          		NATGatewayNATGatewayDelete NAT Gateway
          ChangeChange/deleteNetworkACLView/getNetworkACLList
          View/getNetworkACLDetail          		NetworkACLNetworkACLDelete network ACL
          ChangeChange/deleteNetworkACLDenyAllowGroupView/getNetworkACLDenyAllowGroupList
          View/getNetworkACLDenyAllowGroupDetail          		NetworkACLDenyAllowGroupNetworkACLDenyAllowGroupDelete NACL Deny-Allow group
          ChangeChange/deleteOnPremiseGatewayView/getOnPremiseGatewayDetail
          View/getOnPremiseGatewayList          		OnPremiseGatewayOnPremiseGatewayDelete on-premise gateway
          ChangeChange/deleteRouteTableView/getRouteTableList
          View/getRouteTableDetail          		RouteTableRouteTableDelete route table
          ChangeChange/deleteSubnetView/getSubnetList
          View/getSubnetDetail          		SubnetSubnetDelete subnet
          ChangeChange/deleteVPCView/getVPCDetail
          View/getVPCList          		VPCVPCDelete VPC
          ChangeChange/deleteVPCPeeringView/getVPCPeeringDetail
          View/getVPCPeeringList          		VPCPeeringVPCPeeringDelete VPC peering
          ChangeChange/deleteVirtualPrivateGatewayView/getVirtualPrivateGatewayDetail
          View/getVirtualPrivateGatewayList          		VirtualPrivateGatewayVirtualPrivateGatewayDelete virtual private gateway
          ChangeChange/deleteVirtualPrivateGatewayGroupView/getVirtualPrivateGatewayGroupDetail
          View/getVirtualPrivateGatewayGroupList          		VirtualPrivateGatewayGroupVirtualPrivateGatewayGroupDelete virtual private gateway group
          ChangeChange/manageVPCPeeringRequestView/getVPCPeeringList
          View/getVPCDetail
          Change/deleteVPCPeering          		VPCVPCPeeringManages VPC peering request
          ChangeChange/setNATGatewayMemoView/getNATGatewayDetail
          View/getNATGatewayList          		NATGatewayNATGatewayEdits NAT Gateway memo
          ChangeChange/setNetworkACLDenyAllowGroupMemoView/getNetworkACLDenyAllowGroupList
          View/getNetworkACLDenyAllowGroupDetail          		NetworkACLDenyAllowGroupNetworkACLDenyAllowGroupEdits NACL Deny-Allow group memo
          ChangeChange/setNetworkACLMemoView/getNetworkACLList
          View/getNetworkACLDetail          		NetworkACLNetworkACLEdits network ACL memo
          ChangeChange/setRouteTableMemoView/getRouteTableList
          View/getRouteTableDetail          		RouteTableRouteTableEdits route table memo
          ChangeChange/setSubnetNetworkACLView/getSubnetList
          View/getSubnetDetail
          View/getNetworkACLList
          View/getNetworkACLDetail          		SubnetSubnetChanges subnet's network ACL
          ChangeChange/setVPCPeeringMemoView/getVPCPeeringDetail
          View/getVPCPeeringList          		VPCPeeringVPCPeeringEdits VPC peering memo
          ChangeChange/setVirtualPrivateGatewayMemoView/getVirtualPrivateGatewayDetail
          View/getVirtualPrivateGatewayList          		VirtualPrivateGatewayVirtualPrivateGatewayEdits virtual private gateway memo
          ChangeChange/updateNetworkACLRuleView/getNetworkACLDenyAllowGroupList
          View/getNetworkACLDenyAllowGroupDetail
          View/getNetworkACLList
          View/getNetworkACLDetail          		NetworkACLNetworkACLSets network ACL rules
          ChangeChange/updateOnPremiseGatewayRouteView/getOnPremiseGatewayDetail
          View/getOnPremiseGatewayList          		OnPremiseGatewayOnPremiseGatewaySets on-premise gateway's route table rules
          ChangeChange/updateRouteTableRuleView/getRouteTableList
          View/getRouteTableDetail          		RouteTableRouteTableSets route table rules
          ChangeChange/updateRouteTableSubnetView/getSubnetList
          View/getRouteTableList
          View/getRouteTableDetail
          View/getSubnetDetail          		RouteTableRouteTableSet route table's related subnet
          ChangeChange/updateVirtualPrivateGatewayDescrtiptionView/getVirtualPrivateGatewayDetail
          View/getVirtualPrivateGatewayList          		VirtualPrivateGatewayVirtualPrivateGatewayEdits virtual private gateway memo
          ChangeChange/updateVirtualPrivateGatewayGroupView/getVirtualPrivateGatewayDetail
          View/getVirtualPrivateGatewayGroupDetail
          View/getVirtualPrivateGatewayGroupList          		VirtualPrivateGatewayGroupVirtualPrivateGatewayGroupEdits virtual private gateway group settings
          Change/createEndpointRouteTableView/getVPCList
          View/getVPCDetail          		-EndpointRouteTableCreates Endpoint Route Table
          Change/deleteEndpointRouteTableView/getEndpointRouteTableList
          View/getEndpointRouteTableDetail          		EndpointRouteTableEndpointRouteTableDelete Endpoint Route Table
          Change/updateEndpointRouteTableRule-EndpointRouteTableEndpointRouteTableEdits Endpoint Route Table's route settings
          Change/updateEndpointRouteTableEndpoint-EndpointRouteTableEndpointRouteTableEdits Endpoint Route Table's related endpoint settings
          Change/updateEndpointRouteTableDescriptionView/getEndpointRouteTableList
          View/getEndpointRouteTableDetail          		EndpointRouteTableEndpointRouteTableEdits Endpoint Route Table memo
          Change/createServiceFunctionChainView/getVPCList
          View/getVPCDetail
          View/getServerInstanceList
          View/getServerInstanceDetail
          View/getLoadBalancerInstanceList
          View/getLoadBalancerInstanceDetail
          View/getTransitVpcConnectList
          View/getTransitVpcConnectDetail
          View/getVirtualPrivateGatewayList
          View/getVirtualPrivateGatewayDetail
          View/getNetworkInterfaceList
          View/getNetworkInterfaceDetail          		-ServiceFunctionChainCreates Service Function Chain
          Change/deleteServiceFunctionChainView/getServiceFunctionChainList
          View/getServiceFunctionChainDetail          		ServiceFunctionChainServiceFunctionChainDelete Service Function Chain
          Change/updateServiceFunctionChainView/getVPCList
          View/getVPCDetail
          View/getServerInstanceList
          View/getServerInstanceDetail
          View/getLoadBalancerInstanceList
          View/getLoadBalancerInstanceDetail
          View/getTransitVpcConnectList
          View/getTransitVpcConnectDetail
          View/getVirtualPrivateGatewayList
          View/getVirtualPrivateGatewayDetail
          View/getNetworkInterfaceList
          View/getNetworkInterfaceDetail          		ServiceFunctionChainServiceFunctionChainEdits Service Function Chain
          Change/updateServiceFunctionChainDescriptionView/getServiceFunctionChainList
          View/getServiceFunctionChainDetail          		ServiceFunctionChainServiceFunctionChainEdits Service Function Chain memo
          Change/createTransitVpcConnectView/getVPCList
          View/getVPCDetail          		TransitVpcConnectCreates Transit VPC Connect
          Change/deleteTransitVpcConnectView/getTransitVpcConnectList
          View/getTransitVpcConnectDetail          		TransitVpcConnectTransitVpcConnectDelete Transit VPC Connect
          Change/updateTransitVpcConnectDescriptionView/getTransitVpcConnectList
          View/getTransitVpcConnectDetail          		TransitVpcConnectTransitVpcConnectEdits Transit VPC Connect
          Change/updatePublicIPLinkView/getVPCList
          View/getVPCDetail
          View/getPublicIPInstanceList
          View/getPublicIPDetail          		VPCServer:PublicIPPublicIPEdits public IP's transit VPC connection settings
          Caution

          Even when you are granted permission for a specific action, you won't be able to perform the task properly unless you are also granted permission for the required related actions. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. Use care when setting permissions.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout