Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for RAG service. Sub Account provides system-managed policies and user-defined policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription. For more information on Sub Account, see the Service > Management & Governance > Sub Account menus of NAVER Cloud Platform and the Sub Account user guides.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account that sub account can use RAG service. The following is a brief description of the System Managed policies of the RAG service.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services with the same scope as the main account |
| NCP_INFRA_MANAGER | Permission to access all services, except the My Account > Billing information and cost management > Billing and payment management menu in the console, which is restricted. |
| NCP_FINANCE_MANAGER | Permission to access only the Cost Explorer service and the My Account > Billing information and cost management > Billing and payment management menu in the console. |
| NCP_RAG_VIEWER | Permission to only use the view feature of RAG service |
| NCP_RAG_MANAGER | Permission to use the full feature sets in RAG service |
User-defined policy
User-defined policies are policies that users can create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description on the user-defined policy of RAG service:
| Type | Action name | Related action | Action group | Action description |
|---|---|---|---|---|
| View | Vew/getBucketList | - | - | View bucket list. |
| View | Vew/getObjectList | View/getBucketList | - | View buckets files. |
| Change | Change/createService | - | Service | Create a service. |
| Change | Change/deleteService |
|
Service | Delete a service. |
| Change | Change/updateService |
|
Service | Modify a service. |
| View | View/getServiceList | - | Service | View the service list. |
| View | Vew/getServiceDetail | View/getServiceList | Service | View service details. |
| View | View/getApiKeyList | - | ApiKey | View API key list. |
| Change | Change/createApiKey | View/getApiKeyList | ApiKey | Create an API key. |
| Change | Change/deleteApiKey | View/getApiKeyList | ApiKey | Delete an API key. |
| Change | Change/subscribeProduct | - | Product | Manage subscriptions for RAG. |
Even when you are granted permission for a specific action, if you are not also granted permission for the related actions that are required, you will not be able to perform tasks properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, the system will determine that it was done intentionally by the main account user and will not forcibly include them. Therefore, be careful when setting permissions.