Managing Security Monitoring permissions
- Print
- PDF
Managing Security Monitoring permissions
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in Classic
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Security Monitoring. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Note
Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use Security Monitoring. The following is a brief description about System Managed policies of Security Monitoring.
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
| NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
| NCP_SECURITY_MONITORING_MANAGER | Permission to use all the features in Security Monitoring |
| NCP_SECURITY_MONITORING_VIEWER | Permission to only use the View list and Search features in Security Monitoring |
User Created policies
User Created policies are policies that users can create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Security Monitoring.
| Type | Action name | Related action(s) | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getIDSList | - | - | - | View IDS security event list. |
| View | View/getIDSEventDetail | View/getIDSList | - | - | View IDS security event details. |
| View | View/getAVList | - | - | - | View anti-virus security event list. |
| View | View/getDDoSList | - | - | - | View anti-DDoS security event list. |
| View | View/getDDoSEventDetail | View/getDDoSList | - | - | View anti-DDoS security event details. |
| View | View/getWAFList | - | - | - | View WAF security event list. |
| View | View/getWAFEventDetail | View/getWAFList | - | - | View WAF security event details. |
| View | View/getIPSList | - | - | - | View IPS security event list. |
| View | View/getNotificationSetting | - | - | - | View notification recipient settings list. |
| Change | Change/requestIDSEventExcept | View/getIDSList View/getIDSEventDetail | - | - | Request IDS security event exception. |
| Change | Change/requestAVEventExcept | View/getAVList | - | - | Request anti-virus security event exception. |
| Change | Change/requestDDoSEventExcept | View/getDDoSList View/getDDoSEventDetail | - | - | Request anti-DDoS security event exception. |
| Change | Change/requestWAFEventExcept | View/getWAFList View/getWAFEventDetai | - | - | Request WAF security event exception. |
| Change | Change/requestIPSEventExcept | View/getIPSList | - | - | Request IPS security event exception. |
| Change | Change/manageNotificationSetting | View/getNotificationSetting | - | - | Manage notification recipient settings. |
| Change | Change/subscribeProduct | - | - | - | Request subscription to Security Monitoring. |
Caution
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be careful when setting permissions.
Was this article helpful?