Available in VPC
You can set different access permissions for Search Engine Service using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Search Engine Service. Here are the available system-managed policies for Search Engine Service:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, same as the main account |
| NCP_INFRA_MANAGER | Access to all services, except My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_FINANCE_MANAGER | Access limited to the Cost Explorer services and My Account > Manage Billing Information and Payment > Manage Billing and Payment on the console |
| NCP_VPC_SEARCH_ENGINE_SERVICE_MANAGER | Full access to all Search Engine Service features |
| NCP_VPC_SEARCH_ENGINE_SERVICE_VIEWER | View-only access to all Search Engine Service features and lists |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Search Engine Service:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
|---|---|---|---|---|---|
| View | View/getBucketList | - | - | View | View the list of buckets |
| View | View/getClusterACGDetail | - | Cluster | View | View ACG detailed list |
| View | View/getClusterNodeList | View/getClusterDetail View/getClusterList |
Cluster | View | Check cluster data node information |
| View | View/getClusterDetail | View/getClusterList | Cluster | View | Check cluster details |
| View | View/getClusterList | - | - | View | View cluster list |
| View | View/getDataImportHistory | View/getClusterDetail View/getClusterList |
Cluster | View | Check cluster data import history |
| View | View/getSearchEngineClusterMonitor | View/getClusterDetail View/getClusterList View/getClusterNodeList |
Cluster | View | Check cluster monitoring information |
| View | View/getLoginKeyList | - | - | View | View authentication key list |
| View | View/getObjectList | View/getBucketList | ObjectStorage:Bucket | View | Check the list and details of the objects in the bucket |
| View | View/getSnapshotHistory | View/getClusterDetail View/getClusterList |
Cluster | View | Check cluster snapshot history |
| View | View/getSnapshotSchedulingHistory | View/getBucketList View/getClusterDetail View/getClusterList View/getSnapshotHistory |
Cluster | Change | View snapshot schedule creation history |
| View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | View | View subnet detailed list |
| View | View/getSubnetList | - | - | View | View subnet list |
| View | View/getVPCDetail | View/getVPCList | VPC:VPC | View | View VPC detailed list |
| View | View/getVPCList | - | - | View | View VPC list |
| View | View/getNodeSpecDetail | View/getClusterDetail View/getClusterList |
Cluster | View | View cluster changeable specifications |
| View | View/rollingUpgradePreCheck | View/getClusterDetail View/getClusterList |
Cluster | View | Check the feasibility and status of a rolling upgrade |
| View | View/getRollingUpgradeProgress | View/getClusterDetail View/getClusterList |
Cluster | View | View the status of a rolling upgrade |
| Change | Change/changeCountOfDataNode | View/getClusterDetail View/getClusterList |
Cluster | Change | Add node to cluster |
| Change | Change/createDataImportJob | View/getBucketList View/getDataImportHistory View/getClusterDetail View/getClusterList View/getObjectList |
Cluster | Change | Execute data import |
| Change | Change/createSearchEngineCluster | View/getSubnetList View/getLoginKeyList View/getSubnetDetail View/getClusterList View/getVPCDetail View/getVPCList |
- | Change | Create cluster |
| Change | Change/createLoginKey | - | - | Change | Create cluster access authentication key |
| Change | Change/createSnapshot | View/getBucketList ObjectStorage:Change/writeObject View/getClusterDetail View/getClusterList View/getSnapshotHistory |
Cluster | Change | Create snapshot of cluster |
| Change | Change/deleteSearcnEngineCluster | View/getClusterDetail View/getClusterList |
Cluster | Change | Delete cluster |
| Change | Change/manageLoginKey | View/getLoginKeyList View/getClusterDetail View/getClusterList |
- | Change | Manage cluster access authentication key |
| Change | Change/releaseSnapshotScheduling | View/getClusterDetail View/getClusterList View/getSnapshotSchedulingHistory View/getSnapshotHistory View/getBucketList |
Cluster | Change | Remove snapshot scheduling settings |
| Change | Change/resetSearchEngineUserPassword | View/getClusterDetail View/getClusterList |
Cluster | Change | Change Search Engine access password |
| Change | Change/restartSearchEngineCluster | View/getClusterDetail View/getClusterList |
Cluster | Change | Restart cluster |
| Change | Change/setSnapshotScheduling | View/getBucketList Change/createSnapshot View/getClusterDetail View/getClusterList View/getSnapshotSchedulingHistory View/getSnapshotHistory View/getBucketList |
Cluster | Change | Set snapshot scheduling |
| Change | Change/stopDataImportJob | View/getDataImportHistory View/getClusterDetail View/getClusterList |
Cluster | Change | Stop data import task. |
| Change | Change/updateAPIAuthenticationKey | View/getClusterDetail View/getClusterList View/getSnapshotHistory |
Cluster | Change | Set API authentication key to cluster for accessing Object Storage |
| Change | Change/changSpecOfNode | View/getClusterDetail View/getClusterList View/getNodeSpecDetail |
Cluster | Change | Change cluster node specifications |
| Change | Change/rollingUpgradeCluster | View/getClusterDetail View/getClusterList View/getRollingUpgradeProgress View/rollingUpgradePreCheck |
Cluster | Change | Sequentially upgrade the versions of applications in the cluster |
| Change | Change/setHotWarmNode | View/getClusterDetail View/getClusterList View/getClusterNodeList |
Cluster | Change | Configure the node type (Hot-Warm) of the cluster |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.