- Print
- PDF
Managing Search Engine Service permissions
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Search Engine Service. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, refer to the Service > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account Guide.
System Managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account, that sub account can use Search Engine Service. The following is a brief description about System Managed policies of Search Engine Service.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_VPC_SEARCH_ENGINE_SERVICE_MANAGER | Permission to use all features of Search Engine Service. |
NCP_VPC_SEARCH_ENGINE_SERVICE_VIEWER | Permission to only use the View list and Search features in Search Engine Service. |
User Created policies
User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Search Engine Service.
Classification | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getBucketList | - | - | View | Check bucket list |
View | View/getClusterACGDetail | - | Cluster | View | View ACG detailed list |
View | View/getClusterNodeList | View/getClusterDetail View/getClusterList | Cluster | View | Check cluster data node information |
View | View/getClusterDetail | View/getClusterList | Cluster | View | Check cluster details |
View | View/getClusterList | - | - | View | View cluster list |
View | View/getDataImportHistory | View/getClusterDetail View/getClusterList | Cluster | View | Check cluster data import history |
View | View/getSearchEngineClusterMonitor | View/getClusterDetail View/getClusterList View/getClusterNodeList | Cluster | View | Check cluster monitoring information |
View | View/getLoginKeyList | - | - | View | View authentication key list |
View | View/getObjectList | View/getBucketList | ObjectStorage:Bucket | View | Check the list and details of the objects in the bucket |
View | View/getSnapshotHistory | View/getClusterDetail View/getClusterList | Cluster | View | Check cluster snapshot history |
View | View/getSnapshotSchedulingHistory | View/getBucketList View/getClusterDetail View/getClusterList View/getSnapshotHistory | Cluster | Change | View snapshot schedule creation history |
View | View/getSubnetDetail | View/getSubnetList | VPC:Subnet | View | View subnet detailed list |
View | View/getSubnetList | - | - | View | View subnet list |
View | View/getVPCDetail | View/getVPCList | VPC:VPC | View | View VPC detailed list |
View | View/getVPCList | - | - | View | View VPC list |
View | View/getNodeSpecDetail | View/getClusterDetail View/getClusterList | Cluster | View | View cluster changeable specs |
Change | Change/changeCountOfDataNode | View/getClusterDetail View/getClusterList | Cluster | Change | Add node to cluster |
Change | Change/createDataImportJob | View/getBucketList View/getDataImportHistory View/getClusterDetail View/getClusterList View/getObjectList | Cluster | Change | Execute data import |
Change | Change/createSearchEngineCluster | View/getSubnetList View/getLoginKeyList View/getSubnetDetail View/getClusterList View/getVPCDetail View/getVPCList | - | Change | Create cluster |
Change | Change/createLoginKey | - | - | Change | Create cluster access authentication key |
Change | Change/createSnapshot | View/getBucketList ObjectStorage:Change/writeObject View/getClusterDetail View/getClusterList View/getSnapshotHistory | Cluster | Change | Create snapshot of cluster |
Change | Change/deleteSearcnEngineCluster | View/getClusterDetail View/getClusterList | Cluster | Change | Delete cluster |
Change | Change/manageLoginKey | View/getLoginKeyList View/getClusterDetail View/getClusterList | - | Change | Manage cluster access authentication key |
Change | Change/releaseSnapshotScheduling | View/getClusterDetail View/getClusterList View/getSnapshotSchedulingHistory View/getSnapshotHistory | Cluster | Change | Remove snapshot scheduling settings |
Change | Change/resetSearchEngineUserPassword | View/getClusterDetail View/getClusterList | Cluster | Change | Change Search Engine access password |
Change | Change/restartSearcnEngineCluster | View/getClusterDetail View/getClusterList | Cluster | Change | Restart cluster |
Change | Change/setSnapshotScheduling | View/getBucketList Change/createSnapshot View/getClusterDetail View/getClusterList View/getSnapshotSchedulingHistory View/getSnapshotHistory | Cluster | Change | Set snapshot scheduling |
Change | Change/stopDataImportJob | View/getDataImportHistory View/getClusterDetail View/getClusterList | Cluster | Change | Stop data import task. |
Change | Change/updateAPIAuthenticationKey | View/getClusterDetail View/getClusterList View/getSnapshotHistory | Cluster | Change | Set API authentication key to cluster for accessing Object Storage |
Change | Change/changSpecOfNode | View/getClusterDetail View/getClusterList View/getNodeSpecDetail | Cluster | Change | Change cluster node specifications |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.