- Print
- PDF
Managing SSL VPN Permissions
- Print
- PDF
Available in VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for SSL VPN. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, see the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, as well as the Sub Account guide.
System managed policies
System Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once System Managed policies are granted to a sub account created in Sub Account that sub account can use SSL VPN. The following is a brief description about System Managed policies of SSL VPN.
Policy name | Policy description |
---|---|
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal |
NCP_VPC_SSLVPN_MANAGER | Permission to use all the features in VPC-based SSL VPN |
NCP_VPC_SSLVPN_VIEWER | Permission to only view items and their details in VPC-based SSL VPN |
User Created policies
User-defined policies are policies that users may directly create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations.
The following is a brief description about user created policies.
Type | Action name | Related action(s) | Resource type | Group by resource type | Action description |
---|---|---|---|---|---|
View | View/getSSLVPNList | - | - | SSLVPN | View SSLVPN list |
View | View/getSSLVPNDetail | View/getSSLVPNList | SSLVPN | SSLVPN | View SSLVPN details |
View | View/getVPCList | - | - | VPC | View VPC list to create SSLVPN |
View | View/getVPCDetail | View/getVPCList | VPC | VPC | View VPC details to create SSLVPN |
Change | Change/createSSLVPN | View/getVPCList View/getVPCDetail View/getSSLVPNList | - | SSLVPN | Create SSLVPN |
Change | Change/deleteSSLVPN | View/getSSLVPNList View/getSSLVPNDetail | SSLVPN | SSLVPN | Delete SSLVPN |
Change | Change/updateSSLVPNSpec | View/getSSLVPNList View/getSSLVPNDetail | SSLVPN | SSLVPN | Edit SSLVPN |
Change | Change/updateSSLVPNDescription | View/getSSLVPNList View/getSSLVPNDetail | SSLVPN | SSLVPN | Change SSLVPN memo |
Change | Change/manageSSLVPNUser | View/getSSLVPNList View/getSSLVPNDetail | SSLVPN | SSLVPN | Edit SSLVPN user information |
Change | Change/manageSSLVPNUserConfiguration | Change/manageSSLVPNUser | SSLVPNUser | SSLVPNUser | Edit SSLVPN user access information |
Change | Change/createSSLVPNUserConfiguration | Change/manageSSLVPNUser | SSLVPN | SSLVPNUser | Add SSLVPN user access information |
Change | Change/updateSSLVPNAuthlog | Change/updateSSLVPNSpec | SSLVPN | SSLVPN | CLA connection for collecting Authlog |
Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and does not forcibly include them. Thus, be careful when setting permissions.