Ncloud Single Sign-On permissions management
    • PDF

    Ncloud Single Sign-On permissions management

    • PDF

    Article summary

    Available in Classic and VPC

    By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Ncloud Single Sign-On. Sub Account provides system managed policies and user created policies for setting management and administration permissions.

    Note

    Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, see Service > Management & Governance > Sub Account on the NAVER Cloud Platform console or see Sub Account user guide.

    System-managed policies

    System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Ncloud Single Sign-On. The following is a brief description of the system-managed policies of Ncloud Single Sign-On.

    Policy namePolicy description
    NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
    NCP_INFRA_MANAGERPermission to use all services in NAVER Cloud Platform and access My Page > Manage notifications in the portal
    NCP_SINGLE_SIGN_ON_MANAGERPermission to use the full Ncloud Single Sign-On feature sets
    NCP_SINGLE_SIGN_ON_VIEWERPermission to only use the View list and Search features in Ncloud Single Sign-On

    User-defined policies

    User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-defined policies of Ncloud Single Sign-On.

    TypeAction nameRelated actionResource typeGroupAction description
    Viewview/getApplicationListview/getTenantDetail-ApplicationCheck application list
    Viewview/getApplicationDetailview/getApplicationListApplicationApplicationCheck application details
    Viewview/accessApplication-ApplicationApplicationLog into application with Sub Account
    Changechange/createApplication--ApplicationCreate a new Application
    Changechange/updateApplicationview/getApplicationList
    view/getApplicationDetail
    ApplicationApplicationEdit registered Applications
    Changechange/deleteApplicationview/getApplicationList
    view/getApplicationDetail
    ApplicationApplicationDelete registered Applications
    Viewview/getConsentStatusListview/getTenantDetail-Consent StatusCheck the consent list
    Viewview/getConsentStatusDetailview/getTenantDetail, view/getConsentStatusList-Consent StatusCheck the consent history
    Changechange/createTenant--TenantCreate a Tenant
    Changechange/updateTenantview/getTenantDetailTenantTenantEdit a Tenant
    Changechange/deleteTenantview/getTenantDetailTenantTenantDelete a Tenant
    Changechange/updateOrganizationEnableview/getTenantDetailTenantTenantChange whether to integrate with Organization
    Changechange/manageExternalIDPview/getTenantDetailTenantTenantChange the status of the External IdP
    Changechange/updateLoginSettingview/getTenantDetailTenantTenantEdit login settings
    Viewview/getAttributeMapperview/getTenantDetailTenantTenantCheck user profile settings
    Viewview/getAccountList-TenantTenantView Organization account list
    Viewview/getPolicyList-TenantTenantView PermissionSet policy list
    Viewview/getTenantDetail-TenantTenantView Tenant
    Viewview/getServiceProviderDataDetailview/getTenantDetailTenantTenantView Service Provider Metadata
    Changechange/updateAttributeMapperview/getTenantDetailTenantTenantEdit user profile settings
    Viewview/getUserListview/getTenantDetail-UserView User list
    Viewview/getUserDetailview/getUserListUserUserView User details
    Changechange/createUserview/getUserList
    view/getUserDetail
    -UserCreate Users
    Changechange/updateUserview/getUserList
    view/getUserDetail
    UserUserEdit User information
    Changechange/deleteUserview/getUserList
    view/getUserDetail
    UserUserDelete Users
    Changechange/changeUserStatusview/getUserList
    view/getUserDetail
    UserUserChange User status
    Changechange/addUserToGroupview/getUserList
    view/getUserDetail
    view/getGroupList
    view/getGroupDetail
    change/updateUser
    UserUserAssign Users to the group
    Changechange/removeUserFromGroupview/getUserList
    view/getUserDetail
    view/getGroupList
    view/getGroupDetail
    change/updateUser
    UserUserRemove Users from the group
    Changechange/manageUserAllowSourceSettingview/getUserList
    view/getUserDetail
    change/updateUser
    UserUserCheck and change the Source IP that can access the console or API
    Changechange/expireActiveSessionview/getUserList
    view/getUserDetail
    change/updateUser
    UserUserRemove Active Sessions of the User
    Changechange/removeUserFromAssignmentview/getUserList
    view/getUserDetail
    change/updateUser
    view/getAssignmentList
    view/getAssignmentDetail
    UserUserRemove Users from Assignment
    Viewview/getGroupListview/getTenantDetail-GroupView the Group list
    Viewview/getGroupDetailview/getGroupListGroupGroupView Group details
    Changechange/createGroupview/getGroupList
    view/getGroupDetail
    -GroupCreate a Group
    Changechange/updateGroupview/getGroupList
    view/getGroupDetail
    GroupGroupEdit Group information
    Changechange/deleteGroupview/getGroupList
    view/getGroupDetail
    GroupGroupDelete a Group
    Changechange/addUserToGroupview/getUserList
    view/getUserDetail
    view/getGroupList
    view/getGroupDetail
    change/updateGroup
    GroupGroupAssign Users to the group
    Changechange/removeUserFromGroupview/getUserList
    view/getUserDetail
    view/getGroupList
    view/getGroupDetail
    change/updateGroup
    GroupGroupRemove Users from the group
    Changechange/removeGroupFromAssignmentview/getGroupList
    view/getGroupDetail
    change/updateGroup
    view/getAssignmentList
    view/getAssignmentDetail
    GroupGroupRemove Assignment from the Group
    Viewview/getPermissionSetListview/getTenantDetail-Permission SetView the Permission Set list
    Viewview/getPermissionSetDetailview/getPermissionSetListPermission SetPermission SetView Permission Set details
    Changechange/createPermissionSetview/getPermissionSetList
    view/getPermissionSetDetail
    -Permission SetCreate Permission Set
    Changechange/updatePermissionSetview/getPermissionSetList
    view/getPermissionSetDetail
    Permission SetPermission SetEdit Permission Set
    Changechange/deletePermissionSetview/getPermissionSetList
    view/getPermissionSetDetail
    Permission SetPermission SetDelete Permission Set
    Changechange/removePermissionSetPolicyview/getPermissionSetList
    view/getPermissionSetDetail
    change/updatePermissionSet
    Permission SetPermission SetRemove managed and user-defined policies assigned to a Permission Set
    Viewview/getAssignmentListview/getTenantDetail-AssignmentView the Assignment list
    Viewview/getAssignmentDetailview/getAssignmentListAssignmentAssignmentView Assignment details
    Changechange/createAssignmentview/getAssignmentList
    view/getAssignmentDetail -
    AssignmentCreate Assignment
    Changechange/updateAssignmentview/getAssignmentList
    view/getAssignmentDetail
    AssignmentAssignmentEdit Assignment
    Changechange/deleteAssignmentview/getAssignmentList
    view/getAssignmentDetail
    AssignmentAssignmentDelete Assignment
    Changechange/changeStatusAssignmentview/getAssignmentList
    view/getAAssignmentDetail
    AssignmentAssignmentChange Assignment status
    Changechange/assignTargetToAssignmentView/getAssignmentList
    View/getAssignmentDetail
    Change/updateAssignment
    View/getUserList
    View/getUserDetail
    View/getGroupList
    View/getGroupDetail
    View/getIPACLList
    View/getIPACLDetail
    AssignmentAssignmentAssign a User/Group and IP ACL to an Assignment
    Changechange/removeTargetFromAssignmentView/getAssignmentList
    View/getAssignmentDetail
    Change/updateAssignment
    View/getUserList
    View/getUserDetail
    View/getGroupList
    View/getGroupDetail
    View/getIPACLList
    View/getIPACLDetail
    AssignmentAssignmentRemove a User/Group and IP ACL from an Assignment
    ChangeChange/createIPACLView/getIPACLList
    View/getIPACLDetail
    IP ACLIP ACLCreate IP ACL
    ChangeChange/updateIPACLView/getIPACLList
    View/getIPACLDetail
    IP ACLIP ACLEdit IP ACL
    ChangeChange/deleteIPACLView/getIPACLList
    View/getIPACLDetail
    IP ACLIP ACLDelete IP ACL
    ViewView/getIPACLListview/getTenantDetail-IP ACLView IP ACL list
    ViewView/getIPACLDetailView/getIPACLListIP ACLIP ACLView IP ACL details
    ViewChange/addIPACLToAssignmentView/getIPACLList
    View/getIPACLDetail
    View/getAssignmentList
    View/getAssignmentDetail
    Change/updateIPACL
    IPACLIPACLAdd IPACL to Assignment
    ViewChange/removeIPACLFromAssignmentView/getIPACLList
    View/getIPACLDetail
    View/getAssignmentList
    View/getAssignmentDetail
    Change/updateIPACL
    IP ACLIP ACLRemove IP ACL from Assignment
    ViewChange/addMFADeviceView/getUserList
    View/getuserDetail
    Change/updateUser
    UserUserAdd the User's MFA Device
    ViewChange/deleteMFADeviceView/getUserList
    View/getuserDetail
    Change/updateUser
    UserUserDelete the User's MFA Device
    Caution

    Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, you will not be able to perform tasks properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and will not forcibly include them. Therefore, use caution when setting permissions.


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.