- Print
- PDF
Managing Ncloud Single Sign-On permissions
- Print
- PDF
Available in Classic and VPC
By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Ncloud Single Sign-On. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.
Sub Account is a free service provided upon subscription request without additional charge. For more details about Sub Account, see Service > Management & Governance > Sub Account menu in NAVER Cloud Platform portal, as well as the Sub Account User Guide.
System-managed policies
System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account, that sub account can use Ncloud Single Sign-On. The following is a brief description of the system-managed policies of Ncloud Single Sign-On.
Policy name | Policy description |
---|---|
NCP_ADMINISTRATOR | Permission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts |
NCP_INFRA_MANAGER | Permission to use all services in NAVER Cloud Platform and access My page > Manage notifications in the portal |
NCP_SINGLE_SIGN_ON_MANAGER | Permission to use all features of Ncloud Single Sign-On |
NCP_SINGLE_SIGN_ON_VIEWER | Permission to only use the View list and Search features in Ncloud Single Sign-On |
User-defined policies
User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-created policies of Ncloud Single Sign-On.
Classification | Action name | Related action(s) | Resource type | Group | Action description |
---|---|---|---|---|---|
View | view/getApplicationList | - | - | Application | Check the application list |
View | view/getApplicationDetail | view/getApplicationList | Application | Application | Check application details |
View | view/accessApplication | - | Application | Application | Log into application with Sub Account |
Change | change/createApplication | - | - | Application | Create a new application |
Change | change/updateApplication | view/getApplicationList view/getApplicationDetail | Application | Application | Edit registered applications |
Change | change/deleteApplication | view/getApplicationList view/getApplicationDetail | Application | Application | Deletes registered applications |
View | view/getConsentStatus | - | - | Consent Status | Check the consent list |
Change | change/createTenant | - | - | Tenant | Create tenants |
Change | change/updateTenant | - | Tenant | Tenant | Edit a tenant |
Change | change/deleteTenant | - | Tenant | Tenant | Delete a tenant |
Change | change/updateOrganizationEnable | - | Tenant | Tenant | Change whether to integrate with Organization |
Change | change/manageExternalIDP | - | Tenant | Tenant | Change the status of the external IdP |
Change | change/updateLoginSetting | - | Tenant | Tenant | Edit login settings |
View | view/getAttributeMapper | - | Tenant | Tenant | Check user profile settings |
Change | change/updateAttributeMapper | - | Tenant | Tenant | Edit user profile settings |
View | view/getUserList | - | - | User | View user list |
View | view/getUserDetail | view/getUserList | User | User | View user details |
Change | change/createUser | view/getUserList view/getUserDetail | - | User | Create users |
Change | change/updateUser | view/getUserList view/getUserDetail | User | User | Edit user information |
Change | change/deleteUser | view/getUserList view/getUserDetail | User | User | Delete users |
Change | change/changeUserStatus | view/getUserList view/getUserDetail | User | User | Change user status |
Change | change/addUserToGroup | view/getUserList view/getUserDetail view/getGroupList view/getGroupDetail change/updateUser | User | User | Assign users to the group |
Change | change/removeUserFromGroup | view/getUserList view/getUserDetail view/getGroupList view/getGroupDetail change/updateUser | User | User | Remove users from the group |
Change | change/manageUserAllowSourceSetting | view/getUserList view/getUserDetail change/updateUser | User | User | Check and change the source IP that can access the console or API |
Change | change/expireActiveSession | view/getUserList view/getUserDetail change/updateUser | User | User | Remove active sessions of the user |
Change | change/removeUserFromAssignment | view/getUserList view/getUserDetail change/updateUser view/getAssignmentList view/getAssignmentDetail | User | User | Remove users from Assignment |
View | view/getGroupList | - | - | Group | View the group list |
View | view/getGroupDetail | view/getGroupList | Group | Group | View group details |
Change | change/createGroup | view/getGroupList view/getGroupDetail | - | Group | Create a group |
Change | change/updateGroup | view/getGroupList view/getGroupDetail | Group | Group | Edit group information |
Change | change/deleteGroup | view/getGroupList view/getGroupDetail | Group | Group | Delete a group |
Change | change/addUserToGroup | view/getUserList view/getUserDetail view/getGroupList view/getGroupDetail change/updateGroup | Group | Group | Assign users to the group |
Change | change/removeUserFromGroup | view/getUserList view/getUserDetail view/getGroupList view/getGroupDetail change/updateGroup | Group | Group | Remove users from the group |
Change | change/removeGroupFromAssignment | view/getGroupList view/getGroupDetail change/updateGroup view/getAssignmentList view/getAssignmentDetail | Group | Group | Remove Assignment from the group |
View | view/getPermissionSetList | - | - | Permission Set | View the Permission Set list |
View | view/getPermissionSetDetail | view/getPermissionSetList | Permission Set | Permission Set | View Permission Set details |
Change | change/createPermissionSet | view/getPermissionSetList view/getPermissionSetDetail | - | Permission Set | Create Permission Set |
Change | change/updatePermissionSet | view/getPermissionSetList view/getPermissionSetDetail | Permission Set | Permission Set | Edit Permission Set |
Change | change/deletePermissionSet | view/getPermissionSetList view/getPermissionSetDetail | Permission Set | Permission Set | Delete Permission Set |
Change | change/removePermissionSetPolicy | view/getPermissionSetList view/getPermissionSetDetail change/updatePermissionSet | Permission Set | Permission Set | Remove managed and user-defined policies assigned to a Permission Set |
View | view/getAssignmentList | - | - | Assignment | View the assignment list |
View | view/getAssignmentDetail | view/getAssignmentList | Assignment | Assignment | View Assignment details |
Change | change/createAssignment | view/getAssignmentList view/getAssignmentDetail | - | Assignment | Create Assignment |
Change | change/updateAssignment | view/getAssignmentList view/getAssignmentDetail | Assignment | Assignment | Edit Assignment |
Change | change/deleteAssignment | view/getAssignmentList view/getAssignmentDetail | Assignment | Assignment | Delete Assignment |
Change | change/changeStatusAssignment | view/getAssignmentList view/getAAssignmentDetail | Assignment | Assignment | Change assignment status |
Change | change/assignTargetToAssignment | View/getAssignmentList View/getAssignmentDetail Change/updateAssignment View/getUserList View/getUserDetail View/getGroupList View/getGroupDetail View/getIPACLList View/getIPACLDetail | Assignment | Assignment | Assign a user/group and IP ACL to an assignment |
Change | change/removeTargetFromAssignment | View/getAssignmentList View/getAssignmentDetail Change/updateAssignment View/getUserList View/getUserDetail View/getGroupList View/getGroupDetail View/getIPACLList View/getIPACLDetail | Assignment | Assignment | Remove a user/group and IP ACL from an assignment |
Change | Change/createIPACL | View/getIPACLList View/getIPACLDetail | IP ACL | IP ACL | Create IP ACL. |
Change | Change/updateIPACL | View/getIPACLList View/getIPACLDetail | IP ACL | IP ACL | Edit an IP ACL. |
Change | Change/deleteIPACL | View/getIPACLList View/getIPACLDetail | IP ACL | IP ACL | Delete an IP ACL. |
View | View/getIPACLList | - | - | IP ACL | View the IP ACL list. |
View | View/getIPACLDetail | View/getIPACLList | IP ACL | IP ACL | View IP ACL details. |
Even when you are granted permission for a specific action, you won't be able to perform the task properly unless you are also granted permission for the required related actions. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. Use care when setting permissions.