Managing Object Storage permissions
    • PDF

    Managing Object Storage permissions

    • PDF

    Article summary

    Available in Classic and VPC

    By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Object Storage. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

    Note

    Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, and Sub Account Guide.

    Managed policies

    Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once managed policies are granted to a sub account created in Sub Account, that sub account can use Object Storage. The following is a brief description about the managed policies of Object Storage.

    Policy namePolicy description
    NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
    NCP_INFRA_MANAGERPermission to use all services in NAVER Cloud Platform but with restricted access to some features (Manage usage, payment management) of My Page in the portal
    NCP_OBJECT_STORAGE_VIEWERPermission to only use the view list and view features in Object Storage
    NCP_OBJECT_STORAGE_MANAGERPermission to use all features in Object Storage (However, -related permissions cannot be granted to other accounts.)

    User Created policies

    User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Object Storage.

    TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
    ViewView/getBucketList--BucketView bucket list
    ViewView/getObjectListView/getBucketListBucketBucketGet the list of files in the bucket and view bucket details
    ViewView/getMultipartUploadListView/getBucketListBucketBucketView the list of ongoing multi-part uploads in the bucket.
    ViewView/getBucketCORSList-BucketBucketView bucket CORS
    ViewView/getAccessLogListView/getBucketListBucketBucketView the content of bucket's access log setting
    ViewView/getLifeCyclePolicyList--LifeCyclePolicyGet the list of bucket's lifecycle policies
    ViewView/getBucketWebsiteView/getBucketListBucketBucketView bucket website settings
    ViewView/getBucketEventListView/getBucketListBucketBucketView bucket event list
    ViewView/getCloudFunctionsTriggerList--BucketView the list of Cloud Functions trigger.
    ViewView/getCloudFunctionsActionList--BucketView the list of Cloud Functions actions.
    ViewView/getBucketMetricFilterList--BucketView the detailed monitoring policy list of the bucket
    ChangeChange/writeObjectView/getBucketList
    View/getObjectList
    BucketBucketCreate and modify bucket object
    ChangeChange/createBucketView/getBucketList-BucketCreate bucket
    ChangeChange/deleteBucketView/getBucketListBucketBucketDelete bucket
    ChangeChange/changeBucketCORS-BucketBucketEdit bucket CORS
    ChangeChange/deleteBucketCORS-BucketBucketDelete bucket CORS
    ChangeChange/changeAccessLogView/getBucketList
    View/getAccessLogList
    BucketBucketEdit bucket's access log setting
    ChangeChange/createLifeCyclePolicyView/getBucketList
    View/getObjectList
    Change/writeObject
    View/getLifeCyclePolicyList
    -LifeCyclePolicyCreate a bucket's lifecycle policy
    ChangeChange/deleteLifeCyclePolicyView/getLifeCyclePolicyList-LifeCyclePolicyDelete a bucket's lifecycle policy
    ChangeChange/changeLifeCyclePolicyStatusView/getObjectList
    Change/writeObject
    View/getLifeCyclePolicyList
    -LifeCyclePolicyChange a bucket's lifecycle policy
    ChangeChange/changeBucketWebsiteView/getBucketList
    View/getBucketWebsite
    BucketBucketEdit bucket website settings
    ChangeChange/deleteBucketWebsiteView/getBucketList
    View/getBucketWebsite
    BucketBucketDelete bucket website settings
    ChangeChange/createCloudFunctionsTriggerView/getCloudFunctionsTriggerList-BucketCreate Cloud Functions triggers.
    ChangeChange/changeCloudFunctionsTrigger--BucketEdit the Cloud Functions trigger information.
    ChangeChange/createBucketEventView/getBucketList
    View/getBucketEventList
    View/getCloudFunctionsActionList
    View/getCloudFunctionsTriggerList
    Change/changeCloudFunctionsTrigger
    BucketBucketCreate bucket event
    ChangeChange/deleteBucketEventView/getBucketList
    View/getBucketEventList
    Change/changeCloudFunctionsTrigger
    BucketBucketDelete bucket event
    ChangeChange/changeBucketEventView/getBucketList
    View/getBucketEventList
    View/getCloudFunctionsActionList
    View/getCloudFunctionsTriggerList
    Change/changeCloudFunctionsTrigger
    BucketBucketEdit bucket event
    ChangeChange/subscribeProduct---Request subscription or cancel subscription of Object Storage.
    ChangeChange/sendBucketExtendedMetricData-BucketBucketTransmit the event data of the bucket with the detailed monitoring policy set
    ChangeChange/createBucketMetricFilterChange/sendBucketExtendedMetricData
    View/getBucketList
    View/getBucketMetricFilterList
    -BucketCreate the detailed monitoring policy of the bucket
    ChangeChange/changeBucketMetricFilterView/getBucketMetricFilterListBucketBucketChange the detailed monitoring policy of the bucket.
    ChangeChange/deleteBucketMetricFilterView/getBucketMetricFilterListBucketBucketDelete the detailed monitoring policy of the bucket
    Note

    When making SubAccount permission changes, the changes may not take effect immediately and can take up to 1 minute.

    Caution

    Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be careful when setting permissions.


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.