Available in Classic and VPC
You can set different access permissions for Object Storage using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Object Storage. Here are the available system-managed policies for Object Storage:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, same as the main account. |
| NCP_INFRA_MANAGER | Access to all services, except the My Account > Billing Information & Cost Management > Billing & Payment Management menu on the console. |
| NCP_FINANCE_MANAGER | Access to only Cost Explorer and the My Account > Billing Information & Cost Management > Billing & Payment Management menu on the console. |
| NCP_OBJECT_STORAGE_VIEWER | View-only access to all Object Storage features and lists. |
| NCP_OBJECT_STORAGE_MANAGER | Full access to all Object Storage features, except granting ACL-related permissions to other accounts. |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Object Storage:
| Type | Action | Related action | Resource type | Group by resource type | Action description |
| ---- | ---- | ---- | ---- | ---- | ---- |
| View | View/getBucketList | - | - | Bucket | View bucket list. |
| View | View/getObjectList | View/getBucketList | Bucket | Bucket | View list of files in the bucket and bucket details. |
| View | View/getMultipartUploadList | View/getBucketList | Bucket | Bucket | View the list of ongoing multipart uploads in the bucket. |
| View | View/getBucketCORSList | - | Bucket | Bucket | View bucket CORS. |
| View | View/getAccessLogList | View/getBucketList | Bucket | Bucket | View the content of bucket's access log setting. |
| View | View/getLifeCyclePolicyList | - | - | LifeCyclePolicy | View list of bucket lifecycle policies. |
| View | View/getBucketWebsite | View/getBucketList | Bucket | Bucket | View bucket website settings. |
| View | View/getBucketEventList | View/getBucketList | Bucket | Bucket | View bucket event list. |
| View | View/getCloudFunctionsTriggerList | - | - | Bucket | View the list of Cloud Functions triggers. |
| View | View/getCloudFunctionsActionList | - | - | Bucket | View the list of Cloud Functions actions. |
| View | View/getBucketMetricFilterList | - | - | Bucket | View list of detailed bucket monitoring policies. |
| Change | Change/writeObject | View/getBucketList
View/getObjectList | Bucket | Bucket | Create and modify bucket object. |
| Change | Change/createBucket | View/getBucketList | - | Bucket | Create bucket. |
| Change | Change/deleteBucket | View/getBucketList | Bucket | Bucket | Delete bucket. |
| Change | Change/changeBucketCORS | - | Bucket | Bucket | Edit bucket CORS. |
| Change | Change/deleteBucketCORS | - | Bucket | Bucket | Delete bucket CORS. |
| Change | Change/changeAccessLog | View/getBucketList
View/getAccessLogList | Bucket | Bucket | Edit bucket's access log setting. |
| Change | Change/createLifeCyclePolicy | View/getBucketList
View/getObjectList
Change/writeObject
View/getLifeCyclePolicyList | - | LifeCyclePolicy | Create a bucket's lifecycle policy. |
| Change | Change/deleteLifeCyclePolicy | View/getLifeCyclePolicyList | - | LifeCyclePolicy | Delete a bucket's lifecycle policy. |
| Change | Change/changeLifeCyclePolicyStatus | View/getObjectList
Change/writeObject
View/getLifeCyclePolicyList | - | LifeCyclePolicy | Change a bucket's lifecycle policy. |
| Change | Change/changeBucketWebsite | View/getBucketList
View/getBucketWebsite | Bucket | Bucket |Edit bucket website settings. |
| Change | Change/deleteBucketWebsite | View/getBucketList
View/getBucketWebsite | Bucket | Bucket | Delete bucket website settings. |
| Change | Change/createCloudFunctionsTrigger | View/getCloudFunctionsTriggerList | - | Bucket | Create Cloud Functions triggers. |
| Change | Change/changeCloudFunctionsTrigger | - | - | Bucket | Edit the Cloud Functions trigger information. |
| Change | Change/createBucketEvent | View/getBucketList
View/getBucketEventList
View/getCloudFunctionsActionList
View/getCloudFunctionsTriggerList
Change/changeCloudFunctionsTrigger | Bucket | Bucket | Create bucket event. |
| Change | Change/deleteBucketEvent | View/getBucketList
View/getBucketEventList
Change/changeCloudFunctionsTrigger | Bucket | Bucket | Delete bucket event. |
| Change | Change/changeBucketEvent | View/getBucketList
View/getBucketEventList
View/getCloudFunctionsActionList
View/getCloudFunctionsTriggerList
Change/changeCloudFunctionsTrigger | Bucket | Bucket | Edit bucket event. |
| Change | Change/subscribeProduct | - | - | - | Manage subscriptions for Object Storage. |
| Change | Change/sendBucketExtendedMetricData | - | Bucket | Bucket | Transmit event data of the buckets with detailed monitoring policy set. |
| Change | Change/createBucketMetricFilter | Change/sendBucketExtendedMetricData
View/getBucketList
View/getBucketMetricFilterList | - | Bucket | Create detailed monitoring policy of bucket. |
| Change | Change/changeBucketMetricFilter | View/getBucketMetricFilterList | Bucket | Bucket | Change detailed monitoring policy of bucket. |
| Change | Change/deleteBucketMetricFilter | View/getBucketMetricFilterList | Bucket | Bucket | Delete detailed monitoring policy of bucket. |
SubAccount permission changes may not be applied immediately and can take up to 1 minute.
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.