Login
      Contents x
      Managing Object Storage permissions
        • Print
        • PDF
        Contents

        Managing Object Storage permissions

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Object Storage. Sub Account provides System Managed policies and User Created policies for setting management and administration permissions.

          Note

          Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, refer to the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, and Sub Account Guide.

          Managed policies

          Managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once managed policies are granted to a sub account created in Sub Account, that sub account can use Object Storage. The following is a brief description about the managed policies of Object Storage.

          Policy namePolicy description
          NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
          NCP_INFRA_MANAGERPermission to use all services in NAVER Cloud Platform but with restricted access to some features (Manage usage, payment management) of My Page in the portal
          NCP_OBJECT_STORAGE_VIEWERPermission to only use the view list and view features in Object Storage
          NCP_OBJECT_STORAGE_MANAGERPermission to use all features in Object Storage (However, -related permissions cannot be granted to other accounts.)

          User Created policies

          User Created policies are policies that users may create. Once User Created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description about User Created policies of Object Storage.

          TypeAction nameRelated action(s)Resource typeGroup by resource typeAction description
          ViewView/getBucketList--BucketView bucket list
          ViewView/getObjectListView/getBucketListBucketBucketGet the list of files in the bucket and view bucket details
          ViewView/getMultipartUploadListView/getBucketListBucketBucketView the list of ongoing multi-part uploads in the bucket.
          ViewView/getBucketCORSList-BucketBucketView bucket CORS
          ViewView/getAccessLogListView/getBucketListBucketBucketView the content of bucket's access log setting
          ViewView/getLifeCyclePolicyList--LifeCyclePolicyGet the list of bucket's lifecycle policies
          ViewView/getBucketWebsiteView/getBucketListBucketBucketView bucket website settings
          ViewView/getBucketEventListView/getBucketListBucketBucketView bucket event list
          ViewView/getCloudFunctionsTriggerList--BucketView the list of Cloud Functions trigger.
          ViewView/getCloudFunctionsActionList--BucketView the list of Cloud Functions actions.
          ViewView/getBucketMetricFilterList--BucketView the detailed monitoring policy list of the bucket
          ChangeChange/writeObjectView/getBucketList
          View/getObjectList          		BucketBucketCreate and modify bucket object
          ChangeChange/createBucketView/getBucketList-BucketCreate bucket
          ChangeChange/deleteBucketView/getBucketListBucketBucketDelete bucket
          ChangeChange/changeBucketCORS-BucketBucketEdit bucket CORS
          ChangeChange/deleteBucketCORS-BucketBucketDelete bucket CORS
          ChangeChange/changeAccessLogView/getBucketList
          View/getAccessLogList          		BucketBucketEdit bucket's access log setting
          ChangeChange/createLifeCyclePolicyView/getBucketList
          View/getObjectList
          Change/writeObject
          View/getLifeCyclePolicyList          		-LifeCyclePolicyCreate a bucket's lifecycle policy
          ChangeChange/deleteLifeCyclePolicyView/getLifeCyclePolicyList-LifeCyclePolicyDelete a bucket's lifecycle policy
          ChangeChange/changeLifeCyclePolicyStatusView/getObjectList
          Change/writeObject
          View/getLifeCyclePolicyList          		-LifeCyclePolicyChange a bucket's lifecycle policy
          ChangeChange/changeBucketWebsiteView/getBucketList
          View/getBucketWebsite          		BucketBucketEdit bucket website settings
          ChangeChange/deleteBucketWebsiteView/getBucketList
          View/getBucketWebsite          		BucketBucketDelete bucket website settings
          ChangeChange/createCloudFunctionsTriggerView/getCloudFunctionsTriggerList-BucketCreate Cloud Functions triggers.
          ChangeChange/changeCloudFunctionsTrigger--BucketEdit the Cloud Functions trigger information.
          ChangeChange/createBucketEventView/getBucketList
          View/getBucketEventList
          View/getCloudFunctionsActionList
          View/getCloudFunctionsTriggerList
          Change/changeCloudFunctionsTrigger          		BucketBucketCreate bucket event
          ChangeChange/deleteBucketEventView/getBucketList
          View/getBucketEventList
          Change/changeCloudFunctionsTrigger          		BucketBucketDelete bucket event
          ChangeChange/changeBucketEventView/getBucketList
          View/getBucketEventList
          View/getCloudFunctionsActionList
          View/getCloudFunctionsTriggerList
          Change/changeCloudFunctionsTrigger          		BucketBucketEdit bucket event
          ChangeChange/subscribeProduct---Request subscription or cancel subscription of Object Storage.
          ChangeChange/sendBucketExtendedMetricData-BucketBucketTransmit the event data of the bucket with the detailed monitoring policy set
          ChangeChange/createBucketMetricFilterChange/sendBucketExtendedMetricData
          View/getBucketList
          View/getBucketMetricFilterList          		-BucketCreate the detailed monitoring policy of the bucket
          ChangeChange/changeBucketMetricFilterView/getBucketMetricFilterListBucketBucketChange the detailed monitoring policy of the bucket.
          ChangeChange/deleteBucketMetricFilterView/getBucketMetricFilterListBucketBucketDelete the detailed monitoring policy of the bucket
          Note

          When making SubAccount permission changes, the changes may not take effect immediately and can take up to 1 minute.

          Caution

          Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be careful when setting permissions.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout