Login
      Contents x
      Sub Account permissions management
        • Print
        • PDF
        Contents

        Sub Account permissions management

          • Print
          • PDF
          Article summary

          Available in Classic and VPC

          By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Sub Account. Sub Account provides system managed policies and user-defined policies for setting management and administration permissions.

          Note

          Sub Account is a service provided free of charge upon subscription request. For more information on Sub Account, see Services > Management & Governance > Sub Account on NAVER Cloud Platform portal and the Sub Account user guide.

          System-managed policies

          System-managed policies are role-based policies defined by NAVER Cloud Platform for user convenience. Once system-managed policies are granted to a sub account created in Sub Account that sub account can use Sub Account. The following is a brief description of the system-managed policies of Sub Account.

          Policy nameDescription
          NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
          NCP_FINANCE_MANAGERPermission to view the Manage usage and Manage payment method, and Solution usage status menu on the portal's My Page
          NCP_SUB_ACCOUNT_MANAGERPermission to use the full Sub Account feature sets including External Access
          NCP_SUB_ACCOUNT_VIEWERPermission to only use the view list and view features in Sub Account
          NCP_EXTERNAL_ACCESS_MANAGERPermission to use all the features in External Access
          NCP_EXTERNAL_ACCESS_VIEWERPermission to only use the view list and search functions in External Access

          User-defined policies

          User-defined policies are policies that users may create. Once the user-defined policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-created policies of Sub Account.

          Sub Account

          TypeAction nameRelated actionResource typeGroup by resource typeAction descriptionApplicable condition keys
          ViewView/getResourceCount--DashboardView Sub Account resource information- All Principal attribute condition keys
          ViewView/getSubAccountList--SubAccountView sub account list- All Principal attribute condition keys
          ViewView/getSubAccountDetailView/getSubAccountListSubAccountSubAccountView sub account details- All Principal attribute condition keys
          -  ncp: resourceTag
          ViewView/getSubAccountAccessKeyView/getSubAccountDetail
          View/getSubAccountList          		SubAccountSubAccountView sub account's access key- All Principal attribute condition keys
          -  ncp: resourceTag
          ViewView/getGroupList--GroupView group list- All Principal attribute condition keys
          ViewView/getGroupDetailView/getGroupListGroupGroupView group details- All Principal attribute condition keys
          -  ncp: resourceTag
          ViewView/getPolicyList--PolicyView policy list created by user- All Principal attribute condition keys
          ViewView/getPolicyDetailView/getPolicyListPolicyPolicyView details of policy created by user- All Principal attribute condition keys
          -  ncp: resourceTag
          ViewView/validatePolicy--PolicyView policy validity- All Principal attribute condition keys
          ViewView/getRoleList--RoleView role list- All Principal attribute condition keys
          ViewView/getRoleDetailView/getRoleListRoleRoleView role details- All Principal attribute condition keys
          -  ncp: resourceTag
          ViewView/getServerInstanceList--RoleView server resource list to be granted a role- All Principal attribute condition keys
          ViewView/getServerInstanceDetailView/getServerInstanceListVPCServer:ServerRoleView Server resource details to assign roles- All Principal attribute condition keys
          -  ncp: resourceTag
          ViewView/getStsSessionToken--STSCreate STS token and view created STS token information- All Principal attribute condition keys
          ChangeChange/manageLoginPageSetting--DashboardManage access page settings- All Principal attribute condition keys
          ChangeChange/managePasswordSetting--DashboardManage password settings- All Principal attribute condition keys
          ChangeChange/manageSessionSetting--DashboardManage session expiration settings- All Principal attribute condition keys
          ChangeChange/createSubAccountView/getSubAccountList-SubAccountCreate sub account- All Principal attribute condition keys
          ChangeChange/updateSubAccountView/getSubAccountDetail
          View/getSubAccountList          		SubAccountSubAccountEdit sub account- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/deleteSubAccountView/getSubAccountDetail
          View/getSubAccountList          		SubAccountSubAccountDelete sub account- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/suspendSubAccountView/getSubAccountDetail
          View/getSubAccountList          		SubAccountSubAccountTemporarily suspend and disconnect sub account- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/resetSubAccountPasswordView/getSubAccountDetail
          View/getSubAccountList          		SubAccountSubAccountReset sub account password- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/addPolicyToSubAccountView/getSubAccountDetail
          View/getSubAccountList
          View/getPolicyList
          View/getPolicyDetail          		SubAccountSubAccountAssign policy to sub account- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/removePolicyFromSubAccountView/getSubAccountDetail
          View/getSubAccountList          		SubAccountSubAccountDelete policy from sub account- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/createSubAccountAccessKeyView/getSubAccountDetail
          View/getSubAccountList
          View/getSubAccountAccessKey          		SubAccountSubAccountCreate sub account's Access Key- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/deleteSubAccountAccessKeyView/getSubAccountDetail
          View/getSubAccountList
          View/getSubAccountAccessKey          		SubAccountSubAccountDelete sub account's Access Key- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/manageSubAccountAccessKeyStateView/getSubAccountDetail
          View/getSubAccountList
          View/getSubAccountAccessKey          		SubAccountSubAccountManage sub account access key status- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/manageSubAccountAllowSourceSettingView/getSubAccountDetail
          View/getSubAccountList          		SubAccountSubAccountView and edit the Source IP or VPC Server that can access the console or API- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/resetSubAccountMFAgetSubAccountList
          getSubAccountDetail          		SubAccountSubAccountReset sub account's two-factor authentication settings- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/addSubAccountToGroupView/getGroupList
          View/getSubAccountDetail
          View/getSubAccountList
          View/getGroupDetail          		Group
          SubAccount          		Group
          SubAccount          		Add sub accounts to group- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/removeSubAccountFromGroupView/getGroupList
          View/getSubAccountDetail
          View/getSubAccountList
          View/getGroupDetail          		Group
          SubAccount          		Group
          SubAccount          		Delete sub account from group- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/addPolicyToGroupView/getGroupList
          View/getPolicyList
          View/getPolicyDetail
          View/getGroupDetail          		GroupGroupAssign policy to group- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/removePolicyFromGroupView/getGroupList
          View/getGroupDetail          		GroupGroupDelete policy from group- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/createGroupView/getGroupList-GroupCreate groups- All Principal attribute condition keys
          ChangeChange/updateGroupView/getGroupList
          View/getGroupDetail          		GroupGroupEdit group information- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/deleteGroupView/getGroupList
          View/getGroupDetail          		GroupGroupDelete groups- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/createPolicyView/getPolicyList-PolicyCreate new policy- All Principal attribute condition keys
          ChangeChange/updatePolicyView/getPolicyList
          View/getPolicyDetail          		PolicyPolicyChange policy created by user- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/deletePolicyView/getPolicyList
          View/getPolicyDetail          		PolicyPolicyDelete policy created by user- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/createRoleView/getRoleList-RoleCreate role- All Principal attribute condition keys
          ChangeChange/updateRoleView/getRoleDetail
          View/getRoleList          		RoleRoleEdit role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/deleteRoleView/getRoleDetail
          View/getRoleList          		RoleRoleDelete role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/addPolicyToRoleView/getPolicyList
          View/getRoleDetail
          View/getRoleList
          View/getPolicyDetail          		RoleRoleAssign policy to role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/removePolicyFromRoleView/getRoleDetail
          View/getRoleList          		RoleRoleDelete policy from role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/attachRoleToServerView/getRoleDetail
          View/getServerInstanceList
          View/getRoleList
          View/getServerInstanceDetail          		RoleRoleAssign role to Server resource- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/detachRoleFromServerView/getRoleDetail
          View/getRoleList          		RoleRoleRemove roles from Server resource- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/suspendRoleView/getRoleDetail
          View/getRoleList          		RoleRoleSuspend and release Roles- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/attachRoleToAccountView/getRoleDetail
          View/getRoleList          		RoleRoleSet target accounts in Account Role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/detachRoleFromAccountView/getRoleDetail
          View/getRoleList          		RoleRoleDelete target accounts in Account Role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/switchRole-RoleRoleSwitch permissions to the assigned Account Role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/tagSubAccountView/getSubAccountList
          View/getSubAccountDetail          		SubAccountSubAccountAssign tag to subaccount- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/untagSubAccountView/getSubAccountList
          View/getSubAccountDetail          		SubAccountSubAccountDelete tag from sub account- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/tagGroupView/getGroupList
          View/getGroupDetail          		GroupGroupAssign tag to group- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/untagGroupView/getGroupList
          View/getGroupDetail          		GroupGroupDelete tag from group- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/tagPolicyView/getPolicyList
          View/getPolicyDetail          		PolicyPolicyAssign tag to Policy- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/untagPolicyView/getPolicyList
          View/getPolicyDetail          		PolicyPolicyDelete tag from Policy- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/tagRoleView/getRoleList
          View/getRoleDetail          		RoleRoleAssign tag to role- All Principal attribute condition keys
          -  ncp: resourceTag
          ChangeChange/untagRoleView/getRoleList
          getRoleDetail          		RoleRoleDelete tag from role- All Principal attribute condition keys
          -  ncp: resourceTag

          External Access

          TypeAction nameRelated actionResource typeGroup by resource typeAction descriptionAvailable Condition keys
          ChangeChange/createTrustAnchorgetCAList
          getCADetail          		\-TrustAnchorCreate TrustAnchor- All Principal attribute condition keys
          ChangeChange/createProfilegetRoleList
          getRoleDetail          		\-ProfileCreate Profile- All Principal attribute condition keys
          ChangeChange/deleteTrustAnchorgetTrustAnchorList
          getTrustAnchorDetail          		TrustAnchorTrustAnchorDelete TrustAnchor- All Principal attribute condition keys
          ChangeChange/disableTrustAnchorgetTrustAnchorList
          getTrustAnchorDetail          		TrustAnchorTrustAnchorDisable TrustAnchor- All Principal attribute condition keys
          ChangeChange/enableTrustAnchorgetTrustAnchorList
          getTrustAnchorDetail          		TrustAnchorTrustAnchorEnable TrustAnchor- All Principal attribute condition keys
          ViewView/getTrustAnchorList\-\-TrustAnchorView list of TrustAnchor- All Principal attribute condition keys
          ViewView/getTrustAnchorDetailgetTrustAnchorListTrustAnchorTrustAnchorView TrustAnchor details- All Principal attribute condition keys
          ChangeChange/updateTrustAnchorgetTrustAnchorList
          getTrustAnchorDetail
          getCAList
          getCADetail          		TrustAnchorTrustAnchorEdit TrustAnchor- All Principal attribute condition keys
          ChangeChange/deleteProfilegetProfileList
          getProfileDetail          		ProfileProfileDelete Profile- All Principal attribute condition keys
          ChangeChange/disableProfilegetProfileList
          getProfileDetail          		ProfileProfileDisable Profile- All Principal attribute condition keys
          ChangeChange/enableProfilegetProfileList
          getProfileDetail          		ProfileProfileEnable Profile- All Principal attribute condition keys
          ViewView/getProfileList\-\-ProfileView list of Profile- All Principal attribute condition keys
          ViewView/getProfileDetailgetProfileListProfileProfileView Profile details- All Principal attribute condition keys
          ChangeChange/updateProfilegetProfileList
          getProfileDetail
          getRoleList
          getRoleDetail          		ProfileProfileEdit Profile- All Principal attribute condition keys
          ViewView/getSubjectList\-\-SubjectView SubjectActivity list- All Principal attribute condition keys
          ViewView/getSubjectDetailgetSubjectListSubjectSubjectView SubjectActivity details- All Principal attribute condition keys
          ViewView/getCAList\-\-TrustAnchorView CA list- All Principal attribute condition keys
          ViewView/getCADetailgetCAListPrivate CA:CATrustAnchorView CA details- All Principal attribute condition keys
          ViewView/getRoleList\-\-ProfileView role list- All Principal attribute condition keys
          ViewView/getRoleDetailgetRoleListSub Account:RoleProfileView role details- All Principal attribute condition keys
          ChangeChange/importCrlgetTrustAnchorDetailCrlCrlImport Crl- All Principal attribute condition keys
          ChangeChange/deleteCrlgetTrustAnchorDetail
          getCrlDetail
          getCrlList          		CrlCrlDelete Crl- All Principal attribute condition keys
          ChangeChange/disbleCrlgetTrustAnchorDetail
          getCrlDetail          		CrlCrlDisable Crl- All Principal attribute condition keys
          ChangeChange/enableCrlgetTrustAnchorDetail
          getCrlDetail          		CrlCrlEnable Crl- All Principal attribute condition keys
          ViewView/getCrlDetailgetTrustAnchorDetail
          getCrlList          		CrlCrlView Crl details- All Principal attribute condition keys
          ViewView/getCrlListgetTrustAnchorDetailCrlCrlView Crl list- All Principal attribute condition keys
          Caution

          Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, you will not be able to perform tasks properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and will not forcibly include them. Therefore, use caution when setting permissions.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout