Managing Sub Account permissions
    • PDF

    Managing Sub Account permissions

    • PDF

    Article Summary

    Available in Classic and VPC

    By using Sub Account, NAVER Cloud Platform's account management service, you can set various access permissions for Sub Account. Sub Account provides System-Managed policies and User-Created policies for setting management and administration permissions.

    Note

    Sub Account is a service provided free of charge upon subscription request. For more details about Sub Account, see the Services > Management & Governance > Sub Account menu in the NAVER Cloud Platform portal, and Sub Account Guide.

    System-managed policies

    System-managed policies are role-based policies defined by the NAVER Cloud Platform for user convenience. Once System-managed policies are granted to a sub account created in Sub Account, that sub account can use Sub Account. The following is a brief description of the system-managed policies of Sub Account.

    Policy nameDescription
    NCP_ADMINISTRATORPermission to access the portal and console in NAVER Cloud Platform in the same manner as main accounts
    NCP_FINANCE_MANAGERPermission to view the Manage usage and Manage payment method, and Solution usage status menu on the portal's My Page
    NCP_SUB_ACCOUNT_MANAGERPermission to use all features of Sub Account
    NCP_SUB_ACCOUNT_VIEWERPermission to only use the View list and Search features in Sub Account

    User-created policies

    User-created policies are policies that users may create. Once User-created policies are granted to a sub account created in Sub Account, that sub account can only use the user-assigned action combinations. The following is a brief description of the user-created policies of Sub Account.

    DivisionAction nameRelated action(s)Resource typeGroup by resource typeAction description
    ViewView/getResourceCount--DashboardView sub account resource information
    ViewView/getSubAccountList--SubAccountView sub account list
    ViewView/getSubAccountDetailView/getSubAccountListSubAccountSubAccountView sub account details
    ViewView/getSubAccountAccessKeyView/getSubAccountDetail
    View/getSubAccountList
    SubAccountSubAccountView sub account's access key
    ViewView/getGroupList--GroupView group list
    ViewView/getGroupDetailView/getGroupListGroupGroupView group details
    ViewView/getPolicyList--PolicyView policy list created by user
    ViewView/getPolicyDetailView/getPolicyListPolicyPolicyView details of policy created by user
    ViewView/validatePolicy--PolicyView policy validity
    ViewView/getRoleList--RoleView role list
    ViewView/getRoleDetailView/getRoleListRoleRoleView role details
    ViewView/getServerInstanceList--RoleView server resource list to be granted a role
    ViewView/getServerInstanceDetailView/getServerInstanceListVPCServer:ServerRoleView server resource details to assign roles
    ViewView/getStsSessionToken--STSCreate STS token and view created STS token information
    ChangeChange/manageLoginPageSetting--DashboardManage access page settings
    ChangeChange/managePasswordSetting--DashboardManage password settings
    ChangeChange/manageSessionSetting--DashboardManage session expiration settings
    ChangeChange/createSubAccountView/getSubAccountList-SubAccountCreate sub account
    ChangeChange/updateSubAccountView/getSubAccountDetail
    View/getSubAccountList
    SubAccountSubAccountEdit sub account
    ChangeChange/deleteSubAccountView/getSubAccountDetail
    View/getSubAccountList
    SubAccountSubAccountDelete sub account
    ChangeChange/suspendSubAccountView/getSubAccountDetail
    View/getSubAccountList
    SubAccountSubAccountTemporarily suspend and disconnect sub account
    ChangeChange/resetSubAccountPasswordView/getSubAccountDetail
    View/getSubAccountList
    SubAccountSubAccountReset sub account password
    ChangeChange/addPolicyToSubAccountView/getSubAccountDetail
    View/getSubAccountList
    View/getPolicyList
    View/getPolicyDetail
    SubAccountSubAccountAssign policy to sub account
    ChangeChange/removePolicyFromSubAccountView/getSubAccountDetail
    View/getSubAccountList
    SubAccountSubAccountDelete policy from sub account
    ChangeChange/createSubAccountAccessKeyView/getSubAccountDetail
    View/getSubAccountList
    View/getSubAccountAccessKey
    SubAccountSubAccountCreate sub account's access key
    ChangeChange/deleteSubAccountAccessKeyView/getSubAccountDetail
    View/getSubAccountList
    View/getSubAccountAccessKey
    SubAccountSubAccountDelete sub account's access key
    ChangeChange/manageSubAccountAccessKeyStateView/getSubAccountDetail
    View/getSubAccountList
    View/getSubAccountAccessKey
    SubAccountSubAccountManage sub account key status
    ChangeChange/manageSubAccountAllowSourceSettingView/getSubAccountDetail
    View/getSubAccountList
    SubAccountSubAccountView and edit the source IP or VPC server that can access the console or API
    ChangeChange/resetSubAccountMFAgetSubAccountList
    getSubAccountDetail
    SubAccountSubAccountReset sub account's two-factor authentication settings
    ChangeChange/addSubAccountToGroupView/getGroupList
    View/getSubAccountDetail
    View/getSubAccountList
    View/getGroupDetail
    Group
    SubAccount
    Group
    SubAccount
    Add sub accounts to group
    ChangeChange/removeSubAccountFromGroupView/getGroupList
    View/getSubAccountDetail
    View/getSubAccountList
    View/getGroupDetail
    Group
    SubAccount
    Group
    SubAccount
    Delete sub account from group
    ChangeChange/addPolicyToGroupView/getGroupList
    View/getPolicyList
    View/getPolicyDetail
    View/getGroupDetail
    GroupGroupAssign policy to group
    ChangeChange/removePolicyFromGroupView/getGroupList
    View/getGroupDetail
    GroupGroupDelete policy from group
    ChangeChange/createGroupView/getGroupList-GroupCreate group
    ChangeChange/updateGroupView/getGroupList
    View/getGroupDetail
    GroupGroupEdit group information
    ChangeChange/deleteGroupView/getGroupList
    View/getGroupDetail
    GroupGroupDelete group
    ChangeChange/createPolicyView/getPolicyList-PolicyCreate new policy
    ChangeChange/updatePolicyView/getPolicyList
    View/getPolicyDetail
    PolicyPolicyChange policy created by user
    ChangeChange/deletePolicyView/getPolicyList
    View/getPolicyDetail
    PolicyPolicyDelete policy created by user
    ChangeChange/createRoleView/getRoleList-RoleCreate role
    ChangeChange/updateRoleView/getRoleDetail
    View/getRoleList
    RoleRoleEdit role
    ChangeChange/deleteRoleView/getRoleDetail
    View/getRoleList
    RoleRoleDelete role
    ChangeChange/addPolicyToRoleView/getPolicyList
    View/getRoleDetail
    View/getRoleList
    View/getPolicyDetail
    RoleRoleAssign policy to role
    ChangeChange/removePolicyFromRoleView/getRoleDetail
    View/getRoleList
    RoleRoleDelete policy from role
    ChangeChange/attachRoleToServerView/getRoleDetail
    View/getServerInstanceList
    View/getRoleList
    View/getServerInstanceDetail
    RoleRoleAssign role to server resource
    ChangeChange/detachRoleFromServerView/getRoleDetail
    View/getRoleList
    RoleRoleRemove roles from server resource
    ChangeChange/suspendRoleView/getRoleDetail
    View/getRoleList
    RoleRoleSuspend and release roles
    ChangeChange/attachRoleToAccontView/getRoleDetail
    View/getRoleList
    RoleRoleSet target accounts in account role
    ChangeChange/detachRoleFromAccontView/getRoleDetail
    View/getRoleList
    RoleRoleDelete target accounts in account role
    ChangeChange/switchRole-RoleRoleSwitch permissions to the assigned account role
    Caution

    Even when you are granted permission for a specific action, if you are not also granted permissions for the related actions that are required, then you won't be able to perform jobs properly. To prevent such issues, Sub Account provides a feature that automatically grants permissions for related actions when granting action permissions. However, if you deselect related actions that are automatically granted, then the system determines that it was done intentionally by the main account user and won't forcibly include them. So, be cautioned when setting permissions.


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.