Available in Classic and VPC
You can set different access permissions for Ncloud Storage using NAVER Cloud Platform's Sub Account service. Sub Account offers both system-managed (System Managed) and user-defined (User Created) policies to help you configure management and operation permissions.
Sub Account is a free service with no additional charges. For more information about Sub Account, see Services > Management & Governance > Sub Account on the NAVER Cloud Platform portal and the Sub Account user guide.
System-managed policies
System-managed policies are pre-built, role-based policies that NAVER Cloud Platform provides for your convenience. When you assign one of these policies to a sub account, that account gets access to Ncloud Storage. Here are the available system-managed policies for Ncloud Storage:
| Policy name | Policy description |
|---|---|
| NCP_ADMINISTRATOR | Full access to all services, same as the main account. |
| NCP_INFRA_MANAGER | Access to all services, except the My Account > Billing Information & Cost Management > Billing & Payment Management menu on the console. |
| NCP_FINANCE_MANAGER | Access to only Cost Explorer and the My Account > Billing Information & Cost Management > Billing & Payment Management menu on the console. |
| NCP_NCLOUD_STORAGE_MANAGER | Full access to all Ncloud Storage features. |
| NCP_NCLOUD_STORAGE_VIEWER | View-only access to all Ncloud Storage features. |
User-defined policies
User-defined policies let you create custom permissions. When you assign a user-defined policy to a sub account, that account can only perform the specific actions you've allowed. Here are the available user-defined policies for Ncloud Storage:
| Type | Action | Related action | Resource type | Action description |
|---|---|---|---|---|
| View | View/ListAllMyBuckets | - | Bucket | View bucket list. |
| View | View/ListBucket | - | Bucket | View bucket properties and object list. |
| View | View/ListBucketMultipartUploads | View/ListBucket | Bucket | View information on canceled or incomplete multipart upload. |
| View | View/ListMultipartUploadParts | View/ListBucket | Bucket | View object parts uploaded to the bucket via multipart upload. |
| View | View/ListBucketVersions | View/ListBucket | Bucket | View bucket metadata for all contained object versions. |
| View | View/GetBucketVersioning | View/ListAllMyBuckets, View/ListBucket | Bucket | View bucket versioning setting status. |
| View | View/GetObject | View/ListBucket | Bucket | View object properties and download object. |
| View | View/GetObjectVersion | View/ListBucket, View/GetObject | Bucket | View applied version management properties and download object. |
| View | View/GetBucketLocation | View/ListAllMyBuckets, View/ListBucket | Bucket | View information of Region where bucket is created. |
| View | View/GetLifecycleConfiguration | View/ListAllMyBuckets, View/ListBucket | Bucket | View bucket lifecycle configuration. |
| Change | Change/CreateBucket | View/ListAllMyBuckets | Bucket | Create bucket. |
| Change | Change/DeleteBucket | View/ListAllMyBuckets, View/ListBucket | Bucket | Delete bucket. |
| Change | Change/PutObject | View/ListBucket | Bucket | Upload object to bucket. |
| Change | Change/DeleteObject | View/ListBucket | Bucket | Delete object. |
| Change | Change/DeleteObjectVersion | View/ListBucket, View/GetObject, View/GetObjectVersion, Change/DeleteObject | Bucket | Delete object with applied version management properties. |
| Change | Change/AbortMultipartUpload | View/ListBucket, Change/deleteObject | Bucket | Delete all incomplete parts of multipart uploads. |
| Change | Change/PutBucketVersioning | View/ListAllMyBuckets, View/ListBucket | Bucket | Set bucket versioning. |
| Change | Change/PutLifecycleConfiguration | View/ListAllMyBuckets, View/ListBucket | Bucket | Create new bucket lifecycle or update existing configuration. |
| Change | Change/RestoreObject | View/ListBucket, View/getObject, Change/putObject | Bucket | Restore access to archived object. |
If you grant someone access to a specific action but not to the required related actions, they won't be able to complete their tasks. Sub Account automatically includes these related permissions to prevent this issue. However, if you manually uncheck these auto-selected related actions, the system assumes this was intentional and won't override your selection.