Enable Role-based access control
Role-based access control (RBAC) lets you define roles with specific sets of permissions. You can then assign users to these roles to provide appropriate levels of access.
RBAC effectively lets you implement the principle of least privilege. For example, you can provide read-only access to an application whose only job is to display Redis data. Similarly, you can prevent new developers from running dangerous administrative commands.
Set up RBAC
To set up RBAC, first navigate to the Data Access Control screen.
There are three tabs on this screen: Users, Roles, and Redis ACLs.
In the Redis ACLs tab, you define named permissions for specific Redis commands, keys, and pub/sub channels.
In the Roles tab, you create roles. Each role consists of a set of permissions for one or more Redis Cloud databases.
Finally, in the Users tab, you create users and assign each user a role.
OSS Redis ACLs vs. Redis Cloud RBAC
In open source Redis, you can create users and assign ACLs to them using the ACL command. However, open source
Redis does not support generic roles.
In Redis Cloud, you configure RBAC using the Redis Cloud console. As a result, certain open source Redis ACL subcommands are not available in Redis Cloud. The following table shows which ACL commands are supported.
| Command | Supported |
|---|---|
| ACL CAT | ✅ Supported |
| ACL DELUSER | ❌ Not supported |
| ACL DRYRUN | ✅ Supported |
| ACL GENPASS | ❌ Not supported |
| ACL GETUSER | ✅ Supported |
| ACL HELP | ✅ Supported |
| ACL LIST | ✅ Supported |
| ACL LOAD | ❌ Not supported |
| ACL LOG | ❌ Not supported |
| ACL SAVE | ❌ Not supported |
| ACL SETUSER | ❌ Not supported |
| ACL USERS | ✅ Supported |
| ACL WHOAMI | ✅ Supported |
In open source Redis, you must explicitly provide access to the MULTI, EXEC, and DISCARD commands.
In Redis Cloud, these commands, which are used in transactions, are always permitted. However, the commands
run within the transaction block are subject to RBAC permissions.
When you run multi-key commands on multi-slot keys, the return value is failure but the command runs on the keys that are allowed.