Enable Role-based access control

Lets you define multiple users with fine-grained data authorization features.

Role-based access control (RBAC) lets you define roles with specific sets of permissions. You can then assign users to these roles to provide appropriate levels of access.

RBAC effectively lets you implement the principle of least privilege. For example, you can provide read-only access to an application whose only job is to display Redis data. Similarly, you can prevent new developers from running dangerous administrative commands.

Set up RBAC

To set up RBAC, first navigate to the Data Access Control screen.

There are three tabs on this screen: Users, Roles, and Redis ACLs.

In the Redis ACLs tab, you define named permissions for specific Redis commands, keys, and pub/sub channels.

In the Roles tab, you create roles. Each role consists of a set of permissions for one or more Redis Cloud databases.

Finally, in the Users tab, you create users and assign each user a role.

OSS Redis ACLs vs. Redis Cloud RBAC

In open source Redis, you can create users and assign ACLs to them using the ACL command. However, open source Redis does not support generic roles.

In Redis Cloud, you configure RBAC using the Redis Cloud console. As a result, certain open source Redis ACL subcommands are not available in Redis Cloud. The following table shows which ACL commands are supported.

In open source Redis, you must explicitly provide access to the MULTI, EXEC, and DISCARD commands. In Redis Cloud, these commands, which are used in transactions, are always permitted. However, the commands run within the transaction block are subject to RBAC permissions.

When you run multi-key commands on multi-slot keys, the return value is failure but the command runs on the keys that are allowed.