Access management
The Access management screen helps you manage:
- The team of users allowed to access your subscription and its databases
- The API keys that authenticate application access to your account
- Single sign-on (SSO) with SAML
Here, you learn how to manage your team’s users and to control their level of access.
If your Redis Enterprise Cloud subscription is managed through Google Cloud Platform (GCP) marketplace, see GCP Marketplace team management for help.
For help managing API keys, see Manage API keys.
Manage team access
The Team tab lets you manage the people allowed to access your account. Each authorized person is assigned to a role that specifies their privileges.
The list contains one entry summarizing the team settings for each user in your team. By default, the list includes the account owner.
The list includes several buttons and icons to help you manage the list:
| Icon | Description |
|---|---|
|
The Add button lets you add members to your team |
|
The Edit button lets you edit the settings for the selected team member |
|
The Delete button lets you remove members from your team |
|
Filter icons let you display team members matching conditions you specify |
|
The Sort ascending and Sort descending icons display the list according to the selected order |
If you have a large team, you can use the controls in the list footer to navigate quickly through the list. These controls are deactivated for small teams.
Add user
When you add a member to your team, the Add user dialog appears.
Use this dialog to specify the following values:
| Setting | Description |
|---|---|
| Name | Name of the user displayed in the admin console and in email messages |
| Role | The role identifies their subscription and account privileges. For details, see Team management roles. |
| The address used for alerts and other email messages regarding the account | |
| Alert emails | Enable to be notified when subscription databases cross certain thresholds, such as exceeding memory limits or latency requirements |
| Operational emails | Notifications about subscription and database changes, such as creating or deleting a database |
| Billing emails | Notifications when bills are issued, paid, and so on |
| Multi-factor authentication | Whether MFA is enabled for the member. This is deactivated when members have not enabled or confirmed MFA in their user profile settings |
Use the Add user button to save your new team member details.
Edit user
To edit user team details, select the user from the list and then select the Edit button.
When you do this, the Edit user dialog displays the details you can change.
You can change any detail except the team member’s email address.
Use the Save user button to save your changes.
Delete user
To remove a member from your team, select them from the list and then select the Delete button. When you do this, a confirmation dialog appears.
Select the Delete user button to confirm removal. This action is permanent and cannot be undone.
Team management roles
Each team member is assigned a role that identifies their privileges and limits their activities in the admin console.
The following roles are available:
-
Owner - Can view, create, and edit any settings in the account
Each subscription must have at least one account owner. Accounts can have multiple owners.
Owners can also manage subscriptions, databases, and API keys.
-
Manager - Can view, create, and edit any setting in the subscription
Managers can change subscription costs and change the payment methods associated with a subscription, but they cannot cannot add/remove available payment methods.
-
Member - Can view, create, and edit databases in Fixed accounts
Members may not impact costs associated with Flexible accounts; this means they cannot create databases or edit databases in ways that impact subscription cost.
-
Viewer - Can view all databases and their configurations (including database secrets)
The following table shows each role’s ability to perform common tasks using the admin console:
| Task | Owner | Manager | Member | Viewer |
|---|---|---|---|---|
| Access management | ✅ Yes | ❌ No | ❌ No | ❌ No |
| Account settings | ✅ Yes | ❌ No | ❌ No | ❌ No |
| Billing & payments | ✅ Yes | ❌ No | ❌ No | ❌ No |
| Create subscription | ✅ Yes | ✅ Yes | ❌ No | ❌ No |
| Create database (Flexible) | ✅ Yes | ✅ Yes | ❌ No | ❌ No |
| Edit database (affects cost) | ✅ Yes | ✅ Yes | ❌ No | ❌ No |
| Create database (Fixed) | ✅ Yes | ✅ Yes | ✅ Yes | ❌ No |
| Edit database (no cost impact) | ✅ Yes | ✅ Yes | ✅ Yes | ❌ No |
| View subscription | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
| View database | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
GCP Marketplace team management
If you subscribed to Redis Enterprise Cloud using Google Cloud Platform (GCP) Marketplace, use the IAM section of the GCP console to manage your team.
To grant Redis Cloud access to a GCP user, select the Add button to add a member, insert the email address, and then assign the following roles to the user:
- To designate a viewer, assign
serviceusage.serviceUsageViewer&redisenterprisecloud.viewer - To designate an owner, assign
serviceusage.serviceUsageViewer&redisenterprisecloud.admin
If these roles are not available, you can add them to your project:
-
Select Manage Roles
-
Use the filter table field to locate the role. (Search for “service usage viewer” or “redis enterprise cloud admin”.)
-
Select the role by placing a checkmark in the checkbox
-
Select Create role from selection and then select Create
-
Use IAM to add a member and assign the desired role.
Users must sign into Redis Enterprise Cloud using their single sign-on credentials before they appear in the team member list.