The Access management screen helps you manage:

  • The team of users allowed to access your subscription and its databases
  • The API keys that authenticate application access to your account
  • Single sign-on (SSO) with SAML

Here, you learn how to manage your team’s users and to control their level of access.

If your Redis Enterprise Cloud subscription is managed through Google Cloud Platform (GCP) marketplace, see GCP Marketplace team management for help.

For help managing API keys, see Manage API keys.

Manage team access

The Team tab lets you manage the people allowed to access your account. Each authorized person is assigned to a role that specifies their privileges.

The Access management tab helps you manage the people allowed to access your subscription.

The list contains one entry summarizing the team settings for each user in your team. By default, the list includes the account owner.

The list includes several buttons and icons to help you manage the list:

Icon Description
Use the Add button to add members to your team. The Add button lets you add members to your team
Use the Edit button change details for a team member. The Edit button lets you edit the settings for the selected team member
Use the Delete button to remove a member from your team. The Delete button lets you remove members from your team
Use the Filter button to display team members that match specified conditions. Filter icons let you display team members matching conditions you specify
The Sort ascending button displays members in ascending order according to the values of the selected field. The Sort descending button displays members in descending order according to the values of the selected field. The Sort ascending and Sort descending icons display the list according to the selected order

If you have a large team, you can use the controls in the list footer to navigate quickly through the list. These controls are deactivated for small teams.

Add user

When you add a member to your team, the Add user dialog appears.

Use the Add User dialog to specify the details for your new user.

Use this dialog to specify the following values:

Setting Description
Name Name of the user displayed in the admin console and in email messages
Role The role identifies their subscription and account privileges. For details, see Team management roles.
Email The address used for alerts and other email messages regarding the account
Alert emails Enable to be notified when subscription databases cross certain thresholds, such as exceeding memory limits or latency requirements
Operational emails Notifications about subscription and database changes, such as creating or deleting a database
Billing emails Notifications when bills are issued, paid, and so on
Multi-factor authentication Whether MFA is enabled for the member. This is deactivated when members have not enabled or confirmed MFA in their user profile settings

Use the Add user button to save your new team member details.

Edit user

To edit user team details, select the user from the list and then select the Edit button.

When you do this, the Edit user dialog displays the details you can change.

Use the Edit User dialog to change the details for a user.

You can change any detail except the team member’s email address.

Use the Save user button to save your changes.

Delete user

To remove a member from your team, select them from the list and then select the Delete button. When you do this, a confirmation dialog appears.

Use the confirm that you want to remove a user from your team.

Select the Delete user button to confirm removal. This action is permanent and cannot be undone.

Team management roles

Each team member is assigned a role that identifies their privileges and limits their activities in the admin console.

The following roles are available:

  • Owner - Can view, create, and edit any settings in the account

    Each subscription must have at least one account owner. Accounts can have multiple owners.

    Owners can also manage subscriptions, databases, and API keys.

  • Manager - Can view, create, and edit any setting in the subscription

    Managers can change subscription costs and change the payment methods associated with a subscription, but they cannot cannot add/remove available payment methods.

  • Member - Can view, create, and edit databases in Fixed accounts

    Members may not impact costs associated with Flexible accounts; this means they cannot create databases or edit databases in ways that impact subscription cost.

  • Viewer - Can view all databases and their configurations (including database secrets)

The following table shows each role’s ability to perform common tasks using the admin console:

Task Owner Manager Member Viewer
Access management ✅ Yes ❌ No ❌ No ❌ No
Account settings ✅ Yes ❌ No ❌ No ❌ No
Billing & payments ✅ Yes ❌ No ❌ No ❌ No
Create subscription ✅ Yes ✅ Yes ❌ No ❌ No
Create database (Flexible) ✅ Yes ✅ Yes ❌ No ❌ No
Edit database (affects cost) ✅ Yes ✅ Yes ❌ No ❌ No
Create database (Fixed) ✅ Yes ✅ Yes ✅ Yes ❌ No
Edit database (no cost impact) ✅ Yes ✅ Yes ✅ Yes ❌ No
View subscription ✅ Yes ✅ Yes ✅ Yes ✅ Yes
View database ✅ Yes ✅ Yes ✅ Yes ✅ Yes

GCP Marketplace team management

If you subscribed to Redis Enterprise Cloud using Google Cloud Platform (GCP) Marketplace, use the IAM section of the GCP console to manage your team.

To grant Redis Cloud access to a GCP user, select the Add button to add a member, insert the email address, and then assign the following roles to the user:

  • To designate a viewer, assign serviceusage.serviceUsageViewer & redisenterprisecloud.viewer
  • To designate an owner, assign serviceusage.serviceUsageViewer & redisenterprisecloud.admin

If these roles are not available, you can add them to your project:

  1. Select Manage Roles

  2. Use the filter table field to locate the role. (Search for “service usage viewer” or “redis enterprise cloud admin”.)

  3. Select the role by placing a checkmark in the checkbox

  4. Select Create role from selection and then select Create

  5. Use IAM to add a member and assign the desired role.

Users must sign into Redis Enterprise Cloud using their single sign-on credentials before they appear in the team member list.