Role-based access control allows you to scale your Redis deployments while minimizing the overhead involved in managing a cluster with many databases, multiple users, and various access control lists. With RBAC, you can create a role once and then deploy it across multiple databases in the cluster.

You can configure roles with standard or custom templates for database permissions that are based on the Redis ACL syntax. Redis Enterprise allows you to restrict database operations by command, command category, key pattern, and pub/sub channel. Keys are typically restricted based on a namespace using a glob-style wildcard.

The role CacheReader demonstrated below has been given the ACL rule +get ~cache:*. Users with this role can access a key prefixed with cached: and the GET command only. This lets them access the key cached:foo with the command GET but does not give them access to the SET command. This role cannot access the key foo because it is not prefixed with cached:.


To learn more, see the Redis ACL rules documentation.