Redis ACL command syntax

Redis ACLs are defined by a Redis syntax where you specify the commands or command categories that are allowed for specific keys.

Note:
Redis Enterprise modules do not have a command category.

Redis Enterprise lets you:

  • Include commands and categories with the “+” prefix for commands or “[email protected]” prefix for command categories.
  • Exclude commands and categories with the “-” prefix for commands or “[email protected]” prefix for command categories.
  • Include keys or key patterns with the “~” prefix.

To define database access control, you can:

  • Use the predefined user roles and add Redis ACLs for specific databases.
  • Create new user roles and select the management roles and Redis ACLs that apply to the user roles for specific databases.
  • Assign roles and Redis ACLs to a database in the access control list section of the database configuration.

The predefined Redis ACLs are:

  • Full Access - All commands are allowed on all keys.
  • Not Dangerous - All commands are allowed except those that are administrative, could affect availability, or could affect performance.
  • Read Only - Only read-only commands are allowed on keys.

Configure Redis ACLs

To configure a Redis ACL rule that you can assign to a user role:

  1. From access control > redis acls, you can either:

    • Point to a Redis ACL and select Edit to edit an existing Redis ACL.

    • Select Add to create a new Redis ACL.

  2. Enter a descriptive name for the Redis ACL. This will be used to reference the ACL rule to the role.

  3. Define the ACL rule.

  4. Select Save.

Note:

In Redis Enterprise:

  • External users are not currently supported for database authentication.
  • For multi-key commands on multi-slot keys, the return value is failure but the command runs on the keys that are allowed.

Blocked ACL commands

The following ACL commands are blocked in Redis Enterprise:

  • LOAD
  • SAVE
  • SETUSER
  • DELUSER
  • GENPASS
  • LOG

Allowed ACL subcommands

The following ACL subcommands are allowed in Redis Enterprise:

  • LIST
  • USER
  • GETUSER
  • CAT
  • WHOAMI
  • HELP
Note:
The MULTI, EXEC, DISCARD commands are always allowed, but ACLs are enforced on MULTI subcommands.