Enable Role-based access control

Lets you define multiple users with fine-grained data authorization features.

Role-based access control (RBAC) lets you define roles with specific sets of permissions. You can then assign users to these roles to provide appropriate levels of access.

RBAC effectively lets you implement the principle of least privilege. For example, you can provide read-only access to an application whose only job is to display Redis data. Similarly, you can prevent new developers from running dangerous administrative commands.

Set up RBAC

To set up RBAC, first navigate to the Data Access Control screen.

There are three tabs on this screen: Users, Roles, and Redis ACLs.

In the Redis ACLs tab, you define named permissions for specific Redis commands, keys, and pub/sub channels.

Data access control screen.

In the Roles tab, you create roles. Each role consists of a set of permissions for one or more Redis Cloud databases.

Data access control screen.

Finally, in the Users tab, you create users and assign each user a role.

Data access control screen.
Database access users are different from account access users. To learn more, see Access management.

Redis ACLs vs. Redis Cloud RBAC

In Redis, you can create users and assign ACLs to them using the ACL command. However, Redis does not support generic roles.

In Redis Cloud, you configure RBAC using the Redis Cloud console. As a result, certain Redis ACL subcommands are not available in Redis Cloud. The following table shows which ACL commands are supported.

Command Supported
ACL CAT ✅ Supported
ACL DELUSER ❌ Not supported
ACL DRYRUN ✅ Supported
ACL GENPASS ❌ Not supported
ACL GETUSER ✅ Supported
ACL HELP ✅ Supported
ACL LIST ✅ Supported
ACL LOAD ❌ Not supported
ACL LOG ❌ Not supported
ACL SAVE ❌ Not supported
ACL SETUSER ❌ Not supported
ACL USERS ✅ Supported
ACL WHOAMI ✅ Supported

In Redis, you must explicitly provide access to the MULTI, EXEC, and DISCARD commands. In Redis Cloud, these commands, which are used in transactions, are always permitted. However, the commands run within the transaction block are subject to RBAC permissions.

When you run multi-key commands on multi-slot keys, the return value is failure but the command runs on the keys that are allowed.

Back to top ↑