{
  "id": "create-cluster-roles",
  "title": "Create roles with cluster access only",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/security/access-control/create-cluster-roles/",
  "summary": "Create roles with cluster access only.",
  "content": "\nRoles with cluster access allow access to the Cluster Management UI and REST API.\n\n## Default management roles\n\nRedis Enterprise Software includes five predefined roles that determine a user's level of access to the Cluster Manager UI and [REST API]().\n\n1. **DB Viewer** - Read database settings\n1. **DB Member** - Administer databases\n1. **Cluster Viewer** - Read cluster settings\n1. **Cluster Member** - Administer the cluster\n1. **User Manager** - Administer users\n1. **Admin** - Full cluster access\n1. **None** - For data access only - cannot access the Cluster Manager UI or use the REST API\n\nFor more details about the privileges granted by each of these roles, see [Cluster Manager UI permissions](#cluster-manager-ui-permissions) or [REST API permissions]().\n\n## Cluster Manager UI permissions\n\nHere's a summary of the Cluster Manager UI actions permitted by each default management role:\n\n| Action | DB Viewer | DB Member | Cluster Viewer | Cluster Member | Admin | User Manager |\n|--------|:---------:|:---------:|:--------------:|:-----------:|:------:|:------:|\n| Create, edit, delete users and LDAP mappings | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| Create support package | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e |\n| Edit database configuration | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e |\n| Reset slow log | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e |\n| View cluster configuration | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| View cluster logs | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e\u003cbr /\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e\u003cbr /\u003e |\n| View cluster metrics | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| View database configuration | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| View database metrics | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| View node configuration | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| View node metrics | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| View Redis database password | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e |\n| View slow log | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e |\n| View and edit cluster settings | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e | \u003cspan title=\"Allowed\"\u003e\u0026#x2705; Yes\u003c/span\u003e | \u003cspan title=\"Not allowed\"\u003e\u0026#x274c; No\u003c/span\u003e |\n\n## Create roles for cluster access {#create-cluster-role}\n\nYou can use the [Cluster Manager UI](#create-roles-ui) or the [REST API](#define-roles-rest-api) to create a role that grants cluster access but does not grant access to any databases.\n\n### Cluster Manager UI method {#create-roles-ui}\n\nTo create a role that grants cluster access:\n\n1. From **Access Control** \u003e **Roles**, you can:\n\n    - Point to a role and select  to edit an existing role.\n\n    - Select **+ Add role** to create a new role.\n\n    \n\n1. Enter a descriptive name for the role.\n\n1. Choose a **Cluster management role** to determine cluster management permissions.\n\n    \n    \n1. To prevent database access when using this role, do not add any ACLs.\n\n1. Select **Save**.\n\nYou can [assign the new role to users]() to grant cluster access.\n\n### REST API method {#define-roles-rest-api}\n\nTo [create a role]() that grants cluster access:\n\n```sh\nPOST /v1/roles\n{ \n  \"name\": \"\u003crole-name\u003e\",\n  \"management\": \"db_viewer | db_member | cluster_viewer | cluster_member | user_manager | admin\" \n}\n```\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00"
}