{
  "id": "create-db-roles",
  "title": "Create roles with database access only",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/security/access-control/create-db-roles/",
  "summary": "Create roles with database access only.",
  "content": "\nRoles with database access grant the ability to access and interact with a database's data. Database access privileges are determined by defining [Redis ACLs]() and adding them to roles.\n\nTo create a role that grants database access without granting access to the Redis Enterprise Cluster Manager UI and REST API:\n\n1. [Define Redis ACLs](#define-redis-acls) that determine database access privileges.\n\n1. [Create a role with ACLs](#create-roles-with-acls) added and leave the **Cluster management role** as **None**.\n\n## Define Redis ACLs\n\nYou can use the [Cluster Manager UI](#define-acls-ui) or the [REST API](#define-acls-rest-api) to define Redis ACL rules that you can assign to roles.\n\n### Cluster Manager UI method {#define-acls-ui}\n\nTo define a Redis ACL rule using the Cluster Manager UI:\n\n1. From **Access Control \u003e Redis ACLs**, you can either:\n\n    - Point to a Redis ACL and select  to edit an existing Redis ACL.\n\n    - Select **+ Add Redis ACL** to create a new Redis ACL.\n\n1. Enter a descriptive name for the Redis ACL. This will be used to associate the ACL rule with the role.\n\n1. Define the ACL rule. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]().\n\n    \nThe **ACL builder** does not support selectors and key permissions. Use **Free text command** to manually define them instead.\n    \n\n1. Select **Save**.\n\n\nFor multi-key commands on multi-slot keys, the return value is `failure`, but the command runs on the keys that are allowed.\n\n\n### REST API method {#define-acls-rest-api}\n\nTo define a Redis ACL rule using the REST API, use a [create Redis ACL]() request. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]().\n\nExample request:\n\n```sh\nPOST /v1/redis_acls\n{ \n  \"name\": \"Test_ACL_1\",\n  \"acl\": \"+@read +FT.INFO +FT.SEARCH\"\n}\n```\n\nExample response body:\n\n```json\n{ \n  \"acl\": \"+@read +FT.INFO +FT.SEARCH\",\n  \"name\": \"Test_ACL_1\",\n  \"uid\": 11\n}\n```\n\nTo associate the Redis ACL with a role and database, use the `uid` from the response as the `redis_acl_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request.\n\n## Create roles with ACLs\n\nTo create a role that grants database access to users but blocks access to the Redis Enterprise Cluster Manager UI and REST API, set the **Cluster management role** to **None**.\n\n### Cluster Manager UI method {#create-roles-ui}\n\nTo define a role for database access using the Cluster Manager UI:\n\n1. From **Access Control** \u003e **Roles**, you can:\n\n    - Point to a role and select  to edit an existing role.\n\n    - Select **+ Add role** to create a new role.\n\n    \n\n1. Enter a descriptive name for the role. This will be used to reference the role when configuring users.\n\n1. Leave **Cluster management role** as the default **None**.\n\n    \n    \n1. Select **+ Add ACL**.\n\n    \n\n1.  Choose a Redis ACL and databases to associate with the role.\n\n    \n\n1. Select the check mark  to confirm.\n\n1. Select **Save**.\n\n    \n\nYou can [assign the new role to users]() to grant database access.\n\n### REST API method {#define-roles-rest-api}\n\nTo define a role for database access using the REST API:\n\n1. [Create a role.](#create-role-rest-api)\n\n1. [Associate a database with roles and Redis ACLs.](#associate-roles-acls-rest-api)\n\n#### Create a role {#create-role-rest-api}\n\nTo [create a role]() using the REST API:\n\n```sh\nPOST /v1/roles\n{ \n  \"name\": \"\u003crole-name\u003e\",\n  \"management\": \"none\" \n}\n```\n\nExample response body:\n\n```json\n{ \n  \"management\": \"none\",\n  \"name\": \"\u003crole-name\u003e\",\n  \"uid\": 7\n}\n```\n\nTo associate the role with a Redis ACL and database, use the `uid` from the response as the `role_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request.\n\n\n#### Associate a database with roles and Redis ACLs {#associate-roles-acls-rest-api}\n\n[Update a database's configuration]() to add `roles_permissions` with the role and Redis ACL:\n\n```sh\nPOST /v1/bdbs/\u003cdatabase-id\u003e\n{\n  \"roles_permissions\":\n  [\n    {\n      \"role_uid\": \u003cinteger\u003e,\n      \"redis_acl_uid\": \u003cinteger\u003e\n    }\n  ]\n}\n```\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00"
}