Create roles with cluster access only
Create roles with cluster access only.
Redis Enterprise Software |
---|
Roles with cluster access allow access to the Cluster Management UI and REST API.
Default management roles
Redis Enterprise Software includes five predefined roles that determine a user's level of access to the Cluster Manager UI and REST API.
- DB Viewer - Read database settings
- DB Member - Administer databases
- Cluster Viewer - Read cluster settings
- Cluster Member - Administer the cluster
- User Manager - Administer users
- Admin - Full cluster access
- None - For data access only - cannot access the Cluster Manager UI or use the REST API
For more details about the privileges granted by each of these roles, see Cluster Manager UI permissions or REST API permissions.
Cluster Manager UI permissions
Here's a summary of the Cluster Manager UI actions permitted by each default management role:
Action | DB Viewer | DB Member | Cluster Viewer | Cluster Member | Admin | User Manager |
---|---|---|---|---|---|---|
Create, edit, delete users and LDAP mappings | ❌ No | ❌ No | ❌ No | ❌ No | ✅ Yes | ✅ Yes |
Create support package | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No |
Edit database configuration | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No |
Reset slow log | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No |
View cluster configuration | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View cluster logs | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
✅ Yes |
View cluster metrics | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View database configuration | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View database metrics | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View node configuration | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View node metrics | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View Redis database password | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes |
View slow log | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No |
View and edit cluster settings | ❌ No | ❌ No | ❌ No | ❌ No | ✅ Yes | ❌ No |
Create roles for cluster access
You can use the Cluster Manager UI or the REST API to create a role that grants cluster access but does not grant access to any databases.
To create a role that grants cluster access using the Cluster Manager UI:
-
From Access Control > Roles, you can:
-
Select a role from the list of existing roles to edit it.
-
Click + Add role to create a new role.
-
-
Enter a descriptive name for the role.
-
Choose a Management role to determine cluster management permissions.
-
To prevent database access when using this role, do not add any ACLs.
-
Click Save.
You can assign the new role to users to grant cluster access.