Create roles with cluster access only
Create roles with cluster access only.
Roles with cluster access allow access to the Cluster Management UI and REST API.
Default management roles
Redis Enterprise Software includes five predefined roles that determine a user's level of access to the Cluster Manager UI and REST API.
- DB Viewer - Read database settings
- DB Member - Administer databases
- Cluster Viewer - Read cluster settings
- Cluster Member - Administer the cluster
- Admin - Full cluster access
- None - For data access only - cannot access the Cluster Manager UI or use the REST API
For more details about the privileges granted by each of these roles, see Cluster Manager UI permissions or REST API permissions.
Cluster Manager UI permissions
Here's a summary of the Cluster Manager UI actions permitted by each default management role:
Action | DB Viewer | DB Member | Cluster Viewer | Cluster Member | Admin |
---|---|---|---|---|---|
Create support package | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes |
Edit database configuration | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes |
Reset slow log | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes |
View cluster configuration | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes |
View cluster logs | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View cluster metrics | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes |
View database configuration | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View database metrics | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
View node configuration | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes |
View node metrics | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes |
View Redis database password | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes |
View slow log | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes |
View and edit cluster settings | ❌ No | ❌ No | ❌ No | ❌ No | ✅ Yes |
Create roles for cluster access
To create a role that grants cluster access but does not grant access to any databases:
-
From Access Control > Roles, you can:
-
Enter a descriptive name for the role.
-
Choose a Cluster management role to determine cluster management permissions.
-
To prevent database access when using this role, do not add any ACLs.
-
Select Save.
You can assign the new role to users to grant cluster access.