Create roles with database access only
Create roles with database access only.
Redis Enterprise Software |
---|
Roles with database access grant the ability to access and interact with a database's data. Database access privileges are determined by defining Redis ACLs and adding them to roles.
To create a role that grants database access without granting access to the Redis Enterprise Cluster Manager UI and REST API:
-
Define Redis ACLs that determine database access privileges.
-
Create a role with ACLs added and leave the Cluster management role as None.
Define Redis ACLs
You can use the Cluster Manager UI or the REST API to define Redis ACL rules that you can assign to roles.
Cluster Manager UI method
To define a Redis ACL rule using the Cluster Manager UI:
-
From Access Control > Redis ACLs, you can either:
-
Enter a descriptive name for the Redis ACL. This will be used to associate the ACL rule with the role.
-
Define the ACL rule. For more information about Redis ACL rules and syntax, see the Redis ACL overview.
Note:The ACL builder does not support selectors and key permissions. Use Free text command to manually define them instead. -
Select Save.
failure
, but the command runs on the keys that are allowed.REST API method
To define a Redis ACL rule using the REST API, use a create Redis ACL request. For more information about Redis ACL rules and syntax, see the Redis ACL overview.
Example request:
POST /v1/redis_acls
{
"name": "Test_ACL_1",
"acl": "+@read +FT.INFO +FT.SEARCH"
}
Example response body:
{
"acl": "+@read +FT.INFO +FT.SEARCH",
"name": "Test_ACL_1",
"uid": 11
}
To associate the Redis ACL with a role and database, use the uid
from the response as the redis_acl_uid
when you add roles_permissions
to the database. See Associate a database with roles and Redis ACLs for an example request.
Create roles with ACLs
To create a role that grants database access to users but blocks access to the Redis Enterprise Cluster Manager UI and REST API, set the Cluster management role to None.
Cluster Manager UI method
To define a role for database access using the Cluster Manager UI:
-
From Access Control > Roles, you can:
-
Enter a descriptive name for the role. This will be used to reference the role when configuring users.
-
Leave Cluster management role as the default None.
-
Select + Add ACL.
-
Choose a Redis ACL and databases to associate with the role.
-
Select Save.
You can assign the new role to users to grant database access.
REST API method
To define a role for database access using the REST API:
Create a role
To create a role using the REST API:
POST /v1/roles
{
"name": "<role-name>",
"management": "none"
}
Example response body:
{
"management": "none",
"name": "<role-name>",
"uid": 7
}
To associate the role with a Redis ACL and database, use the uid
from the response as the role_uid
when you add roles_permissions
to the database. See Associate a database with roles and Redis ACLs for an example request.
Associate a database with roles and Redis ACLs
Update a database's configuration to add roles_permissions
with the role and Redis ACL:
POST /v1/bdbs/<database-id>
{
"roles_permissions":
[
{
"role_uid": <integer>,
"redis_acl_uid": <integer>
}
]
}