Role-based access control (RBAC)
Role-based access control (RBAC) allows you to configure the level of access each user has to a Redis Enterprise cluster’s admin console, REST API, and databases. To grant permissions, assign predefined or custom roles to a user. You can create a role once and then deploy it across multiple databases in the cluster.
Role types
You can create custom user roles that determine cluster management permissions, data access permissions, or a combination of both.
Management roles determine user access to the cluster’s admin console and REST API.
Data access controls determine the permissions each role grants for each database in the cluster.
Multiple users can share the same role.
Access control screen
The Access Control screen has the following tabs:
Users - Create users and assign a role to each user to grant access to the admin console, REST API, or databases.
Roles - Create roles. Each role consists of a set of permissions (Redis ACLs) for one or more Redis databases. You can reuse these roles for multiple users.
Redis ACLs - Define named permissions for specific Redis commands, keys, and pub/sub channels. Redis version 7.2 lets you specify read and write access for key patterns and use selectors to define multiple sets of rules in a single Redis ACL. You can use defined Redis ACLs for multiple databases and roles.
LDAP Mappings - Map LDAP groups to access control roles.
Settings - Additional access control settings, such as default permissions for pub/sub ACLs.
Active-Active databases
Users, roles, and Redis ACLs are cluster-level entities, which means:
They apply to the local participating cluster and Active-Active database instance.
They do not replicate or propagate to the other participating clusters and instances.
ACLs are enforced according to the instance connected to the client. The Active-Active replication mechanism propagates all the effects of the operation.