Article directory
Introduction to ACL
ACL is the abbreviation of Access Control List, a feature that allows certain connections to be restricted based on the commands that can be executed and the keys that can be accessed
Comparison between old and new versions
- Before Redis 5 version: Redis security rules only have password control and use rename to adjust high-risk commands such as flushdb, KEYS*, shutdown, etc.
- After Redis version 6: Provide ACL function to control users' more fine-grained permissions:
(1) Access permissions: user name and password
(2) Executable commands
(3) Operable KEY
Common commands
acl list
Show user permission list
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
2) "user zwb off resetchannels -@all"
acl cat
- View the Add Permissions Directive Category
- Add the parameter type name to view the specific commands under the type.
acl whoami
View current user
acl set user
Create and edit user ACLs
- ACL Rules
Below is a list of valid ACL rules. Some rules are just single words used to activate or remove a flag, or perform a given change to a user's ACL. Other rules are character prefixes that are concatenated with command or category names, key patterns, and so on.
- Create new user with command default permissions
acl setuser ***
User does not exist: Create user with default attributes of just created User
already exists: Above command does nothing - Set the user name, password, ACL permissions, and enable
acl setuser *** on >password ~cached:* +get
- Switch users and verify permission effects
- Switch user: auth *** password
- Verify permission effect