Provided in a software-as-a-service setup by cloud providers. The Redis infrastructure for the other internal customers they have, or is Often provided as a managed service both by internal company teams that handle For instance there is no reason for a worker that fetches delayed jobs from Redis to be able to call the FLUSHALL command.Īnother typical usage of ACLs is related to managed Redis instances.
You want to improve operational safety, so that processes or humans accessing Redis are not allowed, because of software errors or manual mistakes, to damage the data or the configuration.For instance certain clients may just be able to execute read only commands. You want to improve security by restricting the access to commands and keys, so that untrusted clients have no access and trusted clients have just the minimum access level to the database in order to perform the work needed.Two main goals that are well served by ACLs: *When ACLs are usefulīefore using ACLs you may want to ask yourself what's the goal you want toĪccomplish by implementing this layer of protection. This provides perfect backward compatibility with the past.
Just specifying the password implies that we want to authenticate against What happens is that the username used to authenticate is "default", so When it is used according to the old form, that is: AUTH The Redis AUTH command was extended in Redis 6, so now it is possible to The old way to configure a password, using the requirepass configurationĭirective, still works as expected, but now what it does is just to In the default configuration, Redis 6 (the first version to have ACLs) worksĮxactly like older versions of Redis, that is, every new connection isĬapable of calling every possible command and accessing every key, so theĪCL feature is backward compatible with old clients and applications. The ability to provide only a specific subset of functionalities to connections Redis can be configured so that newĬonnections are already authenticated with a "default" user (this is theĭefault configuration), so configuring the default user has, as a side effect,
The authentication stage succeeded, the connection is associated with a given Is required to authenticate providing a username and a valid password: if The way it works is that, after connecting, a client The Redis ACL, short for Access Control List, is the feature that allows certainĬonnections to be limited in terms of the commands that can be executed and the