创建具有组合访问权限的角色

创建具有集群和数据库访问权限的角色。

Redis 企业软件

要创建授予数据库访问权限并允许访问集群管理 UI 和 REST API 的角色,请执行以下作:

  1. 定义确定数据库访问权限的 Redis ACL

  2. 创建添加了 ACL 的角色,然后选择除 None 之外的 Cluster management 角色

定义 Redis ACL

您可以使用集群管理器 UIREST API 来定义可分配给角色的 Redis ACL 规则。

Cluster Manager UI 方法

要使用集群管理器 UI 定义 Redis ACL 规则:

  1. Access Control > Redis ACL 中,您可以:

    • 指向 Redis ACL,然后选择 Edit (编辑) 按钮 编辑现有 Redis ACL。

    • 选择 + 添加 Redis ACL 以创建新的 Redis ACL。

  2. 输入 Redis ACL 的描述性名称。这将用于将 ACL 规则与角色关联。

  3. 定义 ACL 规则。有关 Redis ACL 规则和语法的更多信息,请参阅 Redis ACL 概述

    注意:
    ACL 生成器不支持选择器和密钥权限。使用 Free text 命令手动定义它们。

  4. 选择 Save (保存)。

注意:
对于多 slot 键上的多键命令,返回值为failure,但该命令在允许的键上运行。

REST API 方法

要使用 REST API 定义 Redis ACL 规则,请使用 create Redis ACL 请求。有关 Redis ACL 规则和语法的更多信息,请参阅 Redis ACL 概述

请求示例:

POST /v1/redis_acls
{ 
  "name": "Test_ACL_1",
  "acl": "+@read +FT.INFO +FT.SEARCH"
}

Example response body:

{ 
  "acl": "+@read +FT.INFO +FT.SEARCH",
  "name": "Test_ACL_1",
  "uid": 11
}

To associate the Redis ACL with a role and database, use the uid from the response as the redis_acl_uid when you add roles_permissions to the database. See Associate a database with roles and Redis ACLs for an example request.

Create roles with ACLs and cluster access

You can create a role that grants database access privileges and allows access to the Cluster Management UI and REST API.

Cluster Manager UI method

To define a role for combined access using the Cluster Manager UI:

  1. From Access Control > Roles, you can:

    • Point to a role and select The Edit button to edit an existing role.

    • Select + Add role to create a new role.

    Add role with name

  2. Enter a descriptive name for the role. This will be used to reference the role when configuring users.

  3. Choose a Cluster management role other than None. For details about permissions granted by each role, see Cluster Manager UI permissions and REST API permissions.

    Add role with name

  4. Select + Add ACL.

    Add role database acl

  5. Choose a Redis ACL and databases to associate with the role.

    Add databases to access

  6. Select the check mark The Check button to confirm.

  7. Select Save.

    Add databases to access

You can assign the new role to users to grant database access and access to the Cluster Manager UI and REST API.

REST API method

To define a role for combined access using the REST API:

  1. Create a role.

  2. Associate a database with roles and Redis ACLs.

Create a role

To create a role using the REST API:

POST /v1/roles
{ 
  "name": "<role-name>",
  "management": "db_viewer | db_member | cluster_viewer | cluster_member | admin" 
}

Example response body:

{ 
  "management": "admin",
  "name": "<role-name>",
  "uid": 7
}

To associate the role with a Redis ACL and database, use the uid from the response as the role_uid when you add roles_permissions to the database. See Associate a database with roles and Redis ACLs for an example request.

Associate a database with roles and Redis ACLs

Update a database's configuration to add roles_permissions with the role and Redis ACL:

POST /v1/bdbs/<database-id>
{
  "roles_permissions":
  [
    {
      "role_uid": <integer>,
      "redis_acl_uid": <integer>
    }
  ]
}
RATE THIS PAGE
Back to top ↑