创建仅具有数据库访问权限的角色

创建仅具有数据库访问权限的角色。

Redis 企业软件

具有数据库访问权限的角色授予访问数据库数据并与之交互的能力。数据库访问权限是通过定义 Redis ACL 并将其添加到角色来确定的。

要创建授予数据库访问权限的角色,但不授予对 Redis Enterprise Cluster Manager UI 和 REST API 的访问权限,请执行以下作:

  1. 定义确定数据库访问权限的 Redis ACL

  2. 创建添加了 ACL 的角色,并将 Cluster management role (集群管理角色) 保留为 None

定义 Redis ACL

您可以使用集群管理器 UIREST API 来定义可分配给角色的 Redis ACL 规则。

Cluster Manager UI 方法

要使用集群管理器 UI 定义 Redis ACL 规则:

  1. Access Control > Redis ACL 中,您可以:

    • 指向 Redis ACL,然后选择 Edit (编辑) 按钮 编辑现有 Redis ACL。

    • 选择 + 添加 Redis ACL 以创建新的 Redis ACL。

  2. 输入 Redis ACL 的描述性名称。这将用于将 ACL 规则与角色关联。

  3. 定义 ACL 规则。有关 Redis ACL 规则和语法的更多信息,请参阅 Redis ACL 概述

    注意:
    ACL 生成器不支持选择器和密钥权限。使用 Free text 命令手动定义它们。

  4. 选择 Save (保存)。

注意:
对于多 slot 键上的多键命令,返回值为failure,但该命令在允许的键上运行。

REST API 方法

要使用 REST API 定义 Redis ACL 规则,请使用 create Redis ACL 请求。有关 Redis ACL 规则和语法的更多信息,请参阅 Redis ACL 概述

请求示例:

POST /v1/redis_acls
{ 
  "name": "Test_ACL_1",
  "acl": "+@read +FT.INFO +FT.SEARCH"
}

Example response body:

{ 
  "acl": "+@read +FT.INFO +FT.SEARCH",
  "name": "Test_ACL_1",
  "uid": 11
}

To associate the Redis ACL with a role and database, use the uid from the response as the redis_acl_uid when you add roles_permissions to the database. See Associate a database with roles and Redis ACLs for an example request.

Create roles with ACLs

To create a role that grants database access to users but blocks access to the Redis Enterprise Cluster Manager UI and REST API, set the Cluster management role to None.

Cluster Manager UI method

To define a role for database access using the Cluster Manager UI:

  1. From Access Control > Roles, you can:

    • Point to a role and select The Edit button to edit an existing role.

    • Select + Add role to create a new role.

    Add role with name

  2. Enter a descriptive name for the role. This will be used to reference the role when configuring users.

  3. Leave Cluster management role as the default None.

    Add role with name

  4. Select + Add ACL.

    Add role database acl

  5. Choose a Redis ACL and databases to associate with the role.

    Add databases to access

  6. Select the check mark The Check button to confirm.

  7. Select Save.

    Add databases to access

You can assign the new role to users to grant database access.

REST API method

To define a role for database access using the REST API:

  1. Create a role.

  2. Associate a database with roles and Redis ACLs.

Create a role

To create a role using the REST API:

POST /v1/roles
{ 
  "name": "<role-name>",
  "management": "none" 
}

Example response body:

{ 
  "management": "none",
  "name": "<role-name>",
  "uid": 7
}

To associate the role with a Redis ACL and database, use the uid from the response as the role_uid when you add roles_permissions to the database. See Associate a database with roles and Redis ACLs for an example request.

Associate a database with roles and Redis ACLs

Update a database's configuration to add roles_permissions with the role and Redis ACL:

POST /v1/bdbs/<database-id>
{
  "roles_permissions":
  [
    {
      "role_uid": <integer>,
      "redis_acl_uid": <integer>
    }
  ]
}
RATE THIS PAGE
Back to top ↑