I have a user user1 and I need to restrict user1 from accessing database 2. How can I achieve this using ACL? The user should be able to access any other databases.
Asked
Active
Viewed 1,938 times
3
Sumukha Tumkur Vani
- 33
- 3
2 Answers
2
ACL isn't designed for that, and I don't recommend using Redis' logical databases for multi-tenancy - just use a different Redis instance for each user.
That said, something like this should work:
ACL SETUSER user1 ... -@all +select|1
Itamar Haber
- 47,336
- 7
- 91
- 117
-
Can you explain the `-select|2` part? – Sumukha Tumkur Vani Jul 24 '20 at 16:15
-
Sorry for misleading - I've edited the answer to what *is* supported. – Itamar Haber Jul 26 '20 at 17:43
-
1Note that the ACL above is only applied to the `select` command. The user can still access the database when it is specified as initial database for the connection (e.g. `redis-cli -n 1`). See https://github.com/redis/redis/issues/8099 for details. – fnkr Aug 30 '21 at 16:25
-
3The ACL rules provided in the Github issue mentioned seem to work better for me: `ACL SETUSER user1 on >password +@all ~* -select +select|1` The ACL rules in the accepted answer seem to only allow for `SELECT 1`, and nothing else. – bakavic Oct 03 '22 at 04:58
-
2`-select` just stop the user change database when login,but the user still has access to other logic database when login into other database. there is also concern do not use database in the future https://github.com/redis/redis/issues/8099#issuecomment-741868975 – zyfyy Jan 27 '23 at 14:28
0
-select only stop switch database when logined.
user still have access to other database.
i think we just should not use database any more: https://github.com/redis/redis/issues/8099
zyfyy
- 323
- 3
- 10