Overview - ACL rules and categories

What is it?

ACL rules and categories in Redis are a way to control who can do what with the database. ACL stands for Access Control List, which means a list of permissions assigned to users. These rules define which commands or keys a user can access or modify. This helps keep the database safe and organized by limiting access.

Why it matters

Without ACL rules, anyone who connects to Redis could run any command, which can cause data loss, security breaches, or accidental mistakes. ACL rules protect sensitive data and operations by giving users only the permissions they need. This is especially important in shared environments or production systems where many people or applications use the same Redis server.

Where it fits

Before learning ACL rules, you should understand basic Redis commands and how users connect to Redis. After mastering ACL rules, you can learn about Redis security best practices and advanced user management.

Mental Model

Core Idea

ACL rules in Redis are like a security guard who checks a list of allowed actions for each user before letting them do anything.

Think of it like...

Imagine a library where each visitor has a card that says which sections they can enter and which books they can borrow. The ACL rules are like those cards, controlling access to different parts of the library.

┌─────────────┐       ┌───────────────┐       ┌───────────────┐
│   User A    │──────▶│  ACL Rules    │──────▶│ Allowed Cmds  │
│ (username)  │       │ (permissions) │       │ & Key Access  │
└─────────────┘       └───────────────┘       └───────────────┘

Each user has a set of ACL rules that define which commands and keys they can use.

Build-Up - 7 Steps

1

FoundationWhat is Redis ACL and Users

Concept: Introduction to Redis ACL system and user management.

Redis ACL allows you to create users with specific permissions. Each user can have a password and a set of rules that control what commands and keys they can access. By default, Redis has a default user with no password and full access, but you can create new users with limited rights.

Result

You understand that Redis ACL is about creating users and controlling their access.

Knowing that Redis ACL is user-based helps you see how permissions are tied to identities, not just commands.

2

FoundationBasic ACL Rule Syntax

3

IntermediateCommand Categories in ACL

4

IntermediateKey Patterns and Access Control

5

IntermediateCombining Command and Key Rules

6

AdvancedACL Categories and Dangerous Commands

7

ExpertACL Rule Evaluation and Performance

Under the Hood

Redis stores ACL users and their rules in memory. When a command arrives, Redis identifies the user by their connection, then checks the command against allowed commands and the key against allowed patterns. This check uses efficient data structures like tries and hash tables to quickly match commands and keys. If the command or key is not allowed, Redis rejects the command immediately.

Why designed this way?

This design balances security and speed. Checking permissions on every command prevents unauthorized access even if rules change dynamically. Using categories and patterns reduces the number of rules needed, making the system scalable. Alternatives like static permissions or external authorization would slow down Redis or complicate management.

┌───────────────┐       ┌───────────────┐       ┌───────────────┐
│ Client sends  │──────▶│ Identify User │──────▶│ Check ACL     │
│ command/key   │       │ by connection │       │ rules: cmds & │
└───────────────┘       └───────────────┘       │ keys patterns │
                                                └───────────────┘
                                                      │
                                                      ▼
                                           ┌─────────────────────┐
                                           │ Allow or Deny cmd   │
                                           └─────────────────────┘

Myth Busters - 4 Common Misconceptions

Quick: Does allowing a command automatically allow access to all keys for that command? Commit yes or no.

Common Belief:If a command is allowed, the user can run it on any key.

Tap to reveal reality

Quick: Do you think denying a command category overrides individual command allowances? Commit yes or no.

Common Belief:Denying a category blocks all commands in it, even if individually allowed.

Tap to reveal reality

Quick: Can Redis ACL rules be bypassed by connecting without authentication? Commit yes or no.

Common Belief:If a user connects without authentication, ACL rules do not apply.

Tap to reveal reality

Quick: Do you think all Redis commands are included in ACL categories? Commit yes or no.

Common Belief:All commands are grouped into categories for ACL.

Tap to reveal reality

Expert Zone

1

ACL rules are evaluated per command, so complex key patterns can slow down command processing subtly under heavy load.

2

The default user in Redis has no password and full access unless explicitly changed, which is a common security risk if left unchanged.

3

Redis ACL supports command renaming to disable commands by renaming them to empty strings, adding another layer of control beyond ACL rules.

When NOT to use

ACL rules are not suitable for very dynamic or context-dependent permissions, such as per-session or per-IP restrictions. In such cases, use external proxy layers or application-level access control. Also, ACL is not a replacement for network-level security or encryption.

Production Patterns

In production, teams often create multiple users with roles like 'read-only', 'write-only', and 'admin', using command categories and key patterns to enforce least privilege. They also regularly audit ACL rules and disable the default user. Some use ACL in combination with Redis Sentinel or Cluster for secure multi-node setups.

Connections

Role-Based Access Control (RBAC)

Redis ACL rules implement a form of RBAC by assigning permissions to users based on roles defined by command categories and key patterns.

Understanding RBAC concepts helps grasp how Redis ACL organizes permissions efficiently and securely.

Firewall Rules

Both Redis ACL and firewall rules filter allowed actions based on defined policies, controlling access to resources.

Knowing firewall principles clarifies why ACL rules must be precise and carefully ordered to avoid security gaps.

Library Borrowing Systems

Like ACL controls user access to commands and keys, library systems control which books or sections a visitor can access based on their membership type.

This cross-domain connection shows how access control is a universal problem solved by similar patterns.

Common Pitfalls

#1Allowing all commands but forgetting to restrict keys.

Wrong approach:ACL SETUSER alice on >password +@all

Correct approach:ACL SETUSER alice on >password +@all ~user:alice:*

Root cause:Misunderstanding that command allowance alone does not restrict key access, leading to over-permission.

#2Denying a command category after allowing individual commands in it.

Wrong approach:ACL SETUSER bob on >password +GET +SET -@write

Correct approach:ACL SETUSER bob on >password +GET +SET

Root cause:Not realizing deny rules override allow rules, causing unexpected denials.

#3Leaving the default user enabled with no password.

Wrong approach:No changes to default user after Redis installation.

Correct approach:ACL SETUSER default off

Root cause:Assuming default user is secure by default, exposing Redis to unauthorized access.

Key Takeaways

Redis ACL rules control user permissions by combining allowed commands and key patterns.

Command categories simplify permission management but require careful use to avoid blocking needed commands.

ACL checks happen on every command, so rules should be efficient to maintain performance.

Misunderstanding rule precedence or key pattern matching can cause security risks or access problems.

In production, always disable the default user and use least privilege principles with ACL.