Concept Flow - ACL system for user permissions

Start: Define Users and Roles

↓

Assign Permissions to Roles

↓

Assign Roles to Users

↓

User Requests Access

↓

Check User's Roles

↓

Check Permissions in Roles

↓

Allow or Deny Access

The ACL system starts by defining users and roles, assigning permissions to roles, then roles to users. When a user requests access, the system checks their roles and permissions to allow or deny access.

Execution Sample

Redis

ACL SETUSER alice on >password ~* +GET +SET
ACL SETUSER bob on >bobpass ~* +GET
ACL CAT alice
ACL WHOAMI

This code creates two users with different permissions, lists alice's permissions, and checks the current user.

Execution Table

Step	Command	Action	Result	Notes
1	ACL SETUSER alice on >password ~* +GET +SET	Create user alice with GET and SET permissions	User alice created and enabled	User alice can GET and SET
2	ACL SETUSER bob on >bobpass ~* +GET	Create user bob with GET permission only	User bob created and enabled	User bob can only GET
3	ACL CAT alice	List alice's permissions	Permissions: GET, SET	Shows alice's allowed commands
4	ACL WHOAMI	Show current user	Output: default	No user authenticated yet
5	AUTH alice password	Authenticate as alice	Authentication successful	User alice logged in
6	ACL WHOAMI	Show current user	Output: alice	Now commands run as alice
7	EXECUTE SET command	Check if alice can SET	Allowed	alice has +SET permission
8	AUTH bob bobpass	Authenticate as bob	Authentication successful	User bob logged in
9	EXECUTE SET command	Check if bob can SET	Denied	bob lacks +SET permission
10	EXECUTE GET command	Check if bob can GET	Allowed	bob has +GET permission
11	AUTH wronguser wrongpass	Authenticate with wrong credentials	Authentication failed	Access denied
12	EXECUTE any command	Without authentication	Allowed	Default user has full access
13	ACL DELUSER alice	Delete user alice	User alice deleted	alice no longer exists
14	ACL LIST	List all users	Users: bob	Only bob remains

💡 Execution stops after all commands processed and users managed

Variable Tracker

Variable	Start	After Step 1	After Step 2	After Step 5	After Step 8	After Step 13	Final
Users	{}	{"alice": {"permissions": ["GET", "SET"], "enabled": true}}	{"alice": {...}, "bob": {"permissions": ["GET"], "enabled": true}}	{"alice": {...}, "bob": {...}, "current_user": "alice"}	{"alice": {...}, "bob": {...}, "current_user": "bob"}	{"bob": {"permissions": ["GET"], "enabled": true}, "current_user": "bob"}	{"bob": {"permissions": ["GET"], "enabled": true}, "current_user": "bob"}
Current User	none	none	none	alice	bob	bob	bob

Key Moments - 3 Insights

Why does bob get denied when trying to execute a SET command?

What happens if a user tries to run commands without authenticating?

After deleting alice, can she still run commands?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table at step 6. What is the current user after authenticating as alice?

Abob

Bdefault

Calice

Dnone

Concept Snapshot

ACL system in Redis:
- Define users with ACL SETUSER
- Assign permissions (+GET, +SET) and keys (~*)
- Authenticate users with AUTH
- Check current user with ACL WHOAMI
- Permissions control command access
- Delete users with ACL DELUSER

Full Transcript

This visual execution trace shows how Redis ACL system manages user permissions. First, users alice and bob are created with different permissions. Alice has GET and SET, bob only GET. When users authenticate, the system sets the current user. Commands are allowed or denied based on the user's permissions. Without authentication, commands run as default user. Deleting a user removes their access. This step-by-step trace helps beginners see how ACL commands affect user permissions and access control.