diff options
| author | Madelyn Olson <34459052+madolson@users.noreply.github.com> | 2022-01-20 13:05:27 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-20 13:05:27 -0800 |
| commit | 55c81f2cd3da82f9f570000875e006b9046ddef3 (patch) | |
| tree | eeb2a2f7d9403ddd2026b448da541da4a874b783 /redis.conf | |
| parent | 10bbeb68377bc2b20442e6578183dbc61fb57ec3 (diff) | |
| download | redis-55c81f2cd3da82f9f570000875e006b9046ddef3.tar.gz | |
ACL V2 - Selectors and key based permissions (#9974)
* Implemented selectors which provide multiple different sets of permissions to users
* Implemented key based permissions
* Added a new ACL dry-run command to test permissions before execution
* Updated module APIs to support checking key based permissions
Co-authored-by: Oran Agra <oran@redislabs.com>
Diffstat (limited to 'redis.conf')
| -rw-r--r-- | redis.conf | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/redis.conf b/redis.conf index a433e4fc4..c31203ecc 100644 --- a/redis.conf +++ b/redis.conf @@ -871,6 +871,10 @@ replica-priority 100 # commands. For instance ~* allows all the keys. The pattern # is a glob-style pattern like the one of KEYS. # It is possible to specify multiple patterns. +# %R~<pattern> Add key read pattern that specifies which keys can be read +# from. +# %W~<pattern> Add key write pattern that specifies which keys can be +# written to. # allkeys Alias for ~* # resetkeys Flush the list of allowed keys patterns. # &<pattern> Add a glob-style pattern of Pub/Sub channels that can be @@ -896,6 +900,14 @@ replica-priority 100 # reset Performs the following actions: resetpass, resetkeys, off, # -@all. The user returns to the same state it has immediately # after its creation. +# (<options>) Create a new selector with the options specified within the +# parentheses and attach it to the user. Each option should be +# space separated. The first character must be ( and the last +# character must be ). +# clearselectors Remove all of the currently attached selectors. +# Note this does not change the "root" user permissions, +# which are the permissions directly applied onto the +# user (outside the parentheses). # # ACL rules can be specified in any order: for instance you can start with # passwords, then flags, or key patterns. However note that the additive |