diff options
| -rw-r--r-- | redis.conf | 34 | ||||
| -rw-r--r-- | src/acl.c | 2 | ||||
| -rw-r--r-- | src/server.c | 13 |
3 files changed, 42 insertions, 7 deletions
diff --git a/redis.conf b/redis.conf index d510faaf4..84f492b88 100644 --- a/redis.conf +++ b/redis.conf @@ -883,6 +883,40 @@ replica-priority 100 # # Basically ACL rules are processed left-to-right. # +# The following is a list of command categories and their meanings: +# * keyspace - Writing or reading from keys, databases, or their metadata +# in a type agnostic way. Includes DEL, RESTORE, DUMP, RENAME, EXISTS, DBSIZE, +# KEYS, EXPIRE, TTL, FLUSHALL, etc. Commands that may modify the keyspace, +# key or metadata will also have `write` category. Commands that only read +# the keyspace, key or metadata will have the `read` category. +# * read - Reading from keys (values or metadata). Note that commands that don't +# interact with keys, will not have either `read` or `write`. +# * write - Writing to keys (values or metadata) +# * admin - Administrative commands. Normal applications will never need to use +# these. Includes REPLICAOF, CONFIG, DEBUG, SAVE, MONITOR, ACL, SHUTDOWN, etc. +# * dangerous - Potentially dangerous (each should be considered with care for +# various reasons). This includes FLUSHALL, MIGRATE, RESTORE, SORT, KEYS, +# CLIENT, DEBUG, INFO, CONFIG, SAVE, REPLICAOF, etc. +# * connection - Commands affecting the connection or other connections. +# This includes AUTH, SELECT, COMMAND, CLIENT, ECHO, PING, etc. +# * blocking - Potentially blocking the connection until released by another +# command. +# * fast - Fast O(1) commands. May loop on the number of arguments, but not the +# number of elements in the key. +# * slow - All commands that are not Fast. +# * pubsub - PUBLISH / SUBSCRIBE related +# * transaction - WATCH / MULTI / EXEC related commands. +# * scripting - Scripting related. +# * set - Data type: sets related. +# * sortedset - Data type: zsets related. +# * list - Data type: lists related. +# * hash - Data type: hashes related. +# * string - Data type: strings related. +# * bitmap - Data type: bitmaps related. +# * hyperloglog - Data type: hyperloglog related. +# * geo - Data type: geo related. +# * stream - Data type: streams related. +# # For more information about ACL configuration please refer to # the Redis web site at https://redis.io/topics/acl @@ -60,7 +60,7 @@ static unsigned long nextid = 0; /* Next command id that has not been assigned * struct ACLCategoryItem { const char *name; uint64_t flag; -} ACLCommandCategories[] = { +} ACLCommandCategories[] = { /* See redis.conf for details on each category. */ {"keyspace", CMD_CATEGORY_KEYSPACE}, {"read", CMD_CATEGORY_READ}, {"write", CMD_CATEGORY_WRITE}, diff --git a/src/server.c b/src/server.c index b3988794f..aeed6584a 100644 --- a/src/server.c +++ b/src/server.c @@ -173,6 +173,7 @@ struct redisServer server; /* Server global state */ * * The following additional flags are only used in order to put commands * in a specific ACL category. Commands can have multiple ACL categories. + * See redis.conf for the exact meaning of each. * * @keyspace, @read, @write, @set, @sortedset, @list, @hash, @string, @bitmap, * @hyperloglog, @stream, @admin, @fast, @slow, @pubsub, @blocking, @dangerous, @@ -652,7 +653,7 @@ struct redisCommand redisCommandTable[] = { 0,NULL,0,0,0,0,0,0}, {"select",selectCommand,2, - "ok-loading fast ok-stale @keyspace", + "ok-loading fast ok-stale @connection", 0,NULL,0,0,0,0,0,0}, {"swapdb",swapdbCommand,3, @@ -821,7 +822,7 @@ struct redisCommand redisCommandTable[] = { 0,NULL,0,0,0,0,0,0}, {"role",roleCommand,1, - "ok-loading ok-stale no-script fast @dangerous", + "ok-loading ok-stale no-script fast @admin @dangerous", 0,NULL,0,0,0,0,0,0}, {"debug",debugCommand,-2, @@ -881,15 +882,15 @@ struct redisCommand redisCommandTable[] = { 0,migrateGetKeys,0,0,0,0,0,0}, {"asking",askingCommand,1, - "fast @keyspace", + "fast @connection", 0,NULL,0,0,0,0,0,0}, {"readonly",readonlyCommand,1, - "fast @keyspace", + "fast @connection", 0,NULL,0,0,0,0,0,0}, {"readwrite",readwriteCommand,1, - "fast @keyspace", + "fast @connection", 0,NULL,0,0,0,0,0,0}, {"dump",dumpCommand,2, @@ -959,7 +960,7 @@ struct redisCommand redisCommandTable[] = { 0,NULL,1,1,1,0,0,0}, {"wait",waitCommand,3, - "no-script @keyspace", + "no-script @connection", 0,NULL,0,0,0,0,0,0}, {"command",commandCommand,-1, |