ApsaraDB for Redis allows you to create multiple database accounts for an instance. You can grant permissions to these accounts based on the actual usage to manage your instance and minimize user errors.

Prerequisites

The engine version of the instance is Redis 4.0 or later.
Note If the engine version of an instance does not meet the requirements, you can upgrade it. For more information, see Upgrade the major version.

Procedure

  1. Log on to the ApsaraDB for Redis console.
  2. On the top of the page, select the region where the instance is deployed.
  3. On the Instances page, click the Instance ID of the instance.
  4. In the left-side navigation pane, click Account Management.
    Note If the engine version of an instance is Redis 4.0 or later, but does not support the Account Management feature, you can upgrade the minor version. For more information, see Upgrade the minor version.
  5. In the upper-right corner of the page, click Create.
    Create an account
  6. In the dialog box that appears, set the parameters listed in the following table.
    Parameter Description
    Account Your account must meet the following requirements:
    • The account name can contain lowercase letters, digits, underscores (_), and hyphens (-).
    • The name must be 1 to 16 characters in length.
    • The name cannot be the reserved words in the Reserved words for Redis account names section.
    Privilege The permissions granted to the account.
    • Read-only: The account has only the permission to read data but is not allowed to modify data.
    • Read/Write: The account has the permissions to read and write data.
    • Copy: The account has the permissions to read data, write data, and run the SYNC and PSYNC commands.
      Note Only standard instances allow you to create accounts that have the Copy permission.
    Password Settings The password of your account must meet the following requirements:
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. Special characters include

      ! @#$%^&*()+-=_

    • The password of the account must be 8 to 32 characters in length.
    Confirm Password Enter the password again.
    Description The description of an account must meet the following requirements:
    • It must start with a letter and cannot start with http:// or https://.
    • The description can contain letters, Chinese characters, digits, underscores (_), and hyphens (-).
    • The description must be 2 to 256 characters in length.
  7. Click OK.
    The newly created account is in the Creating state. After about one minute, the account is changed to the Available state.
  8. Optional:Perform the following steps to manage an account based on your business requirements:
    Manage accounts
    • Reset a password

      Click Reset Password in the Actions column of the account. In the pane that appears, reset the password and click OK.

    • Modify permissions

      Click Modify Privilege in the Actions column of the account. In the pane that appears, select the required permission and click OK.

    • Modify the description

      Click Edit Description in the Actions column of the account. In the pane that appears, modify the description and click OK.

    • Delete an account

      Choose More > Delete in the Actions column of the account. In the pane that appears, click OK.

Reserved words for Redis account names

When you create an account, the account name cannot be one of the following reserved words. The reserved words are separated with commas (,) in the following table.

Initial Reserved word
a~c add,admin,all,alter,analyze,and,as,asc,asensitive,aurora,before,between,bigint,binary,blob,both,by,call,cascade,case,change,char,character,check,collate,column,condition,connection,constraint,continue,convert,create,cross,current_date,current_time,current_timestamp,current_user,cursor
d~f database,databases,day_hour,day_microsecond,day_minute,day_second,dec,decimal,declare,default,delayed,delete,desc,describe,deterministic,distinct,distinctrow,div,double,drc_rds,drop,dual,each,eagleye,else,elseif,enclosed,escaped,exists,exit,explain,false,fetch,float,float4,float8,for,force,foreign,from,fulltext
g~l goto,grant,group,guest,having,high_priority,hour_microsecond,hour_minute,hour_second,if,ignore,in,index,infile,information_schema,inner,inout,insensitive,insert,int,int1,int2,int3,int4,int8,integer,interval,into,is,iterate,join,key,keys,kill,label,leading,leave,left,like,limit,linear,lines,load,localtime,localtimestamp,lock,long,longblob,longtext,loop,low_priority
m~r match,mediumblob,mediumint,mediumtext,middleint,minute_microsecond,minute_second,mod,modifies,mysql,natural,no_write_to_binlog,not,null,numeric,on,optimize,option,optionally,or,order,out,outer,outfile,precision,primary,procedure,purge,raid0,range,read,reads,real,references,regexp,release,rename,repeat,replace,replicator,require,restrict,return,revoke,right,rlike,root
s~z schema,schemas,second_microsecond,select,sensitive,separator,set,show,smallint,spatial,specific,sql,sql_big_result,sql_calc_found_rows,sql_small_result,sqlexception,sqlstate,sqlwarning,ssl,starting,straight_join,table,terminated,test,then,tinyblob,tinyint,tinytext,to,trailing,trigger,true,undo,union,unique,unlock,unsigned,update,usage,use,using,utc_date,utc_time,utc_timestamp,values,varbinary,varchar,varcharacter,varying,when,where,while,with,write,x509,xor,xtrabak,year_month,zerofill