ApsaraDB for Redis allows you to create multiple database accounts for an instance. You can grant these accounts different permissions, such as the read-only, read/write, or copy permissions. This helps you flexibly manage instances and minimize user errors.


The engine version of the instance is Redis 4.0 or later.
Note If the engine version of an instance does not meet the requirements, you can upgrade it. For more information, see Upgrade the major version.


  1. Log on to the ApsaraDB for Redis console.
  2. On the top of the page, select the region where the instance is deployed.
  3. On the Instance List page, click the Instance ID of the instance.
  4. In the left-side navigation pane, click Account Management.
    Note If your instance whose engine version is Redis 4.0 or later does not support the Account Management feature, you can upgrade the minor version. For more information, see Upgrade the minor version.
  5. Click Create in the upper-right corner of the page.
    Create an account
  6. In the dialog box that appears, set the parameters listed in the following table.
    Parameter Description
    Account Your account name must meet the following requirements:
    • The name of your account can contain lowercase letters, digits, and hyphens (-).
    • The name must be 1 to 16 characters in length.
    • The name cannot be one of the reserved words in the Reserved words for Redis account names section.
    Privilege The permissions granted to the account.
    • Read-only: The account has only the permissions to read data but is not allowed to modify data.
    • Read/Write: The account has the permissions to read and write data.
    • Copy: The account has the permissions to read data, write data, and run the SYNC and PSYNC commands.
      Note Only standard instances allow you to create accounts that have the Copy permissions.
    Password Settings The password of your account must meet the following requirements:
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. Special characters include:

      ! @#$%^&*()+-=_

    • The password must be 8 to 32 characters in length.
    Confirm Password Enter the password again.
    Description The description of your account must meet the following requirements:
    • It must start with a letter and cannot start with http:// or https://.
    • The description can contain letters, digits, underscores (_), and hyphens (-).
    • The description must be 2 to 256 characters in length.
  7. Click OK.
    The new account is in the Creating state. After about one minute, the state of the account is changed to Available.
  8. Optional:Perform the following steps to manage an account based on your business requirements:
    Manage accounts
    • Reset a password

      Click Reset Password in the Actions column of the specified account. In the panel that appears, reset the password and click OK.

    • Modify permissions

      Click Modify Privilege in the Actions column of the specified account. In the panel that appears, select the required permission and click OK.

    • Modify the description

      Click Edit Description in the Actions column of the specified account. In the panel that appears, modify the description and click OK.

    • Delete an account

      Choose More > Delete in the Actions column of the specified account. In the panel that appears, click OK.

Reserved words for Redis account names

When you create an account, the account name cannot be one of the following reserved words. The reserved words are separated with commas (,) in the following table.

Initial Reserved word
a~c add,admin,all,alter,analyze,and,as,asc,asensitive,aurora,before,between,bigint,binary,blob,both,by,call,cascade,case,change,char,character,check,collate,column,condition,connection,constraint,continue,convert,create,cross,current_date,current_time,current_timestamp,current_user,cursor
d~f database,databases,day_hour,day_microsecond,day_minute,day_second,dec,decimal,declare,default,delayed,delete,desc,describe,deterministic,distinct,distinctrow,div,double,drc_rds,drop,dual,each,eagleye,else,elseif,enclosed,escaped,exists,exit,explain,false,fetch,float,float4,float8,for,force,foreign,from,fulltext
g~l goto,grant,group,guest,having,high_priority,hour_microsecond,hour_minute,hour_second,if,ignore,in,index,infile,information_schema,inner,inout,insensitive,insert,int,int1,int2,int3,int4,int8,integer,interval,into,is,iterate,join,key,keys,kill,label,leading,leave,left,like,limit,linear,lines,load,localtime,localtimestamp,lock,long,longblob,longtext,loop,low_priority
m~r match,mediumblob,mediumint,mediumtext,middleint,minute_microsecond,minute_second,mod,modifies,mysql,natural,no_write_to_binlog,not,null,numeric,on,optimize,option,optionally,or,order,out,outer,outfile,precision,primary,procedure,purge,raid0,range,read,reads,real,references,regexp,release,rename,repeat,replace,replicator,require,restrict,return,revoke,right,rlike,root
s~z schema,schemas,second_microsecond,select,sensitive,separator,set,show,smallint,spatial,specific,sql,sql_big_result,sql_calc_found_rows,sql_small_result,sqlexception,sqlstate,sqlwarning,ssl,starting,straight_join,table,terminated,test,then,tinyblob,tinyint,tinytext,to,trailing,trigger,true,undo,union,unique,unlock,unsigned,update,usage,use,using,utc_date,utc_time,utc_timestamp,values,varbinary,varchar,varcharacter,varying,when,where,while,with,write,x509,xor,xtrabak,year_month,zerofill