ApsaraDB for Redis allows you to create multiple database accounts for an instance. You can grant these accounts different permissions, such as the read-only, read/write, or replication permissions. This helps you flexibly manage instances and minimize user errors for data security.

Prerequisites

The engine version of the ApsaraDB for Redis instance is Redis 4.0 or later.
Note If the engine version of an instance does not meet the requirements, you can upgrade it. For more information, see Upgrade the major version.

Limits

You can create a maximum of 20 accounts for an ApsaraDB for Redis instance.

Procedure

  1. Log on to the ApsaraDB for Redis console.
  2. In the top navigation bar of the page, select the region in which the instance is deployed.
  3. On the Instances page, click the ID of the instance.
  4. In the left-side navigation pane, click Account Management.
    Note If your instance whose engine version is Redis 4.0 or later does not support the Account Management feature, you can update the minor version of the instance. For more information, see Update the minor version.
  5. Click Create in the upper-right corner of the page.
    Create an account
  6. In the panel that appears, set the parameters that are described in the following table.
    Parameter Description
    Account The account name. It must meet the following requirements:
    • The name can contain lowercase letters, digits, and hyphens (-), and must start with a lowercase letter.
    • The name can be up to 35 characters in length.
    • The name cannot be one of the reserved words in the Reserved words for account names section.
    Privilege The permissions that are granted to the account. Valid values:
    • Read-only: The account has only permissions to read data and is not allowed to modify data.
    • Read/Write: The account has permissions to read and write data.
    • Copy: The account has permissions to read data, write data, and run the SYNC and PSYNC commands.
      Note Only standard instances allow you to create accounts that have the Copy permission.
    Password Settings The password of the account. It must meet the following requirements:
    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. The password can contain the following special characters:

      !@#$%^&*()+-=_

    • The password must be 8 to 32 characters in length.
    Confirm Password Enter the password again.
    Description Optional. The description of the account. It must meet the following requirements:
    • The description must start with a letter and cannot start with http:// or https://.
    • The description can contain letters, digits, underscores (_), and hyphens (-).
    • The description must be 2 to 256 characters in length.
  7. Click OK.
    The new account is in the Creating state. After about one minute, the state of the account changes to Available.
  8. Optional:Perform the following operations to manage an account based on your business requirements:
    Manage accounts
    • Reset a password

      Find the account and click Reset Password in the Actions column. In the panel that appears, reset the password and click OK.

    • Modify permissions

      Find the account and click Modify Privilege in the Actions column. In the panel that appears, select the required permissions and click OK.

    • Modify the description

      Find the account and click Edit Description in the Actions column. In the panel that appears, modify the description and click OK.

    • Delete an account

      Find the account and click the More icon icon and select Delete in the Actions column. In the panel that appears, click OK.

FAQ

Q: Why does an account exist after an instance is created?

A: A default account with the same name as the instance ID is automatically created after an instance is created to ensure data security. The password of this account has been specified when you create the instance. The password can be reset if you forget it.

Reserved words for account names

When you create an account, the account name cannot be one of the following reserved words. The reserved words are separated by commas (,) in the following table.

Initial Reserved word
a~c add,admin,all,alter,analyze,and,as,asc,asensitive,aurora,before,between,bigint,binary,blob,both,by,call,cascade,case,change,char,character,check,collate,column,condition,connection,constraint,continue,convert,create,cross,current_date,current_time,current_timestamp,current_user,cursor
d~f database,databases,day_hour,day_microsecond,day_minute,day_second,dec,decimal,declare,default,delayed,delete,desc,describe,deterministic,distinct,distinctrow,div,double,drc_rds,drop,dual,each,eagleye,else,elseif,enclosed,escaped,exists,exit,explain,false,fetch,float,float4,float8,for,force,foreign,from,fulltext
g~l goto,grant,group,guest,having,high_priority,hour_microsecond,hour_minute,hour_second,if,ignore,in,index,infile,information_schema,inner,inout,insensitive,insert,int,int1,int2,int3,int4,int8,integer,interval,into,is,iterate,join,key,keys,kill,label,leading,leave,left,like,limit,linear,lines,load,localtime,localtimestamp,lock,long,longblob,longtext,loop,low_priority
m~r match,mediumblob,mediumint,mediumtext,middleint,minute_microsecond,minute_second,mod,modifies,mysql,natural,no_write_to_binlog,not,null,numeric,on,optimize,option,optionally,or,order,out,outer,outfile,precision,primary,procedure,purge,raid0,range,read,reads,real,references,regexp,release,rename,repeat,replace,replicator,require,restrict,return,revoke,right,rlike,root
s~z schema,schemas,second_microsecond,select,sensitive,separator,set,show,smallint,spatial,specific,sql,sql_big_result,sql_calc_found_rows,sql_small_result,sqlexception,sqlstate,sqlwarning,ssl,starting,straight_join,table,terminated,test,then,tinyblob,tinyint,tinytext,to,trailing,trigger,true,undo,union,unique,unlock,unsigned,update,usage,use,using,utc_date,utc_time,utc_timestamp,values,varbinary,varchar,varcharacter,varying,when,where,while,with,write,x509,xor,xtrabak,year_month,zerofill

Related API operations

API operation Description
CreateAccount Creates an account that has the specified permissions for an ApsaraDB for Redis instance.
GrantAccountPrivilege Modifies the permissions of an account for an ApsaraDB for Redis instance.
ModifyAccountDescription Modifies the description of an account for an ApsaraDB for Redis instance.
ModifyAccountPassword Changes the password of a specified account for an ApsaraDB for Redis instance.
DeleteAccount Deletes a specified account for an ApsaraDB for Redis instance.