ApsaraDB for Redis allows you to create multiple database accounts for an instance. You can grant these accounts different permissions, such as the read-only, read/write, and replication permissions. This helps you flexibly manage instances and minimize user errors for data security.
To ensure data security, a default account is automatically created after an instance is created. Typically, the default account is named after the instance ID (such as r-bp1jpghfglv6******). You cannot delete or replace a default account. You can view or reset the password of the default account on the Account Management page in the Tair console.
You can use the default account to log on to your instance in the same way as in open source Redis, where you only need to enter the password of the account. The following example describes how to log on to a Tair instance by using redis-cli:
# Use the default account whose username is r-bp1jpghfglv6****** and password is Rp829dlwa to connect to your instance. redis-cli -h r-bp1zx****.redis.rds.aliyuncs.com -p 6379 -a Rp829dlwa
The name of the default account is default for specific instances. The name that is displayed in the console prevails.
You can create a maximum of 20 accounts for an ApsaraDB for Redis instance.
Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.
In the left-side navigation pane, click Account Management.
Click Create in the upper-right corner of the page.
In the panel that appears, configure the parameters that are described in the following table.
The account name.
The name can contain lowercase letters, digits, and underscores (_) and must start with a lowercase letter.
The name can be up to 35 characters in length.
The name cannot contain any of the reserved words displayed in the Reserved words for accounts of a Tair instance section of this topic.
The permissions that are granted to the account. Valid values:
Read-only: The account has only permissions to read data and is not allowed to modify data.
Read/Write: The account has permissions to read and write data.
Copy: The account has permissions to read data, write data, and run the SYNC and PSYNC commands.Note
Only specific instances allow you to create accounts that have the Copy permissions. The specific permissions that are displayed in the console prevail.
The password of the account.
The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and specific special characters. These special characters include
The password must be 8 to 32 characters in length.
Enter the password again.
The description of the account.
The description must start with a letter and cannot start with http:// or https://.
The description can contain letters, digits, underscores (_), and hyphens (-).
The description must be 2 to 256 characters in length.
After you create an account, the account is in the Unavailable state. Refresh the page about 1 minute later, and the state changes to Available.Note
The password is in the
user:passwordformat. For example, assume that an account is named
testaccountand the password is
testaccount:Rp829dlwain the password field to log on to the instance. For more information, see Logon methods.
If you use a third-party database management tool such as Redis Desktop Manager (RDM) to connect to a Tair instance, enter the password in the
Optional: Perform the following operations based on your business requirements to manage the account:
Reset the password
Find the account and click Reset Password in the Actions column. In the panel that appears, reset the password and click OK.
Modify the permissions
Find the account and click Modify Privilege in the Actions column. In the panel that appears, select the required permissions and click OK.
Modify the description
Find the account and click Edit Description in the Actions column. In the panel that appears, modify the description and click OK.
Delete an account
Find the account and choosein the Actions column. In the panel that appears, click OK.Warning
After you delete the account, you cannot log on to the instance by using this account. In this case, to prevent the impact on the connection of your client, change the account and password that are used to verify the connection of your client in advance.
Reserved words for account names
When you create an account, the account name cannot be one of the following reserved words. The reserved words are separated by commas (,) in the following table.
Related API operations
|CreateAccount||Creates an account that has the specified permissions for an ApsaraDB for Redis instance.|
|GrantAccountPrivilege||Modifies the permissions of an account for an ApsaraDB for Redis instance.|
|ModifyAccountDescription||Modifies the description of an account for an ApsaraDB for Redis instance.|
|ModifyAccountPassword||Changes the password of a specified account for an ApsaraDB for Redis instance.|
|DeleteAccount||Deletes a specified account for an ApsaraDB for Redis instance.|