ApsaraDB for Redis allows you to create multiple database accounts for an instance. You can grant these accounts different permissions, such as the read-only, read/write, and replication permissions. This helps you flexibly manage instances and minimize user errors for data security.
Background information
To ensure data security, a default account is automatically created after an instance is created. Typically, the default account is named after the instance ID (Example: r-bp1jpghfglv6******). You cannot delete and replace a default account. You can view or reset the password of the default account on the Account Management page in the Tair console.
# Use the default account whose username is r-bp1jpghfglv6****** and password is Rp829dlwa to connect to your instance.
redis-cli -h r-bp1zx****.redis.rds.aliyuncs.com -p 6379 -a Rp829dlwa
Precautions
You can create a maximum of 20 accounts for an ApsaraDB for Redis instance.
Prerequisites
Procedure
- Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click its ID.
- In the left-side navigation pane, click Account Management.
- Click Create in the upper-right corner of the page.
- In the panel that appears, configure the parameters that are described in the following table.
Parameter Description Account The account name. - The name can contain lowercase letters, digits, and hyphens (-), and must start with a lowercase letter.
- The name can be up to 35 characters in length.
- The name cannot contain any of the reserved words displayed in the "Reserved words for account names" section of this topic.
Privilege The permissions that are granted to the account. Valid values: - Read-only: The account has only permissions to read data and is not allowed to modify data.
- Read/Write: The account has permissions to read and write data.
- Copy: The account has permissions to read data, write data, and run the SYNC and PSYNC commands. Note Only standard instances allow you to create accounts that have the Copy permissions.
Password Settings The password of the account. - The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and specific special characters. These special characters include
! @ # $ % ^ & * ( ) + - = _
- The password must be 8 to 32 characters in length.
Confirm Password Enter the password again. Description (optional) The description of the account. - The description must start with a letter and cannot start with http:// or https://.
- The description can contain letters, digits, underscores (_), and hyphens (-).
- The description must be 2 to 256 characters in length.
- In the message that appears, click OK. After you create an account, the account is in the Unavailable state. Refresh the page about 1 minute later, and the state changes to Available.Note
- The password is in the
user:password
format. For example, assume that an account is namedtestaccount
and the password isRp829dlwa
. Entertestaccount:Rp829dlwa
in the password field to log on to the instance. For more information, see Logon methods. - If you use a third-party database management tool such as Redis Desktop Manager (RDM) to connect to a Tair instance, enter the password in the
user:password
format.
- The password is in the
- Optional: Perform the following operations based on your business requirements to manage the account:
- Reset the password
Find the account and click Reset Password in the Actions column. In the panel that appears, reset the password and click OK.
- Modify the permissions
Find the account and click Modify Privilege in the Actions column. In the panel that appears, select the required permissions and click OK.
- Modify the description
Find the account and click Edit Description in the Actions column. In the panel that appears, modify the description and click OK.
- Delete an accountFind the account and choose Actions column. In the panel that appears, click OK.in theWarning After you delete the account, you cannot log on to the instance by using this account. In this case, to prevent the impact on the connection of your client, change the account and password that are used to verify the connection of your client in advance.
- Reset the password
Reserved words for account names
When you create an account, the account name cannot be one of the following reserved words. The reserved words are separated by commas (,) in the following table.
Initial | Reserved word |
---|---|
a~c | add,admin,all,alter,analyze,and,as,asc,asensitive,aurora,before,between,bigint,binary,blob,both,by,call,cascade,case,change,char,character,check,collate,column,condition,connection,constraint,continue,convert,create,cross,current_date,current_time,current_timestamp,current_user,cursor |
d~f | database,databases,day_hour,day_microsecond,day_minute,day_second,dec,decimal,declare,default,delayed,delete,desc,describe,deterministic,distinct,distinctrow,div,double,drc_rds,drop,dual,each,eagleye,else,elseif,enclosed,escaped,exists,exit,explain,false,fetch,float,float4,float8,for,force,foreign,from,fulltext |
g~l | goto,grant,group,guest,having,high_priority,hour_microsecond,hour_minute,hour_second,if,ignore,in,index,infile,information_schema,inner,inout,insensitive,insert,int,int1,int2,int3,int4,int8,integer,interval,into,is,iterate,join,key,keys,kill,label,leading,leave,left,like,limit,linear,lines,load,localtime,localtimestamp,lock,long,longblob,longtext,loop,low_priority |
m~r | match,mediumblob,mediumint,mediumtext,middleint,minute_microsecond,minute_second,mod,modifies,mysql,natural,no_write_to_binlog,not,null,numeric,on,optimize,option,optionally,or,order,out,outer,outfile,precision,primary,procedure,purge,raid0,range,read,reads,real,references,regexp,release,rename,repeat,replace,replicator,require,restrict,return,revoke,right,rlike,root |
s~z | schema,schemas,second_microsecond,select,sensitive,separator,set,show,smallint,spatial,specific,sql,sql_big_result,sql_calc_found_rows,sql_small_result,sqlexception,sqlstate,sqlwarning,ssl,starting,straight_join,table,terminated,test,then,tinyblob,tinyint,tinytext,to,trailing,trigger,true,undo,union,unique,unlock,unsigned,update,usage,use,using,utc_date,utc_time,utc_timestamp,values,varbinary,varchar,varcharacter,varying,when,where,while,with,write,x509,xor,xtrabak,year_month,zerofill |
Related API operations
Operation | Description |
---|---|
CreateAccount | Creates an account that has the specified permissions for an ApsaraDB for Redis instance. |
GrantAccountPrivilege | Modifies the permissions of an account for an ApsaraDB for Redis instance. |
ModifyAccountDescription | Modifies the description of an account for an ApsaraDB for Redis instance. |
ModifyAccountPassword | Changes the password of a specified account for an ApsaraDB for Redis instance. |
DeleteAccount | Deletes a specified account for an ApsaraDB for Redis instance. |