All Products
Document Center

ApsaraDB for Redis:Create and manage database accounts

Last Updated:Jun 13, 2024

ApsaraDB for Redis allows you to create multiple database accounts for an instance. You can grant these accounts different permissions, such as the read-only, read/write, and replication permissions. This way, you can flexibly manage instances, minimize accidental operations, and enhance data security.

Background information

To ensure data security, the system automatically creates a default account after an instance is created. Typically, the default account is named after the instance ID (such as r-bp1jpghfglv6******). You cannot delete or replace the default account or modify the permissions of the account. You can view or reset the password of the default account on the Account Management page in the console.

You can use the default account to log on to your instance in the same way as in open source Redis, where you only need to enter the password of the account. The following example shows how to log on to an instance by using redis-cli:

# Use the default account whose username is r-bp1jpghfglv6****** and password is Rp829dlwa to connect to the instance. 
redis-cli -h r-bp1zx**** -p 6379 -a Rp829dlwa

The name of the default account is default for specific instances. The name that is displayed in the console prevails.


  • You can create up to 20 accounts for an instance.

  • For instances that run Redis 4.0 or Redis 5.0 up to 5.0.8, the account names are not case-sensitive. For instances that run later versions of Redis, the account names are case-sensitive.


The database engine version of the instance is Redis 4.0 or later.


If the database engine version of an instance does not meet this requirement, you can upgrade the version. For more information, see Upgrade the major version.


  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.

  2. In the left-side navigation pane, click Account Management.

  3. Click Create in the upper-right corner of the page.

  4. In the panel that appears, configure the parameters that are described in the following table.




    The account name, which must meet the following requirements:

    • The name can contain lowercase letters, digits, and underscores (_) and must start with a lowercase letter.

    • The name can be up to 35 characters in length.

    • The name cannot contain any of the reserved words displayed in the Reserved words for account names section of this topic.


    The permissions that are granted to the account. Valid values:

    • Read-only: The account has only permissions to read data and is not allowed to modify data.

    • Read/Write: The account has permissions to read and write data.

    • Copy: The account has permissions to read data, write data, and run the SYNC and PSYNC commands.


      Only specific instances allow you to create accounts that have the Copy permissions. The specific permissions that are displayed in the console prevail.


    The password of the account.

    • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and specific special characters. These special characters include


    • The password must be 8 to 32 characters in length

    Confirm Password

    Enter the password again.

    Description (optional)

    The description of the account.

    • The description must start with a letter and cannot start with http:// or https://.

    • The description can contain letters, digits, underscores (_), and hyphens (-).

    • The description must be 2 to 256 characters in length.

  5. Click OK.

    After you create an account, the account is in the Unavailable state. Refresh the page about 1 minute later, and the state changes to Available.

    • The password is in the user:password format. For example, assume that an account is named testaccount and the password is Rp829dlwa. Enter testaccount:Rp829dlwa in the password field to log on to the instance. For more information, see Logon methods.

    • If you use a third-party database management tool such as Redis Desktop Manager (RDM) to connect to an instance, enter the password in the user:password format.

  6. Optional: Perform the following operations based on your business requirements to manage the account:

    • Reset the password

      Find the account and click Reset Password in the Actions column. In the panel that appears, reset the password and click OK.

    • Modify the permissions

      Find the account and click Modify Privilege in the Actions column. In the panel that appears, select the required permissions and click OK.

    • Modify the description

      Find the account and click Edit Description in the Actions column. In the panel that appears, modify the description and click OK.

    • Delete the account

      Find the account and choose 更多 > Delete in the Actions column. In the panel that appears, click OK.


      After you delete the account, you cannot log on to the instance by using this account. In this case, to prevent the impact on the connection of your client, change the account and password that are used to verify the connection of your client in advance.

Reserved words for account names

When you create an account, the account name cannot be one of the following reserved words. The following table describes the reserved words. The reserved words are separated by commas (,).


Reserved word











Related API operations

API operation



Creates an account that has specific permissions for an ApsaraDB for Redis instance.


Modifies the permissions of an account for an ApsaraDB for Redis instance.


Modifies the description of an account for an ApsaraDB for Redis instance.


Changes the password of an account for an ApsaraDB for Redis instance.


Deletes a specific account for an ApsaraDB for Redis instance.