![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png\")
<\/figure>\n\n\n\nWe can see that the command add SET rights and GET rights , in that order because sometimes order can have its importance when configuring ACL for a user.<\/p>\n\n\n\n
You also notice that there is the off option which means user is disabled so we will turn it on.<\/p>\n\n\n\n
So to sum up you can now call both SET and GET commands for that user.<\/p>\n\n\n\n
Command categories<\/h2>\n\n\n\n
Now we know how to add rights but there are many commands so it can be fastidious to add it one by one.why not use directly the command categories ?<\/p>\n\n\n\n
First of all we will list the command categories which include a bunch of common command like get but also it can include critical commands.<\/p>\n\n\n\n
The following is a list of command categories and their meanings:<\/p>\n\n\n\n
- \n
- admin<\/strong> – Administrative commands. Normal applications will never need to use these. Includes
REPLICAOF<\/code><\/a>,CONFIG<\/code><\/a>,DEBUG<\/code><\/a>,SAVE<\/code><\/a>,MONITOR<\/code><\/a>,ACL<\/code><\/a>,SHUTDOWN<\/code><\/a>, etc.<\/li>\n\n\n\n- bitmap<\/strong> – Data type: bitmaps related.<\/li>\n\n\n\n
- blocking<\/strong> – Potentially blocking the connection until released by another command.<\/li>\n\n\n\n
- connection<\/strong> – Commands affecting the connection or other connections. This includes
AUTH<\/code><\/a>,SELECT<\/code><\/a>,COMMAND<\/code><\/a>,CLIENT<\/code><\/a>,ECHO<\/code><\/a>,PING<\/code><\/a>, etc.<\/li>\n\n\n\n- dangerous<\/strong> – Potentially dangerous commands (each should be considered with care for various reasons). This includes
FLUSHALL<\/code><\/a>,MIGRATE<\/code><\/a>,RESTORE<\/code><\/a>,SORT<\/code><\/a>,KEYS<\/code><\/a>,CLIENT<\/code><\/a>,DEBUG<\/code><\/a>,INFO<\/code><\/a>,CONFIG<\/code><\/a>,SAVE<\/code><\/a>,REPLICAOF<\/code><\/a>, etc.<\/li>\n\n\n\n- geo<\/strong> – Data type: geospatial indexes related.<\/li>\n\n\n\n
- hash<\/strong> – Data type: hashes related.<\/li>\n\n\n\n
- hyperloglog<\/strong> – Data type: hyperloglog related.<\/li>\n\n\n\n
- fast<\/strong> – Fast O(1) commands. May loop on the number of arguments, but not the number of elements in the key.<\/li>\n\n\n\n
- keyspace<\/strong> – Writing or reading from keys, databases, or their metadata in a type agnostic way. Includes
DEL<\/code><\/a>,RESTORE<\/code><\/a>,DUMP<\/code><\/a>,RENAME<\/code><\/a>,EXISTS<\/code><\/a>,DBSIZE<\/code><\/a>,KEYS<\/code><\/a>,EXPIRE<\/code><\/a>,TTL<\/code><\/a>,FLUSHALL<\/code><\/a>, etc. Commands that may modify the keyspace, key, or metadata will also have thewrite<\/code> category. Commands that only read the keyspace, key, or metadata will have theread<\/code> category.<\/li>\n\n\n\n- list<\/strong> – Data type: lists related.<\/li>\n\n\n\n
- pubsub<\/strong> – PubSub-related commands.<\/li>\n\n\n\n
- read<\/strong> – Reading from keys (values or metadata). Note that commands that don’t interact with keys, will not have either
read<\/code> orwrite<\/code>.<\/li>\n\n\n\n- scripting<\/strong> – Scripting related.<\/li>\n\n\n\n
- set<\/strong> – Data type: sets related.<\/li>\n\n\n\n
- sortedset<\/strong> – Data type: sorted sets related.<\/li>\n\n\n\n
- slow<\/strong> – All commands that are not
fast<\/code>.<\/li>\n\n\n\n- stream<\/strong> – Data type: streams related.<\/li>\n\n\n\n
- string<\/strong> – Data type: strings related.<\/li>\n\n\n\n
- transaction<\/strong> –
WATCH<\/code><\/a> \/MULTI<\/code><\/a> \/EXEC<\/code><\/a> related commands.<\/li>\n\n\n\n- write<\/strong> – Writing to keys (values or metadata).<\/li>\n<\/ul>\n\n\n\n
Below you will have an example of a user with a restriction to the blocking category<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-53-1024x104.png\")
<\/figure>\n\n\n\nWhen using +@all command it will allow all commands , then you can restrict the category you want jsut after like @Blocking commands or @dangerous commands .<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-54-1024x426.png\")
<\/figure>\n\n\n\nList the command categories <\/h2>\n\n\n\n
Use the ACL CAT command to list all the categories<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-55-1024x810.png\")
<\/figure>\n\n\n\nList the sub-commands <\/h2>\n\n\n\n
Now you have identified the categories you can list them and see the sub-commands inside <\/p>\n\n\n\n
Use the command<\/p>\n\n\n\n
ACL CAT [ categoryname ]<\/code><\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-56-1024x109.png\")
<\/figure>\n\n\n\nThis example lists the sub-commands within the dangerous category<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-57-1024x864.png\")
<\/figure>\n\n\n\nInside there is common but critical commands such as KEYS<\/strong>, SAVE, RESTORE, ACL <\/strong>commands BUT ALSO THE<\/strong> FLUSHALL <\/strong>command , I guess it should be only dedicated to the Redis admin<\/strong>.<\/p>\n\n\n\n
Aim is to get the Redis infra secure by avoiding blocking or dangerous commands, indeed it can slow the server or even worse harm it and delete data.<\/p>\n\n\n\n
Allow\/block subcommands<\/h2>\n\n\n\n
Starting from Redis 7.0<\/strong> version , subcommands can be allowed\/blocked just like other commands (by using the separator
|<\/code> between the command and subcommand, for example:+config|get<\/code> or-config|set<\/code>)<\/p>\n\n\n\nThat is true for all commands except DEBUG<\/strong>. In order to allow\/block specific DEBUG sub-commands<\/p>\n\n\n\n
My current configuration doesn’t allow me to give examples as I am on Redis 6 but I will upgrade and show it in another incoming post \ud83d\ude42 <\/p>\n\n\n\n
Allow the first-arg of a blocked command<\/h2>\n\n\n\n
Note that this feature is deprecated since Redis 7.0 and may be removed in the future.<\/strong><\/p>\n\n\n\n
( I am on Redis 6 version so we can test the command )<\/p>\n\n\n\n
Exclude or include a command or a subcommand as a whole may find some limits. For example many deployments may not be happy providing the ability to execute a
SELECT<\/code><\/a> for any DB, but may still want to be able to runSELECT 0<\/code>.<\/p>\n\n\n\nExample:<\/span><\/p>\n\n\n\n
We could alter the ACL of a user as the following way<\/p>\n\n\n\n
ACL SETUSER myuser -select +select|0<\/code><\/pre>\n\n\n\nThis command will remove the
SELECT<\/code><\/a> command and then add the allowed first-arg.<\/p>\n\n\n\nNote that it is not possible to do the reverse<\/strong> since first-args can be only added, not excluded.<\/p>\n\n\n\n
Best practice for more security is to specify all the first-args that are valid for some user since it is possible that new first-args may be added in the future.<\/p>\n\n\n\n
Selectors<\/h2>\n\n\n\n
I will upgrade my Redis to 7.0 and test it in another post , for teh moment you can get the definition and method to understand the principle below ( from the Redis site<\/strong> ) <\/p>\n\n\n\n
“Starting with Redis 7.0<\/strong>, Redis supports adding multiple sets of rules that are evaluated independently of each other. These secondary sets of permissions are called selectors and added by wrapping a set of rules within parentheses. In order to execute a command, either the root permissions (rules defined outside of parenthesis) or any of the selectors (rules defined inside parenthesis) must match the given command. Internally, the root permissions are checked first followed by selectors in the order they were added.<\/p>\n\n\n\n
For example, consider a user with the ACL rules
+GET ~key1 (+SET ~key2)<\/code>. This user is able to executeGET key1<\/code> andSET key2 hello<\/code>, but notGET key2<\/code> orSET key1 world<\/code>.”<\/p>\n\n\n\nKey permissions<\/h2>\n\n\n\n
Need Redis 7.0 version minimum so it will be discussed during a next post \ud83d\ude42<\/p>\n\n\n\n
Passwords storage method<\/h2>\n\n\n\n
SHA256 is the method to store internally Redis hashed passwords .<\/p>\n\n\n\n
When you check your password by using
ACL LIST<\/code><\/a> orACL GETUSER<\/code><\/a>, you’ll see a long hex string that looks pseudo random.<\/p>\n\n\n\nExample:<\/span><\/p>\n\n\n\n
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-58-1024x519.png\")
<\/figure>\n\n\n\nUsing SHA256 provides the ability to avoid storing the password in clear text while still allowing for a very fast
AUTH<\/code><\/a> command, which is a very important feature of Redis and is coherent with what clients expect from Redis.<\/p>\n\n\n\nNote that “ACL passwords<\/em> are not really passwords. They are shared secrets between the server and the client, because the password is not an authentication token used by a human being”. <\/p>\n\n\n\n
For instance:<\/p>\n\n\n\n
- \n
- There are no length limits, the password will just be memorized in some client software. There is no human that needs to recall a password in this context.<\/li>\n\n\n\n
- The ACL password does not protect any other thing. For example, it will never be the password for some email account.<\/li>\n\n\n\n
- Often when you are able to access the hashed password itself, by having full access to the Redis commands of a given server, or corrupting the system itself, you already have access to what the password is protecting: the Redis instance stability and the data it contains.<\/li>\n<\/ul>\n\n\n\n
Security matters<\/h2>\n\n\n\n
For the above reasons, slowing down the password authentication, in order to use an algorithm that uses time and space to make password cracking hard, is a very poor choice.<\/p>\n\n\n\n
We can instead generate strong passwords, so that nobody will be able to crack it using a dictionary or a brute force attack even if they have the hash.<\/p>\n\n\n\n
To perform that we can use the ACL command
ACL GENPASS<\/code><\/a> that generates passwords using the system cryptographic pseudorandom generator:<\/p>\n\n\n\nSyntax:<\/p>\n\n\n\n
127.0.0.1:6379> ACL GENPASS [ bits ]<\/code><\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-59-1024x219.png\")
<\/figure>\n\n\n\nExample:<\/span><\/p>\n\n\n\n
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-60-1024x483.png\")
<\/figure>\n\n\n\nBy default this command outputs a 32-byte (256-bit) pseudorandom string converted to a 64-byte alphanumerical string but you can add the bit number as an argument like above 128 bits<\/p>\n\n\n\n
This password complexity is enough to avoid bruteforce attacks and short enough to be easy to manage, cut & paste, store, and so forth. <\/p>\n\n\n\n
This is the recommended method you should use in order to generate Redis passwords.<\/p>\n\n\n\n
Use an external ACL file<\/h2>\n\n\n\n
We got 2 methods to store Redis users :<\/p>\n\n\n\n
- \n
- First is to specify them directly in the
redis.conf<\/code> file.<\/li>\n\n\n\n- The second is to specify an external ACL file.<\/li>\n<\/ul>\n\n\n\n
As these two options can’t work together, You will have to make your choice. <\/p>\n\n\n\n
1st choice: Use redis.conf file<\/h3>\n\n\n\n
For simple use cases it is the best choice. <\/p>\n\n\n\n
2nd choice: Use the ACL file<\/h3>\n\n\n\n
Use the ACL file when there are multiple users to define, in a complex environment.<\/p>\n\n\n\n
User definition format in redis.conf and external ACL file:<\/h2>\n\n\n\n
redis.conf<\/strong><\/code> and in the external ACL file<\/strong> use exactly the same format to define users:<\/p>\n\n\n\nuser [username] acl rules \u2026<\/code><\/code><\/pre>\n\n\n\nExample:<\/span><\/p>\n\n\n\n
\"user USER_RESTRICTED on #e198a9a8a4a2a5be789e9a11ecf8a48b9f2ed6a2293c99d56d31c74f3d1c43c8 ~* &* +@all -@blocking\"<\/code><\/code><\/pre>\n\n\n\nWhen you want to use an external ACL file, you must specify the configuration directive called
aclfile<\/code>, by adding the absolute path of the file.<\/p>\n\n\n\n127.0.0.1:6379> aclfile \/etc\/redis\/users.acl<\/code><\/code><\/pre>\n\n\n\nWhen you are just specifying a few users directly inside the
redis.conf<\/code> file, you can useCONFIG REWRITE<\/code><\/a> in order to store the new user configuration inside the file by rewriting it.<\/p>\n\n\n\nThe external ACL file has more capabilities and allow you useful commands such as ACL LOAD \/SAVE.<\/p>\n\n\n\n
You can do the following:<\/p>\n\n\n\n
- \n
- Use
ACL LOAD<\/code><\/a> if you modified the ACL file manually and you want Redis to reload the new configuration. Note that this command is able to load the file only if all the users are correctly specified<\/em>. Otherwise, an error is reported to the user, and the old configuration will remain valid.<\/li>\n\n\n\n- Use
ACL SAVE<\/code><\/a> to save the current ACL configuration to the ACL file.<\/li>\n<\/ul>\n\n\n\nNote that
CONFIG REWRITE<\/code><\/a> does not also triggerACL SAVE<\/code><\/a>. When you use an ACL file, the configuration and the ACLs are handled separately.<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n
That conclude the Redis ACL part.The secutrity topic is huge and we will probably come bakc to it another time.<\/p>\n\n\n\n
Thanks to the Redis site <\/a>which is fantastic and well documented.<\/p>\n\n\n\n
Feel free to take a look on it and also don’t forget to visit my other topics here <\/a>and the dbi bloggers here <\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Introduction In the first part with have seen what are Redis ACL and why we are using it.WE also have seen how to list users with the ACL LIST command. Let’s continue and go deeper with command usage and also how to use an external file. So let’s go for Redis ACL part two ! […]<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1739],"tags":[],"type_dbi":[],"class_list":["post-27375","post","type-post","status-publish","format-standard","hentry","category-nosql"],"acf":[],"yoast_head":"\n
Redis: Using Access Control List (ACL) part2 - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Redis: Using Access Control List (ACL) part2\" \/>\n<meta property=\"og:description\" content=\"Introduction In the first part with have seen what are Redis ACL and why we are using it.WE also have seen how to list users with the ACL LIST command. Let’s continue and go deeper with command usage and also how to use an external file. So let’s go for Redis ACL part two ! […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-18T19:24:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-20T20:50:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png\" \/>\n<meta name=\"author\" content=\"Middleware Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Middleware Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/\"},\"author\":{\"name\":\"Middleware Team\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d8563acfc6e604cce6507f45bac0ea1\"},\"headline\":\"Redis: Using Access Control List (ACL) part2\",\"datePublished\":\"2023-08-18T19:24:15+00:00\",\"dateModified\":\"2023-08-20T20:50:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/\"},\"wordCount\":1665,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png\",\"articleSection\":[\"NoSQL\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/\",\"name\":\"Redis: Using Access Control List (ACL) part2 - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png\",\"datePublished\":\"2023-08-18T19:24:15+00:00\",\"dateModified\":\"2023-08-20T20:50:00+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d8563acfc6e604cce6507f45bac0ea1\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Redis: Using Access Control List (ACL) part2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d8563acfc6e604cce6507f45bac0ea1\",\"name\":\"Middleware Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/ddcae7ba0f9d1a0e7ae707f0e689e4a9c95bb48ec49c8e6d9cc86d43f4121cb6?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ddcae7ba0f9d1a0e7ae707f0e689e4a9c95bb48ec49c8e6d9cc86d43f4121cb6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ddcae7ba0f9d1a0e7ae707f0e689e4a9c95bb48ec49c8e6d9cc86d43f4121cb6?s=96&d=mm&r=g\",\"caption\":\"Middleware Team\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/middleware-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Redis: Using Access Control List (ACL) part2 - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/","og_locale":"en_US","og_type":"article","og_title":"Redis: Using Access Control List (ACL) part2","og_description":"Introduction In the first part with have seen what are Redis ACL and why we are using it.WE also have seen how to list users with the ACL LIST command. Let’s continue and go deeper with command usage and also how to use an external file. So let’s go for Redis ACL part two ! […]","og_url":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/","og_site_name":"dbi Blog","article_published_time":"2023-08-18T19:24:15+00:00","article_modified_time":"2023-08-20T20:50:00+00:00","og_image":[{"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png","type":"","width":"","height":""}],"author":"Middleware Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Middleware Team","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/"},"author":{"name":"Middleware Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d8563acfc6e604cce6507f45bac0ea1"},"headline":"Redis: Using Access Control List (ACL) part2","datePublished":"2023-08-18T19:24:15+00:00","dateModified":"2023-08-20T20:50:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/"},"wordCount":1665,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png","articleSection":["NoSQL"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/","url":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/","name":"Redis: Using Access Control List (ACL) part2 - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png","datePublished":"2023-08-18T19:24:15+00:00","dateModified":"2023-08-20T20:50:00+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d8563acfc6e604cce6507f45bac0ea1"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2023\/08\/image-52.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/redis-using-access-control-list-acl-part2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Redis: Using Access Control List (ACL) part2"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d8563acfc6e604cce6507f45bac0ea1","name":"Middleware Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ddcae7ba0f9d1a0e7ae707f0e689e4a9c95bb48ec49c8e6d9cc86d43f4121cb6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ddcae7ba0f9d1a0e7ae707f0e689e4a9c95bb48ec49c8e6d9cc86d43f4121cb6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ddcae7ba0f9d1a0e7ae707f0e689e4a9c95bb48ec49c8e6d9cc86d43f4121cb6?s=96&d=mm&r=g","caption":"Middleware Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/middleware-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/27375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=27375"}],"version-history":[{"count":67,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/27375\/revisions"}],"predecessor-version":[{"id":27455,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/27375\/revisions\/27455"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=27375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=27375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=27375"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=27375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} - Use
- The second is to specify an external ACL file.<\/li>\n<\/ul>\n\n\n\n
- First is to specify them directly in the
- bitmap<\/strong> – Data type: bitmaps related.<\/li>\n\n\n\n