DocsICP FilingConsole
官方文档
首页

Create and manage accounts

更新时间:
复制 MD 格式
产品详情
我的收藏

Tair (Redis OSS-compatible) supports creating multiple accounts and setting Read-only and Read/Write permissions to help you manage instances with greater flexibility, minimize operational errors, and enhance data security.

Background

To ensure data security, a Default Account is automatically created after an instance is created. The default account cannot be deleted, replaced, or have its privileges modified. The number of automatically created default accounts varies depending on the engine version of the instance:

  • For versions earlier than 6.0: One default account is created with the instance ID as its name (for example, r-bp1jpghfglv6******).

  • For versions 6.0 and later: Two default accounts are created, one named with the instance ID (for example, r-bp1jpghfglv6******) and the other named default.

You may or may not have set a password for the default account when you created the instance. You can view or reset the password on the Account Management page in the console.

The login method for the Default Account is the same as that of native Redis. You can log in by entering only a password. The following is a redis-cli connection example:

# Use the default account whose username is r-bp1jpghfglv6****** and password is Rp829dlwa to connect to the instance. 
redis-cli -h r-bp1zx****.redis.rds.aliyuncs.com -p 6379 -a Rp829dlwa

Prerequisites

The instance engine version is Redis 4.0-compatible or later.

Note

If the engine version of your instance does not meet this requirement, you can perform a major version upgrade after evaluating your business needs. For more information, see major version upgrade.

Limitations

  • Each instance supports up to 20 accounts.

  • For Redis Open-Source Edition 4.0 instances and 5.0 instances (before version 5.0.8), account names are case-insensitive. In later versions, account names are case-sensitive.

Procedure

  1. Log on to the console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.

  2. In the left navigation bar, click Account Management.

  3. Click Create Account on the right side of the page.

  4. In the dialog box that appears, configure the account settings.

    Parameter

    Description

    Account type

    • Local account: You must manually record the password for this account or configure it in plaintext within your application code.

    • KMS-managed account: When an instance's account password is managed by KMS, applications no longer need to configure static database account credentials. When an application accesses the instance, it calls the relevant KMS API to obtain the instance account and password information. For more information, see Manage instance password credentials by using KMS.

    Account Name

    The account name must meet the following requirements:

    • Starts with a letter and consists of lowercase letters, digits, and underscores (_).

    • Is no more than 35 characters long.

    • Is not a Redis account name reserved word.

    Privilege

    Set the account privilege:

    • Read-only: Grants the privilege to read data but not to modify data.

    • Read/Write: The privilege to read, write, and delete data.

    Password

    The password must meet the following requirements:

    • Contains characters from at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. The supported special characters are:

      !@#$%^&*()+-=_

    • Is 8 to 32 characters long.

    Confirm Password

    Re-enter the password to confirm.

    Description (Optional)

    The account description must meet the following requirements:

    • Starts with a letter or a Chinese character, and cannot start with http:// or https://.

    • Consists of letters, Chinese characters, digits, underscores (_), and hyphens (-).

    • Is 2 to 256 characters long.

  5. Click OK.

    After you create a new account, refresh the console page after about one minute. The account status will change to Active.

    Note

    • The password format for a new account is user:password. For example, if you create an account named testaccount with the password Rp829dlwa, you must enter the login password for the instance as testaccount:Rp829dlwa. For more information, see Log on to an instance.

    • If you connect to a Redis instance using a third-party database management tool such as RDM, enter user:password in the Password field.

  6. Optional: You can perform the following actions to manage your accounts:

    • Reset a password

      Click Reset Password in the Actions column of the target account. In the dialog box that appears, reset the password and click Determine.

    • Modify a privilege

      Click Modify Permissions in the Actions column of the target account. In the dialog box that appears, select the required privileges and click Determine.

    • Modify a description

      Click Modify Description in the Actions column of the target account. In the dialog box that appears, enter a new description and click Determine.

    • Delete an account

      In the Actions column of the target account, click More > Delete, and then click Determine in the dialog box that appears.

      Warning

      After you delete an account, you can no longer use it to log in. To prevent connection interruptions, first update the client's authentication method to use another account and password.

Redis account name reserved words

When you create an account, the account name cannot be any of the following reserved words.

Initial

Reserved word

a~c

add,admin,all,alter,analyze,and,as,asc,asensitive,aurora,before,between,bigint,binary,blob,both,by,call,cascade,case,change,char,character,check,collate,column,condition,connection,constraint,continue,convert,create,cross,current_date,current_time,current_timestamp,current_user,cursor

d~f

database,databases,day_hour,day_microsecond,day_minute,day_second,dec,decimal,declare,default,delayed,delete,desc,describe,deterministic,distinct,distinctrow,div,double,drc_rds,drop,dual,each,eagleye,else,elseif,enclosed,escaped,exists,exit,explain,false,fetch,float,float4,float8,for,force,foreign,from,fulltext

g~l

goto,grant,group,guest,having,high_priority,hour_microsecond,hour_minute,hour_second,if,ignore,in,index,infile,information_schema,inner,inout,insensitive,insert,int,int1,int2,int3,int4,int8,integer,interval,into,is,iterate,join,key,keys,kill,label,leading,leave,left,like,limit,linear,lines,load,localtime,localtimestamp,lock,long,longblob,longtext,loop,low_priority

m~r

match,mediumblob,mediumint,mediumtext,middleint,minute_microsecond,minute_second,mod,modifies,mysql,natural,no_write_to_binlog,not,null,numeric,on,optimize,option,optionally,or,order,out,outer,outfile,precision,primary,procedure,purge,raid0,range,read,reads,real,references,regexp,release,rename,repeat,replace,replicator,require,restrict,return,revoke,right,rlike,root

s~z

schema,schemas,second_microsecond,select,sensitive,separator,set,show,smallint,spatial,specific,sql,sql_big_result,sql_calc_found_rows,sql_small_result,sqlexception,sqlstate,sqlwarning,ssl,starting,straight_join,table,terminated,test,then,tinyblob,tinyint,tinytext,to,trailing,trigger,true,undo,union,unique,unlock,unsigned,update,usage,use,using,utc_date,utc_time,utc_timestamp,values,varbinary,varchar,varcharacter,varying,when,where,while,with,write,x509,xor,xtrabak,year_month,zerofill

API reference

API

Description

CreateAccount

Creates an account with a specific privilege in an instance.

GrantAccountPrivilege

Modifies the privilege of an account in an instance.

ModifyAccountDescription

Modifies the description of an account in an instance.

ModifyAccountPassword

Modifies the password of a specified account in an instance.

DeleteAccount

Deletes an account from an instance.

Previous:Security managementNext:Change or reset the password