Skip to main content

ACL SETUSER

Syntax

ACL SETUSER username [rule [rule ...]]

ACL categories: @admin, @slow, @dangerous

ACL Rules

Dragonfly ACL rules are split into four categories:

Command Rules

  • +@<category>: Grants all the commands in the specified category to the list of commands the user is able to execute. For example, +@string adds all the string commands.
  • -@<category>: Like +@<category> but removes all the commands in the category instead of adding them.
  • +@ALL: Grants all the available groups to the user.
  • -@ALL: Revokes all the available groups from the user.

Key Permissions

Glob-style pattern that controls access to keys.

  • ~<pattern>: Allows the user to access the keys specified by the <pattern>. For example, ~foo or ~f*o.
  • %R~<pattern>: Allows the user to only read the keys specified by the <pattern>.
  • %W~<pattern>: Allows the user to only write the keys specified by the <pattern>.
  • %RW~<pattern>: Alias for ~<pattern>.
  • allkeys: Alias for ~*.
  • resetkeys: Revokes access to all keys. The user can't access any key.

Pub/Sub Permissions

Glob-style pattern that controls access to pub/sub channels.

  • &*: Grants access to all pub/sub channels.
  • &<pattern>: Grants access to channels with names specified by the <pattern>.
  • resetchannels: Revokes access to all channels. The user can't access, publish, or subscribe to any channel.
  • allchannels: Alias for &*.

Note: For all command variants that start with P (like PSUBSCRIBE), the match must be a literal match. For example, if a user's ACL contains the pattern &fo& and the user tries to PPSUBSRIBE foo, it would fail. However, if the user's ACL contains the pattern &foo instead, it would pass. This restriction does not exist on the rest of the family of pub/sub commands.

User Management Rules

  • ON: Set the user as active, it will be possible to authenticate as this user using AUTH <username> <password>.
  • OFF: Set user as not active, it will be impossible to authenticate as this user.
  • >password: Set or update the list of passwords for this user.
  • nopass: Allow the user to authenticate with any password.

Return

Simple string reply: OK on success. If the rules contain errors, the error is returned.

Examples

dragonfly> ACL SETUSER myuser ON >mypass >mysecondpass ~my*key &chan*el +@string +@fast -@slow ~*
OK