You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-cache-for-redis/cache-configure-role-based-access-control.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,26 +4,26 @@ description: Learn how to create and configure a data access policy for Azure Ca
4
4
ms.custom: references_regions, ignite-2024
5
5
6
6
ms.topic: conceptual
7
-
ms.date: 04/14/2025
7
+
ms.date: 04/15/2025
8
8
appliesto:
9
9
- ✅ Azure Cache for Redis
10
10
11
11
---
12
12
13
13
# Configure custom data access policies
14
14
15
-
Managing access to your Azure Redis cache instance is critical to ensuring that the right users have access to the right set of data and commands. Redis version 6 introduced the [Access Control List](https://redis.io/docs/management/security/acl/) (ACL), which specifies the keys that certain users can access and the commands that they can execute. For example, you can prohibit specific users from using the [DEL](https://redis.io/commands/del/) command to delete keys in the cache.
15
+
Managing access to your Azure Redis cache instance is critical to ensuring that the right users have access to the right set of data and commands. Redis version 6 introduced the [Access Control List](https://redis.io/docs/management/security/acl/) (ACL), which lists the keys that specific users can access and the commands that they can execute. For example, you can prohibit specific users from using the [DEL](https://redis.io/commands/del/) command to delete keys in the cache.
16
16
17
-
Azure Cache for Redis integrates this ACL functionality with Microsoft Entra ID to allow you to configure data access policies for your application's users, service principal, and managed identity. Azure Cache for Redis offers three built-in access policies that you can assign via role-based access control (RBAC): **Data Owner**, **Data Contributor**, and **Data Reader**.
17
+
Azure Cache for Redis integrates this ACL functionality with Microsoft Entra to allow you to configure and assign data access policies for your application's users, service principal, and managed identity. Azure Cache for Redis offers three built-in access policies that you can assign via role-based access control (RBAC): **Data Owner**, **Data Contributor**, and **Data Reader**.
18
18
19
-
If the built-in access policies don't satisfy your data protection and isolation requirements, you can create and use your own custom data access policies. This article describes configuring a custom data access policy for Azure Cache for Redis and enabling RBAC via Microsoft Entra ID authentication.
19
+
If the built-in access policies don't satisfy your data protection and isolation requirements, you can create and use your own custom data access policies. This article describes configuring a custom data access policy for Azure Cache for Redis and enabling RBAC via Microsoft Entra authentication.
20
20
21
21
## Limitations
22
22
23
23
- Configuring data access policies isn't supported on Enterprise and Enterprise Flash tiers.
24
24
- Redis ACL and data access policies aren't supported on Azure Redis instances that run Redis version 4.
25
25
- Microsoft Entra authentication and authorization are supported only for Secure Socket Layer (SSL) connections.
26
-
- Some Redis commands are blocked in Azure Cache for Redis. For more information, see [Redis commands not supported in Azure Cache for Redis](cache-configure.md#redis-commands-not-supported-in-azure-cache-for-redis)
26
+
- Some Redis commands are blocked in Azure Cache for Redis. For more information, see [Redis commands not supported in Azure Cache for Redis](cache-configure.md#redis-commands-not-supported-in-azure-cache-for-redis).
27
27
28
28
## Redis ACL permissions
29
29
@@ -53,19 +53,19 @@ Redis supports the following useful command categories. For more information and
53
53
54
54
### Commands
55
55
56
-
*Commands* allow you to control which specific commands a particular Redis user can run. In a permissions string, use `+command` to allow a command or `-command` to disallow a command.
56
+
*Commands* allow you to control which specific commands a particular Redis user can run. In a permissions string, use `+<command>` to allow a command or `-<command>` to disallow a command.
57
57
58
58
### Keys
59
59
60
60
*Keys* allow you to control access to specific keys or groups of keys stored in the cache. Use `~<pattern>` in a permission string to provide a pattern for keys. Use either `~*` or `allkeys` to indicate that the permissions apply to all keys in the cache.
61
61
62
62
## Configure a custom data access policy for your application
63
63
64
-
To configure a custom data access policy, you create a permissions string to use as your custom access policy, and enable Microsoft Entra ID authentication and authorization to your cache.
64
+
To configure a custom data access policy, you create a permissions string to use as your custom access policy, and enable Microsoft Entra authentication for your cache.
65
65
66
66
### Specify permissions
67
67
68
-
Configure the permissions string according to your requirements. The following examples show permission strings for various scenarios:
68
+
Configure permission strings according to your requirements. The following examples show permission strings for various scenarios:
69
69
70
70
|Permissions string|Description|
71
71
|------------------|-----------|
@@ -106,7 +106,7 @@ Respond **Yes** to the popup dialog box asking if you want to disable access key
106
106
107
107
## Configure your Redis client to use Microsoft Entra ID
108
108
109
-
Because most Azure Cache for Redis clients assume that a password and access key are used for authentication, you probably need to update your client workflow to support authentication by using a specific Microsoft Entra user name and password. To learn how to configure your client application to connect to your cache instance as a specific Redis user, see [Configure your Redis client to use Microsoft Entra ID](cache-azure-active-directory-for-authentication.md#configure-your-redis-client-to-use-microsoft-entra).
109
+
Most Azure Cache for Redis clients assume that a password and access key are used for authentication. You might need to update your client workflow to support authentication and authorization using a specific Microsoft Entra user name and password. To learn how to configure your client application to connect to your cache instance as a specific Redis user, see [Configure your Redis client to use Microsoft Entra ID](cache-azure-active-directory-for-authentication.md#configure-your-redis-client-to-use-microsoft-entra).
0 commit comments