You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-cache-for-redis/cache-configure-role-based-access-control.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,7 +37,7 @@ Redis supports the following useful command categories. For more information and
37
37
38
38
|Category|Description|
39
39
|--------|-----------|
40
-
|`admin`|Administrative commands, such as `MONITOR` and `SHUTDOWN`. Normal applications never need to use these.|
40
+
|`admin`|Administrative commands, such as `MONITOR` and `SHUTDOWN`. Normal applications never need to use these commands.|
41
41
|`dangerous`|Potentially dangerous commands, including `FLUSHALL`, `RESTORE`, `SORT`, `KEYS`, `CLIENT`, `DEBUG`, `INFO`, and `CONFIG`. Consider each with care, for various reasons.|
42
42
|`keyspace`|Includes `DEL`, `RESTORE`, `DUMP`, `RENAME`, `EXISTS`, `DBSIZE`, `KEYS`, `EXPIRE`, `TTL`, and `FLUSHALL`. Writing or reading from keys, databases, or their metadata in a type agnostic way. Commands that only read the keyspace, key, or metadata have the `read` category. Commands that can modify the keyspace, key, or metadata also have the `write` category.|
43
43
|`pubsub`|PubSub-related commands.|
@@ -49,19 +49,19 @@ Redis supports the following useful command categories. For more information and
49
49
|`write`|Writing values or metadata to keys.|
50
50
51
51
>[!NOTE]
52
-
>Commands that are [blocked](cache-configure.md#redis-commands-not-supported-in-azure-cache-for-redis) for Azure Redis remain blocked within these categories.
52
+
>Commands that are [blocked](cache-configure.md#redis-commands-not-supported-in-azure-cache-for-redis) for Azure Redis remain blocked within the categories.
53
53
54
54
### Commands
55
55
56
-
*Commands* allow you to control which specific commands can be run by a particular Redis user. In a permissions string, use `+command` to allow a command or `-command` to disallow a command.
56
+
*Commands* allow you to control which specific commands a particular Redis user can run. In a permissions string, use `+command` to allow a command or `-command` to disallow a command.
57
57
58
58
### Keys
59
59
60
60
*Keys* allow you to control access to specific keys or groups of keys stored in the cache. In a permissions string, use `~<pattern>` to provide a pattern for keys. Use either `~*` or `allkeys` to indicate that the permissions apply to all keys in the cache.
61
61
62
-
## Configure a custom data access policy
62
+
## Configure a custom data access policy for your application
63
63
64
-
To configure a custom data access policy, you first create a permissions string to use as your custom access policy, and then assign the policy to Azure Redis cache users.
64
+
To configure a custom data access policy, you first create a permission string to use as your custom access policy, and then assign the policy to Azure Redis cache users.
65
65
66
66
### Specify permissions
67
67
@@ -70,7 +70,7 @@ Configure the permissions string according to your requirements. The following e
70
70
|Permissions string|Description|
71
71
|------------------|-----------|
72
72
|`+@all allkeys`|Allow application to execute all commands on all keys.|
73
-
|`+@read ~*`|- Allow application to execute only `read` command category.|
73
+
|`+@read ~*`|Allow application to execute only `read` command category.|
74
74
|`+@read +set ~Az*`|Allow application to execute `read` command category and set command on keys with prefix `Az`.|
75
75
76
76
### Create the custom data access policy
@@ -93,11 +93,11 @@ The custom policy now appears on the **Access Policies** tab of the **Data Acces
93
93
94
94
### Enable Microsoft Entra ID authentication
95
95
96
-
To add a user to an access policy by using Microsoft Entra ID, you must have Microsoft Entra ID rather than Access Keys authentication enabled on your cache. To check this, select **Authentication** under **Settings** in the laft navigation menu for your cache.
96
+
To add a user to an access policy by using Microsoft Entra ID, you must have Microsoft Entra ID rather than Access Keys authentication enabled on your cache. To check your authentication method, select **Authentication** under **Settings** in the left navigation menu for your cache.
97
97
98
98
On the **Authentication** screen, if **Disable Access Keys Authentication** is selected and no access keys appear on the screen, your cache already uses Microsoft Entra ID authentication. Otherwise, select the checkbox next to **Disable Access Keys Authentication** and then select **Save**.
99
99
100
-
:::image type="content" source="media/cache-azure-active-directory-for-authentication/enable-entra.png" alt-text="Screenshot of disabling access keys authentication.":::
100
+
:::image type="content" source="media/cache-configure-role-based-access-control/enable-entra.png" alt-text="Screenshot of disabling access keys authentication.":::
101
101
102
102
Respond **Yes** to the popup dialog box asking if you want to disable access keys authentication.
0 commit comments