V-251186
Redis Enterprise 6.x Security Technical Implementation Guide
Title
Redis Enterprise DBMS must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
Description
<VulnDiscussion>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled table permissions. When d...
Fix Text (Documentation Requirement)
To assign a user to a role: 1. Log in to Redis Enterprise as an admin user. 2. Navigate to the access controls tab. 3. Ensure that each user is assigned a role according to organizationally defined policy. To configure a Redis ACL rule that can be assigned to a user role: 1. Navigate to access control >> redis acls. 2. Edit an existing Redis ACL by hovering over a Redis ACL and clicking "Edit". 3. Create a new Redis ACL by clicking "Add". 4. Enter a descriptive name for the Redis ACL. This will be used to reference the ACL rule to the role. 5. Define the ACL rule. 6. Click "Save". For more information: https://docs.redislabs.com/latest/rs/security/passwords-users-roles/