Documentation - V-251187

V-251187

Redis Enterprise 6.x Security Technical Implementation Guide

CAT II

Title

Redis Enterprise DBMS must enforce access control lists, as defined by the data owner, over defined subjects and objects.

Description

<VulnDiscussion>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled table permissions. When d...

Fix Text (Documentation Requirement)

To configure a Redis ACL rule that can be assigned to a user role: 1. Navigate to access control >> redis acls. 2. Edit an existing Redis ACL by hovering over a Redis ACL and clicking "Edit". 3. Create a new Redis ACL by clicking "Add". 4. Enter a descriptive name for the Redis ACL. This will be used to reference the ACL rule to the role. 5. Define the ACL rule. 6. Click "Save". Assign ACLs to roles and roles to users as appropriate. For more information: https://docs.redislabs.com/latest/rs/security/passwords-users-roles/

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel