To give each team member only the permissions that they need for their work with the cluster, RS lets you assign a role to each team member. You can manage team members and roles in settings > team, or with the REST API. The roles and permissions available in RS are: Database Nodes Cluster View metrics View config View redis password Edit config Reset
To prevent unauthorized access to your data, RS databases support the TLS protocol (the more secure successor to SSL) that includes: Encryption - Makes sure that the traffic can only be read by the sender and recipient. Authentication - The server or client makes sure that it communicates with an authorized entity. When you enable TLS for a database or CRDB, encryption is enforced on either all communications or only communications between clusters, and RS sends its certificate to clusters and clients for authentication to the database or CRDB.
Redis Enterprise Software (RS) provides you with the ability to integrate your existing LDAP server for authentication for account management in RS. LDAP authentication for RS administrator accounts requires minimal manual steps to configure the systems to interact. Note: LDAP groups cannot be mapped to Redis Enterprise Software accounts. For the steps, you need to configure the saslauthd service for the cluster, set up accounts on the LDAP Server, then map those IDs in RS.
If you configure it, Redis Enterprise Software (RS) can use industry-standard encryption to protect your data in transit between a Redis client and RS. For this purpose, RS uses transport layer security (TLS) protocol, which is the more secure successor to SSL. To enable TLS you must configure the RS cluster nodes, the database, and the client, as detailed below. Configuration of the RS nodes By default, each cluster node has a different set of self-signed certificates.
To help reduce the risk of a brute force attacks on Redis Enterprise Software (RS), RS includes user login restrictions. You can customize the restrictions to align with the security policy of your organization. Every failed login is shown in the logs. Note - Customers, such as large organizations, that use LDAP to manage external authentication must set these restrictions in the LDAP service. User Login Lockout The parameters for the user login lockout are: