To give each team member only the permissions that they need for their work with the cluster, RS lets you assign a role to each team member. You can manage team members and roles in settings > team, or with the REST API.

The roles and permissions available in RS are:

Database Nodes Cluster
View metrics View
config
View
redis
password
Edit config Reset
slow log
View metrics View
config
View metrics View
config
View logs View
and edit
settings
DB Viewer V V
DB Member V V V V V V
Cluster Viewer V V V V V V V
Cluster Member V V V V V V V V V V
Admin V V V V V V V V V V V

Adding a User

To add a user to the cluster:

  1. Go to: settings > team
  2. Click Add.
  3. Enter the name, email and password of the new user and select the role to assign to the user.
  4. Select the type of user:

    • internal - Authenticates with RS
    • external - Authenticates with an external LDAP server
    How do I create an external user?
  5. For the email alerts, click Edit and select the alerts that the user receives. You can select:

    • Receive alerts for databases - The alerts that are enabled for the selected databases are sent to the user. You can either select all databases, or you can select Customize and select the individual databases to send alerts for. All databases includes existing and future databases.
    • Receive cluster alerts - The alerts that are enabled for the cluster in settings > alerts are sent to the user.
    How do I select email alerts?

    Then, click Save.

  6. Click Save.

To edit the name, password, role or email alerts of a user, hover over the user and click Edit. To change a user from internal to external, you must delete the user and re-add it.

Resetting user passwords

To reset a user password from the CLI, run:

rladmin cluster reset_password <username>

You are asked to enter and confirm the new password.

Setting Local Password Policies

RS supports enforcement for password complexity and expiration.

To enforce a more advanced password policy that meets your contractual and compliance requirements and your organizational policies, we recommend that you use LDAP integration with an external identity provider, such as Active Directory.

Setting up local password complexity

RS lets you enforce a password complexity profile that meets most organizational needs. The password complexity profile is defined by:

  • At least 8 characters
  • At least one uppercase character
  • At least one lowercase character
  • At least one number (not first or last character)
  • At least one special character (not first or last character)
  • Does not contain the User ID or reverse of the User ID
  • No more than 3 repeating characters
Note -
The password complexity profile applies to when a new user is added or an existing user changes their password.

To enforce the password complexity profile, run:

curl -k -X PUT -v -H "cache-control: no-cache" -H "content-type: application/json" -u "<administrator-user-email>:<password>" -d '{"password_complexity":true}' https://<RS_server_address>:9443/v1/cluster

Setting local user password expiration

RS lets you enforce password expiration to meet your compliance and contractual requirements. To enforce an expiration of a local users password after a specified number of days, run:

curl -k -X PUT -v -H "cache-control: no-cache" -H "content-type: application/json" -u "<administrator_user>:<password>" -d '{"password_expiration_duration":<number_of_days>}' https://<RS_server_address>:9443/v1/cluster

To disable password expiration, set the number of days to 0.