--- Title: Create roles with cluster access only alwaysopen: false categories: - docs - operate - rs description: Create roles with cluster access only. linkTitle: Create roles with cluster access only weight: 14 url: '/operate/rs/7.8/security/access-control/create-cluster-roles/' --- Roles with cluster access allow access to the Cluster Management UI and REST API. ## Default management roles Redis Enterprise Software includes five predefined roles that determine a user's level of access to the Cluster Manager UI and [REST API]({{}}). 1. **DB Viewer** - Read database settings 1. **DB Member** - Administer databases 1. **Cluster Viewer** - Read cluster settings 1. **Cluster Member** - Administer the cluster 1. **User Manager** - Administer users 1. **Admin** - Full cluster access 1. **None** - For data access only - cannot access the Cluster Manager UI or use the REST API For more details about the privileges granted by each of these roles, see [Cluster Manager UI permissions](#cluster-manager-ui-permissions) or [REST API permissions]({{}}). ## Cluster Manager UI permissions Here's a summary of the Cluster Manager UI actions permitted by each default management role: | Action | DB Viewer | DB Member | Cluster Viewer | Cluster Member | Admin | User Manager | |--------|:---------:|:---------:|:--------------:|:-----------:|:------:|:------:| | Create, edit, delete users and LDAP mappings | ❌ No | ❌ No | ❌ No | ❌ No | ✅ Yes | ✅ Yes | | Create support package | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No | | Edit database configuration | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No | | Reset slow log | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No | | View cluster configuration | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | | View cluster logs | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes
| ✅ Yes
| | View cluster metrics | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | | View database configuration | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | | View database metrics | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | | View node configuration | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | | View node metrics | ❌ No | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | | View Redis database password | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ✅ Yes | | View slow log | ❌ No | ✅ Yes | ❌ No | ✅ Yes | ✅ Yes | ❌ No | | View and edit cluster settings | ❌ No | ❌ No | ❌ No | ❌ No | ✅ Yes | ❌ No | ## Create roles for cluster access {#create-cluster-role} You can use the [Cluster Manager UI](#create-roles-ui) or the [REST API](#define-roles-rest-api) to create a role that grants cluster access but does not grant access to any databases. ### Cluster Manager UI method {#create-roles-ui} To create a role that grants cluster access: 1. From **Access Control** > **Roles**, you can: - Point to a role and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing role. - Select **+ Add role** to create a new role. {{Add role with name}} 1. Enter a descriptive name for the role. 1. Choose a **Cluster management role** to determine cluster management permissions. {{Select a cluster management role to set the level of cluster management permissions for the new role.}} 1. To prevent database access when using this role, do not add any ACLs. 1. Select **Save**. You can [assign the new role to users]({{}}) to grant cluster access. ### REST API method {#define-roles-rest-api} To [create a role]({{}}) that grants cluster access: ```sh POST /v1/roles { "name": "", "management": "db_viewer | db_member | cluster_viewer | cluster_member | user_manager | admin" } ```