Help Center> GeminiDB> GeminiDB Redis API> Working with GeminiDB Redis API> Account and security> Enabling Database Access With a Password
Updated on 2024-02-08 GMT+08:00
View PDF

Enabling Database Access With a Password

Scenarios

Multiple sub-accounts can be created for a GeminiDB Redis instance so that multiple services can share one instance, helping DBSs effectively reduce costs. DB-level isolation can be configured between different accounts to prevent misoperations. The common account management function supports only the auth <user> <pwd> or auth <user:pwd> authentication mode. If a user does not enter <user> or it is inconvenient to change <pwd> to <user:pwd> in the code, the user can use the automatic database access function, that is, using auth <pwd> to isolate databases among multiple accounts.

For example:

  1. An account (username user1 and password p1) has been set to access only DB 10 in service A.
  2. An account (username user2 and password p2) has been set to access only DB 18 in service B.

Service B wants to make fewer changes to the applications and retain the original value of DB. In this scenario, the automatic database access function can be enabled to allow the account to access DB 18 using the password only. Even if the account mistakenly executes SELECT statements on DB 10, data of service A is not affected.

Precautions

  • Only one database can be associated with an account. Otherwise, the authentication fails.
  • The password of a new account cannot be the same as an existing password. Otherwise, the authentication fails.

Enabling Database Access With a Password

You can manually enable this function or contact O&M personnel to enable it.

To manually enable the function, set EnableAclDbDirect to 1.

Run the following command to check whether the function is enabled. true indicates the function is enabled. false indicates the function fails to be enabled. In this case, contact O&M personnel.

How to Use a New Account to Access a Database

  1. Run auth PWD.
  2. When you access a database using an SDK, use PWD as the password parameter.

    When you access a database by running auth argc, ensure that argc does not contain colons. If an incorrect password contains colons, the returned value is the same as that of auth argc1 argc2.

Parent topic: Account and security