Updated on 2024-10-30 GMT+08:00

Enabling Database Access With a Password

Scenarios

Multiple sub-accounts can be created for a GeminiDB Redis instance so that multiple services can share one instance, helping DBSs effectively reduce costs. DB-level isolation can be configured between different accounts to prevent misoperations. The common account management function supports only the auth <user> <pwd> or auth <user:pwd> authentication mode. If a user does not enter <user> or it is inconvenient to change <pwd> to <user:pwd> in the code, the user can use the automatic database access function, that is, using auth <pwd> to isolate databases among multiple accounts.

For example:

  1. An account (username user1 and password p1) has been set to access only DB 10 in service A.
  2. An account (username user2 and password p2) has been set to access only DB 18 in service B.

Service B wants to make fewer changes to the applications and retain the original value of DB. In this scenario, the automatic database access function can be enabled to allow the account to access DB 18 using the password only. Even if the SELECT statement is mistakenly executed on DB 10 for service B, data of service A is not affected.

Precautions

  • Only one database can be associated with an account. Otherwise, the authentication fails.
  • The password of a new account cannot be the same as an existing password. Otherwise, the authentication fails.

Enabling Database Access With a Password

Set EnableAclDbDirect to yes to enable this feature. For details, see Modifying Parameters of an Instance.

Figure 1 Parameters

How to Use a New Account to Access a Database

  1. Run auth PWD.
  2. When you access a database using an SDK, use PWD as the password parameter.

    When you access a database by running auth argc, ensure that argc does not contain colons. If an incorrect password contains colons, the returned value is the same as that of auth argc1 argc2.