Updated on 2025-08-05 GMT+08:00

Creating an ACL Account

Function

This API is used to create an account with read/write or read-only permissions for a DCS Redis 4.0 or 5.0 instance.

If the default user has enabled password-free access, normal users cannot use the instance. To allow normal users to use the instance, disable password-free access.

The password of the default user of a single-node or master/standby instance cannot contain colons (:). Otherwise, normal users cannot be created.

Calling Method

For details, see Calling APIs.

URI

POST /v2/{project_id}/instances/{instance_id}/accounts

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition:

Project ID. For details, see Obtaining a Project ID.

Constraints:

N/A

Range:

N/A

Default Value:

N/A

instance_id

Yes

String

Definition:

Instance ID. It can be viewed on the instance details page on the DCS console.

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

account_name

Yes

String

Definition:

ACL username.

Constraints:

  • Starts with a letter.

  • Can contain only letters, digits, hyphens (-), and underscores (_).

  • Can contain 1 to 64 characters.

Range:

N/A

Default Value:

N/A

account_role

Yes

String

Definition:

ACL user permissions.

Constraints:

N/A

Range:

  • read: read-only

  • write: read and write

Default Value:

N/A

account_password

Yes

String

Definition:

ACL user password.

Constraints:

  • Can contain 8 to 64 characters.

  • Cannot use the username spelled forwards or backwards.

  • Must contain at least three of the following character types (colons are not allowed):

    • Lowercase letters

    • Uppercase letters

    • Digits

    • Special characters `~!@#$%^&*()-_=+\|{}'",<.>/?

Range:

N/A

Default Value:

N/A

description

No

String

Definition:

ACL user description.

Constraints:

0–1,024 characters

Range:

N/A

Default Value:

N/A

account_read_policy

No

String

Definition:

Read requests are routed to master or replica nodes.

Constraints:

  • This parameter can be set only for Proxy Cluster and read/write splitting instances except for Proxy Cluster instances without read/write splitting enabled.

  • For details about read/write splitting, see the backend-master-only parameter in section "Managing Instances" > "Modifying Configuration Parameters of a DCS Instance" in the User Guide.

Range:

  • master: Read requests are routed to the master node.

  • replica: Read requests are routed to the replica node.

  • master-replica: Read requests are routed to the master and replica nodes.

Default Value:

By default, this parameter is not set. If this parameter is not set, read requests are forwarded based on the read/write splitting configuration of the instance.

  • For details about the complete read/write splitting configuration, see parameter read-only-slave-when-wr-split in User Guide > "Managing Instances" > "Modifying Configuration Parameters of a DCS Instance".

  • Proxy Cluster instance

    • By default, read/write splitting is disabled, and read requests are forwarded to the master node.

    • Read/Write splitting enabled

      • By default, complete read/write splitting is enabled, and read requests are forwarded to the replica node.

      • If complete read/write splitting is disabled, read requests are randomly forwarded to the master and replica nodes.

  • Read/Write splitting instance

    • Read/Write splitting is supported by default.

      • By default, complete read/write splitting is enabled, and read requests are forwarded to the replica node.

      • If complete read/write splitting is disabled, read requests are randomly forwarded to the master and replica nodes.

Response Parameters

Status code: 200

Definition:

The ACL user creation task is successfully delivered.

Status code: 400

Table 3 Response body parameters

Parameter

Type

Description

error_msg

String

Definition:

Error message.

Range:

N/A

error_code

String

Definition:

Error code.

Range:

For details, see Error Codes.

error_ext_msg

String

Definition:

Extended error information. This parameter is not used currently and is set to null.

Range:

N/A

Status code: 401

Table 4 Response body parameters

Parameter

Type

Description

error_msg

String

Definition:

Error message.

Range:

N/A

error_code

String

Definition:

Error code.

Range:

For details, see Error Codes.

error_ext_msg

String

Definition:

Extended error information. This parameter is not used currently and is set to null.

Range:

N/A

Status code: 403

Table 5 Response body parameters

Parameter

Type

Description

error_msg

String

Definition:

Error message.

Range:

N/A

error_code

String

Definition:

Error code.

Range:

For details, see Error Codes.

error_ext_msg

String

Definition:

Extended error information. This parameter is not used currently and is set to null.

Range:

N/A

Status code: 404

Table 6 Response body parameters

Parameter

Type

Description

error_msg

String

Definition:

Error message.

Range:

N/A

error_code

String

Definition:

Error code.

Range:

For details, see Error Codes.

error_ext_msg

String

Definition:

Extended error information. This parameter is not used currently and is set to null.

Range:

N/A

Status code: 500

Table 7 Response body parameters

Parameter

Type

Description

error_msg

String

Definition:

Error message.

Range:

N/A

error_code

String

Definition:

Error code.

Range:

For details, see Error Codes.

error_ext_msg

String

Definition:

Extended error information. This parameter is not used currently and is set to null.

Range:

N/A

Example Requests

Creating a read-only ACL account named user.

POST https:///{dcs_endpoint}/v2/{project_id}/instances/{instance_id}/accounts

{
  "account_name" : "user",
  "account_role" : "read",
  "account_password" : "xxxxx"
}

Example Responses

Status code: 400

Definition:

Invalid request.

{
  "error_code" : "DCS.4961",
  "error_msg" : "Acl account request param invalid."
}

SDK Sample Code

The SDK sample code is as follows.

Creating a read-only ACL account named user.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.dcs.v2.region.DcsRegion;
import com.huaweicloud.sdk.dcs.v2.*;
import com.huaweicloud.sdk.dcs.v2.model.*;


public class CreateAclAccountSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        DcsClient client = DcsClient.newBuilder()
                .withCredential(auth)
                .withRegion(DcsRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateAclAccountRequest request = new CreateAclAccountRequest();
        request.withInstanceId("{instance_id}");
        CreateAclAccountRequestBody body = new CreateAclAccountRequestBody();
        body.withAccountPassword("xxxxx");
        body.withAccountRole(CreateAclAccountRequestBody.AccountRoleEnum.fromValue("read"));
        body.withAccountName("user");
        request.withBody(body);
        try {
            CreateAclAccountResponse response = client.createAclAccount(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Creating a read-only ACL account named user.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkdcs.v2.region.dcs_region import DcsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkdcs.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = DcsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(DcsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateAclAccountRequest()
        request.instance_id = "{instance_id}"
        request.body = CreateAclAccountRequestBody(
            account_password="xxxxx",
            account_role="read",
            account_name="user"
        )
        response = client.create_acl_account(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Creating a read-only ACL account named user.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    dcs "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dcs/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dcs/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dcs/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := dcs.NewDcsClient(
        dcs.DcsClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateAclAccountRequest{}
	request.InstanceId = "{instance_id}"
	request.Body = &model.CreateAclAccountRequestBody{
		AccountPassword: "xxxxx",
		AccountRole: model.GetCreateAclAccountRequestBodyAccountRoleEnum().READ,
		AccountName: "user",
	}
	response, err := client.CreateAclAccount(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Definition:

The ACL user creation task is successfully delivered.

400

Definition:

Invalid request.

401

Definition:

Authentication failed.

403

Definition:

Request rejected.

404

Definition:

Incorrect path.

500

Definition:

Internal error.

Error Codes

See Error Codes.