azureredisazure-active-directory

restrict access to redis console in Azure


Im trying to restric the access to a specific group into the redis console in Azure, I thought about doing so by removing the group from IAM. Example: Group name: myDevTeamK500 IAM: check levels if group is there just remove.

Id like to know if there is also another way to do so?


Solution

  • AFAIK, the approach of removing the group from the IAM permissions on the Redis resource to restrict access to the Redis console is correct.

    If you want to restrict a user, service principal or managed identity from executing specific commands in the Redis Cache Console, you can create a custom data access policy that limits allowed commands (e.g., +get, +set, +cluster|info).

    To create a custom access policy, open your Redis Cache instance in the Azure portal, go to Data Access Configuration, click on New access policy, and specify the permissions according to your requirements.

    enter image description here

    I have assigned a read-only custom access policy to the user with the following permissions: +@read +@connection +cluster|info +cluster|nodes +cluster|slots ~*. enter image description here

    After that, I assigned the created custom access policy to the user.

    enter image description here

    Reference: learn.microsoft.com/en-us/azure/azure-cache-for-redis/…