From 49cc3153dd0f8f03f57e025747329ad0e35388d2 Mon Sep 17 00:00:00 2001 From: "David W. Dougherty" Date: Tue, 3 Jun 2025 07:06:15 -0700 Subject: [PATCH 1/2] DEV: correct ACL docs regarding prefixes --- content/operate/oss_and_stack/management/security/acl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/operate/oss_and_stack/management/security/acl.md b/content/operate/oss_and_stack/management/security/acl.md index c4aa3e237..1620cbfe2 100644 --- a/content/operate/oss_and_stack/management/security/acl.md +++ b/content/operate/oss_and_stack/management/security/acl.md @@ -311,7 +311,7 @@ The following is a list of command categories and their meanings: * **pubsub** - all pubsub related commands. * **read** - Reading from keys (values or metadata). Note that commands that don't interact with keys, will not have either `read` or `write`. * **scripting** - Scripting related. -* **search** - All search related commands. Note that indexes can only be created/modified if their key prefixes are a superset of the keys to which a user has access. For example, a user with the key ACL pattern `h:*` can create an index with keys prefixed by `h:*` or `h:p*`, but not keys prefixed by `h*`, `k:*`, or `k*`, because these prefixes may involve keys to which the user has access. +* **search** - All search related commands. Note that only ACL users with access to a superset of the key prefixes defined during index creation can create, modify, or read the index. For example, a user with the key ACL pattern `h:*` can create an index with keys prefixed by `h:*` or `h:p*`, but not keys prefixed by `h*`, `k:*`, or `k*`, because these prefixes may involve keys to which the user does not have access. * **set** - Data type: all set related commands. * **sortedset** - Data type: all sorted set related commands. * **slow** - All commands that are not `fast`. From a41da0b37abe14f6037e1ff4caa51ac76945c6e1 Mon Sep 17 00:00:00 2001 From: "David W. Dougherty" Date: Tue, 3 Jun 2025 07:14:36 -0700 Subject: [PATCH 2/2] Minor grammar correction. --- content/operate/oss_and_stack/management/security/acl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/operate/oss_and_stack/management/security/acl.md b/content/operate/oss_and_stack/management/security/acl.md index 1620cbfe2..0a39ef12a 100644 --- a/content/operate/oss_and_stack/management/security/acl.md +++ b/content/operate/oss_and_stack/management/security/acl.md @@ -311,7 +311,7 @@ The following is a list of command categories and their meanings: * **pubsub** - all pubsub related commands. * **read** - Reading from keys (values or metadata). Note that commands that don't interact with keys, will not have either `read` or `write`. * **scripting** - Scripting related. -* **search** - All search related commands. Note that only ACL users with access to a superset of the key prefixes defined during index creation can create, modify, or read the index. For example, a user with the key ACL pattern `h:*` can create an index with keys prefixed by `h:*` or `h:p*`, but not keys prefixed by `h*`, `k:*`, or `k*`, because these prefixes may involve keys to which the user does not have access. +* **search** - All search related commands. Only ACL users with access to a superset of the key prefixes defined during index creation can create, modify, or read the index. For example, a user with the key ACL pattern `h:*` can create an index with keys prefixed by `h:*` or `h:p*`, but not keys prefixed by `h*`, `k:*`, or `k*`, because these prefixes may involve keys to which the user does not have access. * **set** - Data type: all set related commands. * **sortedset** - Data type: all sorted set related commands. * **slow** - All commands that are not `fast`.