RS: Add REST API examples for creating & associating roles and ACLs with databases (#1024)

rrelledge · web-flow · commit b9e713e57bf3 · 2025-01-16T09:00:12.000-06:00
* DOC-4175 RS: Added REST API examples for creating & associating roles and ACLs with databases * DOC-4175 RS: Add more REST API examples for role & ACL creation
diff --git a/content/operate/rs/security/access-control/create-cluster-roles.md b/content/operate/rs/security/access-control/create-cluster-roles.md
@@ -49,7 +49,11 @@ Here's a summary of the Cluster Manager UI actions permitted by each default man
 
 ## Create roles for cluster access {#create-cluster-role}
 
-To create a role that grants cluster access but does not grant access to any databases:
+You can use the [Cluster Manager UI](#create-roles-ui) or the [REST API](#define-roles-rest-api) to create a role that grants cluster access but does not grant access to any databases.
+
+### Cluster Manager UI method {#create-roles-ui}
+
+To create a role that grants cluster access:
 
 1. From **Access Control** > **Roles**, you can:
 
@@ -70,3 +74,15 @@ To create a role that grants cluster access but does not grant access to any dat
 1. Select **Save**.
 
 You can [assign the new role to users]({{<relref "/operate/rs/security/access-control/create-users#assign-roles-to-users">}}) to grant cluster access.
+
+### REST API method {#define-roles-rest-api}
+
+To [create a role]({{<relref "/operate/rs/references/rest-api/requests/roles#post-role">}}) that grants cluster access:
+
+```sh
+POST /v1/roles
+{ 
+  "name": "<role-name>",
+  "management": "db_viewer | db_member | cluster_viewer | cluster_member | user_manager | admin" 
+}
+```
diff --git a/content/operate/rs/security/access-control/create-combined-roles.md b/content/operate/rs/security/access-control/create-combined-roles.md
@@ -18,7 +18,11 @@ To create a role that grants database access privileges and allows access to the
 
 ## Define Redis ACLs
 
-To define a Redis ACL rule that you can assign to a role:
+You can use the [Cluster Manager UI](#define-acls-ui) or the [REST API](#define-acls-rest-api) to define Redis ACL rules that you can assign to roles.
+
+### Cluster Manager UI method {#define-acls-ui}
+
+To define a Redis ACL rule using the Cluster Manager UI:
 
 1. From **Access Control > Redis ACLs**, you can either:
 
@@ -40,9 +44,39 @@ The **ACL builder** does not support selectors and key permissions. Use **Free t
 For multi-key commands on multi-slot keys, the return value is `failure`, but the command runs on the keys that are allowed.
 {{</note>}}
 
+### REST API method {#define-acls-rest-api}
+
+To define a Redis ACL rule using the REST API, use a [create Redis ACL]({{<relref "/operate/rs/references/rest-api/requests/redis_acls#post-redis_acl">}}) request. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]({{<relref "/operate/rs/security/access-control/redis-acl-overview">}}).
+
+Example request:
+
+```sh
+POST /v1/redis_acls
+{ 
+  "name": "Test_ACL_1",
+  "acl": "+@read +FT.INFO +FT.SEARCH"
+}
+```
+
+Example response body:
+
+```json
+{ 
+  "acl": "+@read +FT.INFO +FT.SEARCH",
+  "name": "Test_ACL_1",
+  "uid": 11
+}
+```
+
+To associate the Redis ACL with a role and database, use the `uid` from the response as the `redis_acl_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request.
+
 ## Create roles with ACLs and cluster access {#create-role}
 
-To create a role that grants database access privileges and allows access to the Cluster Management UI and REST API:
+You can create a role that grants database access privileges and allows access to the Cluster Management UI and REST API.
+
+### Cluster Manager UI method {#create-roles-ui}
+
+To define a role for combined access using the Cluster Manager UI:
 
 1. From **Access Control** > **Roles**, you can:
 
@@ -73,3 +107,53 @@ To create a role that grants database access privileges and allows access to the
     {{<image filename="images/rs/screenshots/access-control/rbac-save-combined-role.png" alt="Add databases to access">}}
 
 You can [assign the new role to users]({{<relref "/operate/rs/security/access-control/create-users#assign-roles-to-users">}}) to grant database access and access to the Cluster Manager UI and REST API.
+
+### REST API method {#define-roles-rest-api}
+
+To define a role for combined access using the REST API:
+
+1. [Create a role.](#create-role-rest-api)
+
+1. [Associate a database with roles and Redis ACLs.](#associate-roles-acls-rest-api)
+
+#### Create a role {#create-role-rest-api}
+
+To [create a role]({{<relref "/operate/rs/references/rest-api/requests/roles#post-role">}}) using the REST API:
+
+```sh
+POST /v1/roles
+{ 
+  "name": "<role-name>",
+  "management": "db_viewer | db_member | cluster_viewer | cluster_member | admin" 
+}
+```
+
+Example response body:
+
+```json
+{ 
+  "management": "admin",
+  "name": "<role-name>",
+  "uid": 7
+}
+```
+
+To associate the role with a Redis ACL and database, use the `uid` from the response as the `role_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request.
+
+
+#### Associate a database with roles and Redis ACLs {#associate-roles-acls-rest-api}
+
+[Update a database's configuration]({{<relref "/operate/rs/references/rest-api/requests/bdbs#put-bdbs">}}) to add `roles_permissions` with the role and Redis ACL:
+
+```sh
+POST /v1/bdbs/<database-id>
+{
+  "roles_permissions":
+  [
+    {
+      "role_uid": <integer>,
+      "redis_acl_uid": <integer>
+    }
+  ]
+}
+```
diff --git a/content/operate/rs/security/access-control/create-db-roles.md b/content/operate/rs/security/access-control/create-db-roles.md
@@ -20,7 +20,11 @@ To create a role that grants database access without granting access to the Redi
 
 ## Define Redis ACLs
 
-To define a Redis ACL rule that you can assign to a role:
+You can use the [Cluster Manager UI](#define-acls-ui) or the [REST API](#define-acls-rest-api) to define Redis ACL rules that you can assign to roles.
+
+### Cluster Manager UI method {#define-acls-ui}
+
+To define a Redis ACL rule using the Cluster Manager UI:
 
 1. From **Access Control > Redis ACLs**, you can either:
 
@@ -42,11 +46,39 @@ The **ACL builder** does not support selectors and key permissions. Use **Free t
 For multi-key commands on multi-slot keys, the return value is `failure`, but the command runs on the keys that are allowed.
 {{</note>}}
 
+### REST API method {#define-acls-rest-api}
+
+To define a Redis ACL rule using the REST API, use a [create Redis ACL]({{<relref "/operate/rs/references/rest-api/requests/redis_acls#post-redis_acl">}}) request. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]({{<relref "/operate/rs/security/access-control/redis-acl-overview">}}).
+
+Example request:
+
+```sh
+POST /v1/redis_acls
+{ 
+  "name": "Test_ACL_1",
+  "acl": "+@read +FT.INFO +FT.SEARCH"
+}
+```
+
+Example response body:
+
+```json
+{ 
+  "acl": "+@read +FT.INFO +FT.SEARCH",
+  "name": "Test_ACL_1",
+  "uid": 11
+}
+```
+
+To associate the Redis ACL with a role and database, use the `uid` from the response as the `redis_acl_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request.
+
 ## Create roles with ACLs
 
 To create a role that grants database access to users but blocks access to the Redis Enterprise Cluster Manager UI and REST API, set the **Cluster management role** to **None**.
 
-To define a role for database access:
+### Cluster Manager UI method {#create-roles-ui}
+
+To define a role for database access using the Cluster Manager UI:
 
 1. From **Access Control** > **Roles**, you can:
 
@@ -77,3 +109,53 @@ To define a role for database access:
     {{<image filename="images/rs/access-control-role-save.png" alt="Add databases to access" >}}
 
 You can [assign the new role to users]({{<relref "/operate/rs/security/access-control/create-users#assign-roles-to-users">}}) to grant database access.
+
+### REST API method {#define-roles-rest-api}
+
+To define a role for database access using the REST API:
+
+1. [Create a role.](#create-role-rest-api)
+
+1. [Associate a database with roles and Redis ACLs.](#associate-roles-acls-rest-api)
+
+#### Create a role {#create-role-rest-api}
+
+To [create a role]({{<relref "/operate/rs/references/rest-api/requests/roles#post-role">}}) using the REST API:
+
+```sh
+POST /v1/roles
+{ 
+  "name": "<role-name>",
+  "management": "none" 
+}
+```
+
+Example response body:
+
+```json
+{ 
+  "management": "none",
+  "name": "<role-name>",
+  "uid": 7
+}
+```
+
+To associate the role with a Redis ACL and database, use the `uid` from the response as the `role_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request.
+
+
+#### Associate a database with roles and Redis ACLs {#associate-roles-acls-rest-api}
+
+[Update a database's configuration]({{<relref "/operate/rs/references/rest-api/requests/bdbs#put-bdbs">}}) to add `roles_permissions` with the role and Redis ACL:
+
+```sh
+POST /v1/bdbs/<database-id>
+{
+  "roles_permissions":
+  [
+    {
+      "role_uid": <integer>,
+      "redis_acl_uid": <integer>
+    }
+  ]
+}
+```
