Oracle Cloud Infrastructure Documentation

OCI Cache Users

Create and manage OCI Cache's users to use the Access Control List (ACL) functionality to define and enforce access restrictions at the user level, tailored to specific applications or workloads.

OCI Cache ACL functionality lets you restrict user access to only the necessary commands, keys, and data. You can securely share a single OCI Cache cluster among several applications while ensuring isolation and preventing cross-access between different applications' data. Each application often uses unique key prefixes to avoid key collisions.

You can create one or more OCI Cache users in OCI Cache. You can customize permissions for these users using ACL strings and associate them with one or more cache clusters. There is a many-to-many relationship between OCI Cache users and clusters: a single user can be associated with many clusters, and a single cluster can have many associated users. Furthermore, OCI Cache allows you to create several users with the same username, each having different ACL strings. To differentiate users with the same username, use the user description field to clarify their roles or permissions.

Important

Every OCI Cache cluster includes a system-defined user with the username "default." This user is integral to the cluster but doesn't appear in the OCI Cache users list and has no associated password. As a result, you can't assign ACL permissions to this system-defined user. However, you can create a new OCI Cache user with the username "default" and set a password for authentication. When you associate this new user to a cluster, you replace the system-defined user with your new user, allowing you to customize permissions using an appropriate ACL string. If you need to restore the original system-defined user, you can remove the custom OCI Cache default user from the cluster.

This structure enables flexible management of OCI Cache users, providing system-defined and customizable user options to meet different security and operational requirements.

Using OCI Cache ACL provides the following benefits:

  • Improving security by restricting access to commands and keys so that untrusted clients have no access and trusted clients have the minimum access level to the data. For example, you can restrict certain users to run only read commands.
  • Enhancing operational safety to ensure that individuals or processes accessing OCI Cache clusters don't compromise the data.

Creating OCI Cache Users

You can use the Console, CLI, SDKs, or Terraform to perform standard task operations for OCI Cache users. To create an OCI Cache user, you must provide the following information: user's name, description, ACL string, and authentication mode and status.

Authorization is defined using an Access Control List (ACL) string. This string typically consists of many components that specify permissions granted to an OCI Cache user.

For authentication, you can select between a password or temporary IAM tokens. You can authenticate with a username and password or use IAM tokens, which are short-lived and don't require a password.
  • Password-based authentication: In the case of password-based authentication, you can specify up to two passwords. For more information, see Managing Passwords for OCI Cache Users.
  • IAM-based authentication: With IAM-based authentication, you create a short-lived IAM token, eliminating the need for a password. If authentication is successful, the connection is associated with that OCI Cache user and their defined permissions. For more information on IAM-based authentication, see IAM Authentication.