Title: ACL example
Last modified: September 14, 2023

---

# ACL example

 *  Resolved [peterarends](https://wordpress.org/support/users/peterarends/)
 * (@peterarends)
 * [2 years, 9 months ago](https://wordpress.org/support/topic/acl-example/)
 * @tillkrues over at [https://wordpress.org/support/topic/security-in-a-shared-hosting-environment/#post-14824731](https://wordpress.org/support/topic/security-in-a-shared-hosting-environment/#post-14824731)
   you mention:
 * > You need to create a separate ACL user for each site that only has access to
   > that particular database.
 * Do you have an example of a line in a aclfile that is properly configured? I’m
   using this at the moment:
 *     ```wp-block-code
       user username on >password &* ~prefix* -@all +get +set +ping +info +setex +select|10 +keys +del +flushdb +expire +mget +mset +zadd +zremrangebyscore +zcount +exists +incrby +decrby +setnx
       ```
   
 * I came to this one by trail and error. It does work, but doesn’t show the statistics
   graphs, it mentions “Not enough data collected, yet.” while “Metrics recorded”
   in Diagnostics does add up.
 * What I’m trying to prevent is that different sites have access to the key names
   of each other in a shared environment (because keys contain sensitive information
   like email addresses).
 * It would be great if you could share an example line from a in production aclfile
   where all is save and all redis commands that your plugin calls are covered.
 * Thank you in advance.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Till Krüss](https://wordpress.org/support/users/tillkruess/)
 * (@tillkruess)
 * [2 years, 9 months ago](https://wordpress.org/support/topic/acl-example/#post-17051586)
 * TBH I’d use `+@all` and just restrict it to a certain database for each users.
   That’s the least overhead, because what if the plugin starts using new commands?
   IMO it’s better to restrict dangerous commands, but allow most normal ones by
   default.
 * If you want to be more restrictive, use more general groups like:
 *     ```wp-block-code
       @connection, @string, @transaction, @scripting, @sortedset, +info
       ```
   
 * This might be missing a few. You can probably `redis-cli monitor` and see which
   commands get rejected?

Viewing 1 replies (of 1 total)

The topic ‘ACL example’ is closed to new replies.

 * ![](https://ps.w.org/redis-cache/assets/icon-256x256.gif?rev=2568513)
 * [Redis Object Cache](https://wordpress.org/plugins/redis-cache/)
 * [Support Threads](https://wordpress.org/support/plugin/redis-cache/)
 * [Active Topics](https://wordpress.org/support/plugin/redis-cache/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/redis-cache/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/redis-cache/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Till Krüss](https://wordpress.org/support/users/tillkruess/)
 * Last activity: [2 years, 9 months ago](https://wordpress.org/support/topic/acl-example/#post-17051586)
 * Status: resolved