ACL permission denied — user lacks required command or key permission
Production Risk
Low — the command is rejected; no data is modified.
The authenticated user does not have permission to execute the command or access the key. Introduced in Redis 6.0 with the ACL system.
- 1The user's ACL does not grant the command being run.
- 2The user's ACL restricts access to the key pattern being accessed.
- 3The user has been assigned a limited role (e.g. read-only) but is attempting a write.
A client authenticated as a restricted user tries to run a command it lacks permission for.
ACL SETUSER limited_user on >password ~readonly:* +GET +HGET AUTH limited_user password SET restricted_key "value"
expected output
(error) NOPERM this user has no permissions to run the 'set' command
Fix 1
Grant the required permission in ACL
WHEN The user genuinely needs to run this command
ACL SETUSER limited_user +SET # Or grant all commands: ACL SETUSER limited_user +@all
Why this works
Adding the command or command category to the user's ACL allows the operation.
Fix 2
Use the default user or an admin user
WHEN During development/debugging
AUTH default "" # or use requirepass with the default user
Why this works
The default user has all permissions unless restricted.
✕ Grant +@all to production service accounts
Principle of least privilege — service accounts should only have the commands and key patterns they actually need.
ACL system introduced; NOPERM error added.
ACL LOG improved; RESET command added for ACL users.
Redis ACL documentation
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev