content/embeds/redis8-breaking-changes-acl.md
{{< note >}} The following content is relevant to all Redis distributions (RS, RC, and ROS). {{< /note >}}
Redis 8 includes Redis Search, as well as JSON, time series, Bloom filter, cuckoo filter, top-k, count-min sketch, and t-digest data types. The integration of these features into Redis also comes with improvements to Redis [ACL]({{< relref "/operate/oss_and_stack/management/security/acl" >}}) rules.
{{< warning >}} These ACL changes may introduce breaking changes for some users, which must be analyzed carefully. {{< /warning >}}
Before Redis 8, the existing ACL categories @read, @write, @dangerous, @admin, @slow, and @fast did not include commands for Redis Search and the JSON, time series, and probabilistic data structures.
Starting with Redis 8, Redis includes all Redis Search, JSON, time series, Bloom filter, cuckoo filter, top-k, count-min sketch, and t-digest commands in these existing ACL categories.
As a result:
Existing ACL rules such as +@read +@write will allow access to more commands than in previous versions of Redis. Here are some examples:
+@read access will be able to execute FT.SEARCH.+@write access will be able to execute JSON.SET.ACL rules such as +@all -@write will allow access to fewer commands than previous versions of Redis. For example:
+@all -@write will not be able to execute JSON.SET.Note that the @all category did not change, as it always included all the commands.
Additionally, ACL rules such as +@read +JSON.GET can now be simplified as +@read because JSON.GET is included in the @read category.
Users who currently use Redis Search and/or the JSON, time series, or probabilistic data structures, and use custom ACL rules.
You should reanalyze your ACL rules to make sure they are aligned with your security and access control requirements.