content/operate/rs/7.4/security/access-control/create-cluster-roles.md
Roles with cluster access allow access to the Cluster Management UI and REST API.
Redis Enterprise Software includes five predefined roles that determine a user's level of access to the Cluster Manager UI and [REST API]({{<relref "/operate/rs/7.4/references/rest-api">}}).
For more details about the privileges granted by each of these roles, see Cluster Manager UI permissions or [REST API permissions]({{<relref "/operate/rs/7.4/references/rest-api/permissions">}}).
Here's a summary of the Cluster Manager UI actions permitted by each default management role:
| Action | DB Viewer | DB Member | Cluster Viewer | Cluster Member | Admin |
|---|---|---|---|---|---|
| Create support package | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| Edit database configuration | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| Reset slow log | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View cluster configuration | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View cluster logs | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View cluster metrics | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View database configuration | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View database metrics | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View node configuration | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View node metrics | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View Redis database password | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View slow log | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View and edit cluster settings | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> |
To create a role that grants cluster access but does not grant access to any databases:
From Access Control > Roles, you can:
Point to a role and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing role.
Select + Add role to create a new role.
{{<image filename="images/rs/access-control-role-panel.png" alt="Add role with name" >}}
Enter a descriptive name for the role.
Choose a Cluster management role to determine cluster management permissions.
{{<image filename="images/rs/screenshots/access-control/rbac-create-role-cluster-only.png" alt="Select a cluster management role to set the level of cluster management permissions for the new role." >}}
To prevent database access when using this role, do not add any ACLs.
Select Save.
You can [assign the new role to users]({{<relref "/operate/rs/7.4/security/access-control/create-users#assign-roles-to-users">}}) to grant cluster access.