content/operate/rs/7.8/security/access-control/create-cluster-roles.md
Roles with cluster access allow access to the Cluster Management UI and REST API.
Redis Enterprise Software includes five predefined roles that determine a user's level of access to the Cluster Manager UI and [REST API]({{<relref "/operate/rs/7.8/references/rest-api">}}).
For more details about the privileges granted by each of these roles, see Cluster Manager UI permissions or [REST API permissions]({{<relref "/operate/rs/7.8/references/rest-api/permissions">}}).
Here's a summary of the Cluster Manager UI actions permitted by each default management role:
| Action | DB Viewer | DB Member | Cluster Viewer | Cluster Member | Admin | User Manager |
|---|---|---|---|---|---|---|
| Create, edit, delete users and LDAP mappings | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| Create support package | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> |
| Edit database configuration | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> |
| Reset slow log | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> |
| View cluster configuration | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View cluster logs | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | |
| <span title="Allowed">✅ Yes</span> | ||||||
| View cluster metrics | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View database configuration | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View database metrics | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View node configuration | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View node metrics | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View Redis database password | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> |
| View slow log | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> |
| View and edit cluster settings | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Not allowed">❌ No</span> | <span title="Allowed">✅ Yes</span> | <span title="Not allowed">❌ No</span> |
You can use the Cluster Manager UI or the REST API to create a role that grants cluster access but does not grant access to any databases.
To create a role that grants cluster access:
From Access Control > Roles, you can:
Point to a role and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing role.
Select + Add role to create a new role.
{{<image filename="images/rs/access-control-role-panel.png" alt="Add role with name" >}}
Enter a descriptive name for the role.
Choose a Cluster management role to determine cluster management permissions.
{{<image filename="images/rs/screenshots/access-control/rbac-create-role-cluster-only.png" alt="Select a cluster management role to set the level of cluster management permissions for the new role." >}}
To prevent database access when using this role, do not add any ACLs.
Select Save.
You can [assign the new role to users]({{<relref "/operate/rs/7.8/security/access-control/create-users#assign-roles-to-users">}}) to grant cluster access.
To [create a role]({{<relref "/operate/rs/7.8/references/rest-api/requests/roles#post-role">}}) that grants cluster access:
POST /v1/roles
{
"name": "<role-name>",
"management": "db_viewer | db_member | cluster_viewer | cluster_member | user_manager | admin"
}