Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Updating user settings

Written by
Updated at February 3, 2026

After creating a Valkey™ user, you can:

Changing a user password

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change a Valkey™ user password:

  1. View the description of the CLI command for updating user settings:

    yc managed-redis user update --help

  2. Change the password by running this command:

    yc managed-redis user update <username> \
  --cluster-id=<cluster_ID> \
  --password="<user_password>"

    Where:

    • --cluster-id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • --password: User password. It must be from 8 to 128 characters long.

    You can get the username with the list of users in the cluster.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

  2. Update the passwords argument in the yandex_mdb_redis_user resource description:

    resource "yandex_mdb_redis_user" "<local_resource_name>" {
  ...
  passwords  = ["<user_password>"]
  ...
}

    Where passwords is the user password. It must be from 8 to 128 characters long.

    You can specify only one password.

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

Timeouts

The Terraform provider sets the following timeouts for Yandex Managed Service for Valkey™ cluster operations:

  • Creating a cluster, including by restoring it from a backup: 15 minutes.
  • Editing a cluster: 60 minutes.
  • Deleting a cluster: 15 minutes.

Operations exceeding the timeout are aborted.

How do I change these limits?

Add the timeouts section to your cluster description, such as the following:

resource "yandex_mdb_redis_cluster_v2" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Create a file named body.json and paste the following code into it:

    {
  "updateMask": "passwords",
  "passwords": [
    "<user_password>"
  ]
}

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the updateMask parameter.

    • passwords: User password. It must be from 8 to 128 characters long.

      You can specify only one password.

  3. Call the User.Update method, e.g., via the following cURL request:

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-redis/v1/clusters/<cluster_ID>/users/<username>' \
  --data "@body.json"

    You can get the cluster ID with the list of clusters in the folder.

    You can get the username with the list of users in the cluster.

  4. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Create a file named body.json and paste the following code into it:

    {
  "cluster_id": "<cluster_ID>",
  "user_name": "<username>",
  "update_mask": {
    "paths": [
      "passwords"
    ]
  },
  "passwords": [
    "<user_password>"
  ]
}

    Where:

    • cluster_id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • user_name: Username.

      You can get the username with the list of users in the cluster.

    • update_mask: List of parameters to update as an array of strings (paths[]).

      Format for listing settings
      "update_mask": {
  "paths": [
    "<setting_1>",
    "<setting_2>",
    ...
    "<setting_N>"
  ]
}

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the update_mask parameter.

    • passwords: Password. It must be from 8 to 128 characters long.

      You can specify only one password.

  4. Call the UserService.Update method, e.g., via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/redis/v1/user_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.redis.v1.UserService.Update \
  < body.json

  5. Check the server response to make sure your request was successful.

Changing a user status

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To change a Valkey™ user status:

  1. View the description of the CLI command for updating user settings:

    yc managed-redis user update --help

  2. Change the user status by running this command:

    yc managed-redis user update <username> \
  --cluster-id=<cluster_ID> \
  <user_status>

    Where:

    • --cluster-id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • Specify one of these user status flags:

      • --disabled: User is disabled.
      • --enabled: User is enabled.

    You can get the username with the list of users in the cluster.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

  2. Update the enabled argument in the yandex_mdb_redis_user resource description:

    resource "yandex_mdb_redis_user" "<local_resource_name>" {
  ...
  enabled = <user_status>
  ...
}

    Where enabled is the user status. The possible values are:

    • true: User is enabled.
    • false: User is disabled.

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

Timeouts

The Terraform provider sets the following timeouts for Yandex Managed Service for Valkey™ cluster operations:

  • Creating a cluster, including by restoring it from a backup: 15 minutes.
  • Editing a cluster: 60 minutes.
  • Deleting a cluster: 15 minutes.

Operations exceeding the timeout are aborted.

How do I change these limits?

Add the timeouts section to your cluster description, such as the following:

resource "yandex_mdb_redis_cluster_v2" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Create a file named body.json and paste the following code into it:

    {
  "updateMask": "enabled",
  "enabled": <user_status>
}

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the updateMask parameter.

    • enabled: User status. The possible values are:

      • true: User is enabled.
      • false: User is disabled.

  3. Call the User.Update method, e.g., via the following cURL request:

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-redis/v1/clusters/<cluster_ID>/users/<username>' \
  --data "@body.json"

    You can get the cluster ID with the list of clusters in the folder.

    You can get the username with the list of users in the cluster.

  4. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Create a file named body.json and paste the following code into it:

    {
  "cluster_id": "<cluster_ID>",
  "user_name": "<username>",
  "update_mask": {
    "paths": [
      "enabled"
    ]
  },
  "enabled": <user_status>
}

    Where:

    • cluster_id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • user_name: Username.

      You can get the username with the list of users in the cluster.

    • update_mask: List of parameters to update as an array of strings (paths[]).

      Format for listing settings
      "update_mask": {
  "paths": [
    "<setting_1>",
    "<setting_2>",
    ...
    "<setting_N>"
  ]
}

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the update_mask parameter.

    • enabled: User status. The possible values are:

      • true: User is enabled.
      • false: User is disabled.

  4. Call the UserService.Update method, e.g., via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/redis/v1/user_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.redis.v1.UserService.Update \
  < body.json

  5. Check the server response to make sure your request was successful.

Configuring data cleanup

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To configure data cleanup:

  1. View the description of the CLI command for updating user settings:

    yc managed-redis user update --help

  2. Configure data cleanup by running this command:

    yc managed-redis user update <username> \
  --cluster-id=<cluster_ID> \
  --sanitize-payload=<data_cleanup>

    Where:

    • --cluster-id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • --sanitize-payload: Data cleanup. The possible values are:

      • sanitize-payload: Data cleanup is enabled. This is the default value.
      • skip-sanitize-payload: Data cleanup is disabled.

    You can get the username with the list of users in the cluster.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

  2. Update the sanitize_payload argument in the yandex_mdb_redis_user resource description:

    resource "yandex_mdb_redis_user" "<local_resource_name>" {
  ...
  sanitize_payload = "<data_cleanup>"
  ...
}

    Where --sanitize-payload stands for data cleanup. The possible values are:

    • sanitize-payload: Data cleanup is enabled. This is the default value.
    • skip-sanitize-payload: Data cleanup is disabled.

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

Timeouts

The Terraform provider sets the following timeouts for Yandex Managed Service for Valkey™ cluster operations:

  • Creating a cluster, including by restoring it from a backup: 15 minutes.
  • Editing a cluster: 60 minutes.
  • Deleting a cluster: 15 minutes.

Operations exceeding the timeout are aborted.

How do I change these limits?

Add the timeouts section to your cluster description, such as the following:

resource "yandex_mdb_redis_cluster_v2" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Create a file named body.json and paste the following code into it:

    {
  "updateMask": "permissions.sanitizePayload",
  "permissions": {
    "sanitizePayload": "<data_cleanup>"
  }
}

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the updateMask parameter.

    • permissions.sanitizePayload: Data cleanup. The possible values are:

      • sanitize-payload: Data cleanup is enabled. This is the default value.
      • skip-sanitize-payload: Data cleanup is disabled.

  3. Call the User.Update method, e.g., via the following cURL request:

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-redis/v1/clusters/<cluster_ID>/users/<username>' \
  --data "@body.json"

    You can get the cluster ID with the list of clusters in the folder.

    You can get the username with the list of users in the cluster.

  4. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Create a file named body.json and paste the following code into it:

    {
  "cluster_id": "<cluster_ID>",
  "user_name": "<username>",
  "update_mask": {
    "paths": [
      "permissions.sanitize_payload"
    ]
  },
  "permissions": {
    "sanitize_payload": "<data_cleanup>"
  }
}

    Where:

    • cluster_id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • user_name: Username.

      You can get the username with the list of users in the cluster.

    • update_mask: List of parameters to update as an array of strings (paths[]).

      Format for listing settings
      "update_mask": {
  "paths": [
    "<setting_1>",
    "<setting_2>",
    ...
    "<setting_N>"
  ]
}

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the update_mask parameter.

    • permissions.sanitize_payload: Data cleanup. The possible values are:

      • sanitize-payload: Data cleanup is enabled. This is the default value.
      • skip-sanitize-payload: Data cleanup is disabled.

  4. Call the UserService.Update method, e.g., via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/redis/v1/user_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.redis.v1.UserService.Update \
  < body.json

  5. Check the server response to make sure your request was successful.

Assigning user permissions

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To assign permissions to a Valkey™ user:

  1. View the description of the CLI command for updating user settings:

    yc managed-redis user update --help

  2. Run this command to assign permissions to a user:

    yc managed-redis user update <username> \
  --cluster-id=<cluster_ID> \
  --raw="<permissions>" \
  --categories="<permissions_for_command_categories>" \
  --commands="<permissions_for_commands>" \
  --patterns="<permissions_for_key_patterns>" \
  --pub-sub-channels="<permissions_for_channels>"

    Where:

    • --cluster-id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • --raw: String of space-separated permissions. Also, the string must set the user status:

      • on: User is enabled.
      • off: User is disabled.

      Example: on ~data:* &* +@set +@hash +get +set.

      Note

      The --raw flag cannot be used with separate permission flags or with --disabled and --enabled.

    • --categories: String of space-separated permissions for command categories.

    • --commands: String of space-separated permissions for commands.

    • --patterns: String of space-separated permissions for key patterns.

    • --pub-sub-channels: String of space-separated permissions for Pub/Sub channels.

    Note

    The user cannot get permissions for administrative commands of the +@admin category and certain commands.

    For more information about access control lists, see this Valkey™ ACL guide.

    You can get the username with the list of users in the cluster.

  1. Open the current Terraform configuration file describing your infrastructure.

    To learn how to create this file, see Creating a cluster.

  2. Update the arguments in the permissions section of the yandex_mdb_redis_user resource description:

    resource "yandex_mdb_redis_user" "<local_resource_name>" {
  ...
  permissions = {
    categories       = "<permissions_for_command_categories>"
    commands         = "<permissions_for_commands>"
    patterns         = "<permissions_for_key_patterns>"
    pub_sub_channels = "<permissions_for_channels>"
    ...
  }
  ...
}

    Where permissions is the user permission settings:

    • categories: String of space-separated permissions for command categories.

    • commands: String of space-separated permissions for commands.

    • patterns: String of space-separated permissions for key patterns.

    • pub_sub_channels: String of space-separated permissions for Pub/Sub channels.

    Note

    The user cannot get permissions for administrative commands of the +@admin category and certain commands.

    For more information about access control lists, see this Valkey™ ACL guide.

  3. Validate your configuration.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  4. Confirm resource changes.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

Timeouts

The Terraform provider sets the following timeouts for Yandex Managed Service for Valkey™ cluster operations:

  • Creating a cluster, including by restoring it from a backup: 15 minutes.
  • Editing a cluster: 60 minutes.
  • Deleting a cluster: 15 minutes.

Operations exceeding the timeout are aborted.

How do I change these limits?

Add the timeouts section to your cluster description, such as the following:

resource "yandex_mdb_redis_cluster_v2" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Create a file named body.json and paste the following code into it:

    {
  "updateMask": "<list_of_settings_to_update>",
  "permissions": {
    "patterns": "<permissions_for_key_patterns>",
    "pubSubChannels": "<permissions_for_channels>",
    "categories": "<permissions_for_command_categories>",
    "commands": "<permissions_for_commands>"
  }
}

    Where:

    • updateMask: Comma-separated string of settings you want to update.

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the updateMask parameter.

    • permissions.patterns: String of space-separated permissions for key patterns.

    • permissions.pubSubChannels: String of space-separated permissions for Pub/Sub channels.

    • permissions.categories: String of space-separated permissions for command categories.

    • permissions.commands: String of space-separated permissions for commands.

    Note

    The user cannot get permissions for administrative commands of the +@admin category and certain commands.

    For more information about access control lists, see this Valkey™ ACL guide.

  3. Call the User.Update method, e.g., via the following cURL request:

    curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-redis/v1/clusters/<cluster_ID>/users/<username>' \
  --data "@body.json"

    You can get the cluster ID with the list of clusters in the folder.

    You can get the username with the list of users in the cluster.

  4. Check the server response to make sure your request was successful.

  1. Get an IAM token for API authentication and place it in an environment variable:

    export IAM_TOKEN="<IAM_token>"

  2. Clone the cloudapi repository:

    cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi

    Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

  3. Create a file named body.json and paste the following code into it:

    {
  "cluster_id": "<cluster_ID>",
  "user_name": "<username>",
  "update_mask": {
    "paths": [
      <list_of_settings_to_update>
    ]
  },
  "permissions": {
    "patterns": "<permissions_for_key_patterns>",
    "pub_sub_channels": "<permissions_for_channels>",
    "categories": "<permissions_for_command_categories>",
    "commands": "<permissions_for_commands>"
  }
}

    Where:

    • cluster_id: Cluster ID.

      You can get the cluster ID with the list of clusters in the folder.

    • user_name: Username.

      You can get the username with the list of users in the cluster.

    • update_mask: List of parameters to update as an array of strings (paths[]).

      Format for listing settings
      "update_mask": {
  "paths": [
    "<setting_1>",
    "<setting_2>",
    ...
    "<setting_N>"
  ]
}

      Warning

      When you update a user, all parameters of the object you are modifying will take their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the update_mask parameter.

    • permissions.patterns: String of space-separated permissions for key patterns.

    • permissions.pub_sub_channels: String of space-separated permissions for Pub/Sub channels.

    • permissions.categories: String of space-separated permissions for command categories.

    • permissions.commands: String of space-separated permissions for commands.

    Note

    The user cannot get permissions for administrative commands of the +@admin category and certain commands.

    For more information about access control lists, see this Valkey™ ACL guide.

  4. Call the UserService.Update method, e.g., via the following gRPCurl request:

    grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/redis/v1/user_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d @ \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.redis.v1.UserService.Update \
  < body.json

  5. Check the server response to make sure your request was successful.

Previous
Creating a user
Next
Deleting a user