Redis [QUESTION]ACL child user can inherit commands that his father user is not allowed to use.

hi, I think it's a little bit weird and it can cause some problems that we might do not want to see in the development.

if we create user A, and we only allow him to use SET , ACL. And when we auth A, A can set a user B the commands that A is not allowed to use, then he can log into B and use the commands that he is not allowed to use.

Is it a bug or a feature?

Comment From: oranagra

@Odysseusailoon i'm not exactly sure what you mean by "inherit" and "father".

If someone is creating a limited user (prohibited from running certain commands), and allows that user access to the ACL SETUSER or other ACL commands (like LOAD and DELUSER), it's kinda like granting that user a supervisor rights, and it obviously able to use it to gain access to the commands that it was initially prohibited from using.

If that's what you mean, then i would call it a feature.

Comment From: Odysseusailoon

Thank you! it's exactly what I mean.