Describe the bug
I have set an ACL to restrict a user to a specific prefix keys.But KEYS * are showing all the keys in the redis database.
To reproduce
Step1: set 2 keys for the example
127.0.0.1:6379[190]> set apple:red fruit
127.0.0.1:6379[190]> set grape:green fruit
Step 2: set an ACL
ACL SETUSER alex on >123 ~apple:* +@all
Step 3: Login as a user and get all keys*
````
127.0.0.1:6379> auth alex 123
OK
127.0.0.1:6379> select 190
OK
127.0.0.1:6379[190]> KEYS *
1) "grape:green"
2) "apple:red"
127.0.0.1:6379[190]>
127.0.0.1:6379[190]> ACL WHOAMI
"alex"
**Expected behavior**
Only keys with a prefix of apple
127.0.0.1:6379[190]> KEYS * 1) "apple:red" ```
Comment From: madolson
There are 5 commands that don't declare keys and operate on the keyspace: "SCAN, RANDOMKEY, KEYS, FLUSHALL, FLUSHDB". Extending your expected outcome, we should perform this validation for all of these 5 commands, which I don't think is reasonable or all that feasible. So I see two options: 1. These commands can only be executed if you have all keys permissions. This is a backwards breaking change, and not sure I really like this. 2. We introduce an @all-keys category, which we can recommend you explicitly remove.
Comment From: madolson
SORT and SORT_RO also somewhat operate within this space, with the BY and GET arguments.