# Enable Role-based access control Role-based access control (RBAC) lets you define *roles* with specific sets of *permissions*. You can then assign *users* to these roles to provide appropriate levels of access. RBAC effectively lets you implement the [principle of least privilege](http://en.wikipedia.org/wiki/Principle_of_least_privilege). For example, you can provide read-only access to an application whose only job is to display Redis data. Similarly, you can prevent new developers from running dangerous administrative commands. ## Set up RBAC To set up RBAC, first navigate to the **Data Access Control** screen. There are three tabs on this screen: **Users**, **Roles**, and **Redis ACLs**. In the **Redis ACLs** tab, you [define named *permissions*](http://redis.io/docs/latest/operate/rc/security/access-control/data-access-control/configure-acls) for specific Redis commands, keys, and pub/sub channels. In the **Roles** tab, you [create roles](http://redis.io/docs/latest/operate/rc/security/access-control/data-access-control/create-roles). Each role consists of a set of permissions for one or more Redis Cloud databases. Finally, in the **Users** tab, you [create users](http://redis.io/docs/latest/operate/rc/security/access-control/data-access-control/create-assign-users) and [assign each user a role](http://redis.io/docs/latest/operate/rc/security/access-control/data-access-control/create-assign-users#assign-roles-to-existing-users). ## Redis ACLs vs. Redis Cloud RBAC In Redis, you can create users and assign ACLs to them using the `ACL` command. However, Redis does not support generic roles. In Redis Cloud, you configure RBAC using the Redis Cloud console. As a result, certain Redis ACL subcommands are not available in Redis Cloud. The following table shows which ACL commands are supported. In Redis, you must explicitly provide access to the `MULTI`, `EXEC`, and `DISCARD` commands. In Redis Cloud, these commands, which are used in transactions, are always permitted. However, the commands run within the transaction block are subject to RBAC permissions. When you run multi-key commands on multi-slot keys, the return value is `failure` but the command runs on the keys that are allowed.