Categories About Us Contact Us Become a Member

How to fix the Redis NOPERM error

This means Redis ACLs are in use and the authenticated user is not allowed to run that command or touch those keys. Granting the permission resolves it. Jump to your situation below or work through the methods in order.

By Neeraj Singh ~6 min Updated Jun 2026 87% found this helpful
Error message
NOPERM this user has no permissions to run the 'xxx' command.
Summary

The Redis NOPERM error means Access Control Lists (ACLs) are in effect and the authenticated user lacks permission for the command, key, or channel it tried to use. Redis 6 introduced ACLs so you can restrict each user to specific commands and key patterns, and NOPERM is that restriction working: the user is authenticated but not authorized for this action. The variants name the command, a key the user may not access, or a pub/sub channel. The fix is to review the user's permissions with ACL GETUSER and ACL LIST, then, from an admin account, grant the needed access with ACL SETUSER, adding the command category or key pattern the user legitimately needs. Granting the minimum necessary keeps the principle of least privilege intact.

What this error means

ACLs let you say which commands and keys each Redis user may use. When a user runs something outside that allowance, Redis returns NOPERM. The user is who they say they are, authentication passed, but they are not permitted to do this particular thing.

So unlike NOAUTH, the credential is fine; the authorization is not. The fix is to look at what the user is allowed and grant the specific command category, key pattern, or channel it genuinely needs, no more. An administrator with access to ACL SETUSER makes that change.

Common causes

The ACL user lacks the command permission.
The user is not allowed to access the key pattern.
The user cannot use the pub/sub channel.
An overly restrictive ACL rule.
The app uses a user meant for a narrower role.
Expert insight

“NOPERM is different from NOAUTH, here the login worked but the user is not allowed to do that specific thing. ACLs are deliberately tight, so I first run ACL GETUSER to see exactly what the user can touch, then from an admin account I grant just the command category or key pattern it actually needs with ACL SETUSER. The temptation is to hand it allcommands and move on, but resist that, grant the minimum, because least privilege is the whole point of ACLs.”

How to fix it

Method 1

Review the user's permissions

1See what the user is allowed:
ACL GETUSER username
ACL LIST
2Identify the command, key, or channel that is blocked.
3Decide the minimum grant needed.
Method 2

Grant the needed command access

1From an admin account, add the command or category:
ACL SETUSER username +get +set
2Or grant a category like +@read.
3Avoid +@all unless truly required.
Method 3

Grant access to the key pattern

1Allow the keys the user needs, for example:
ACL SETUSER username ~app:*
2Scope patterns tightly to the user's data.
3Then retry.
Method 4

Grant pub/sub channels if needed

1For pub/sub, grant channels explicitly:
ACL SETUSER username &events:*
2Only add the channels the user requires.
3Save the ACL so it persists.

NOPERM means ACLs allow the user to connect but not to run this command, key, or channel. Review with ACL GETUSER and ACL LIST, then from an admin account grant the specific command category or key pattern with ACL SETUSER. Grant the minimum needed rather than +@all.

Frequently asked questions

What does the Redis NOPERM error mean?
It means Access Control Lists are in use and the authenticated user is not authorized to run the command, or access the key or channel, it attempted. The login is valid but the permission is missing.
How is NOPERM different from NOAUTH?
NOAUTH means the client did not authenticate at all, while NOPERM means it authenticated successfully but the user lacks permission for this specific command, key, or channel.
How do I fix NOPERM?
Review the user's permissions with ACL GETUSER, then from an admin account grant the needed command category or key pattern with ACL SETUSER, adding only what the user legitimately requires.
How do I see a user's permissions?
Run ACL GETUSER username for that user's rules, or ACL LIST for all users. This shows the allowed commands, key patterns, and channels.
Should I just grant all commands?
No. Grant the minimum the user needs, for example +@read or specific commands and key patterns, to keep least privilege. Use +@all only when a role genuinely requires it.
How do I make the change persist?
After ACL SETUSER, save the ACL configuration (for example with ACL SAVE when using an external ACL file, or persist it in redis.conf) so it survives restarts.

Still not working?

If a user has the command and key grants but still hits NOPERM, the block may be on a key pattern or pub/sub channel it also touches; ACL GETUSER shows the full rule set so you can spot the missing pattern. You can also submit your error to us for a tailored fix.

Was this fix helpful? Thanks for your feedback!