When the ACL lines are parsed, it looks like the commands and keys supplied are treated as global (with keys affecting all the commands that take keys). Just checking: is this the case, or am I missing something?

So for example, if I enter the following line: user biscuit on >password -@all +ping +auth +rpush ~one +lpop ~two when Redis saves it to the ACL file, it is reordered to user biscuit on >password ~one ~two -@all +rpush +ping +auth +lpop.

So my question is: is it possible to structure the ACLs to limit the keys available to a particular command? So achieving one ACL that has +rpush ~one and +lpop ~two ?

Or to achieve this do I need to create multiple users, which are resticted to a specific command and key/s combination?