Introduction to authorization in InfluxDB Enterprise

Authorization in InfluxDB Enterprise refers to managing user permissions. To secure and manage access to an InfluxDB Enterprise cluster, first configure authentication. You can then manage users and permissions as necessary.

This page is meant to help new users choose the best method for managing permissions in InfluxDB Enterprise.

Permissions in InfluxDB Enterprise

InfluxDB Enterprise has an expanded set of 16 permissions. These permissions allow for controlling read and write access to data for all databases and for individual databases, as well as permitting certain cluster-management actions like creating or deleting resources.

InfluxDB 1.x OSS only supports database-level privileges: READ and WRITE. A third permission, ALL, grants admin privileges. These three permissions exist in InfluxDB Enterprise as well. They can only be granted by using InfluxQL.

Manage user authorization

Choose one of the following methods manage authorizations in InfluxDB Enterprise:

Manage read and write privileges with InfluxQL

If you only need to manage basic READ, WRITE, and ALL privileges, use InfluxQL to manage authorizations. (For instance, if you upgraded from InfluxDB OSS 1.x and do not need the more detailed authorization in InfluxDB Enterprise, continue to use InfluxQL.)

We recommend operators do not mix and match InfluxQL with other authorization management methods (Chronograf and the API). Doing so may lead to inconsistencies in user permissions.

Manage Enterprise permissions with Chronograf

The Chronograf user interface can manage the full set of InfluxDB Enterprise permissions.

The permissions listed in Chronograf are global for the cluster, and available through the API. Outside of FGA, the only database-level permissions available are the basic READ and WRITE. These can only be managed using InfluxQL.

Chronograf can only set permissions globally, for all databases, within a cluster. If you need to set permissions at the database level, use the Meta API.

See “Manage InfluxDB users in Chronograf” for instructions.

Manage Enterprise permissions with the Meta API

The InfluxDB Enterprise API is the recommended method for managing permissions. Use the API to manage setting cluster-wide and database-specific permissions.

For more information on using the meta API, see here.

Was this page helpful?

Thank you for your feedback!

Set your InfluxDB URL

Introducing InfluxDB 3.0

The new core of InfluxDB built with Rust and Apache Arrow. Available today in InfluxDB Cloud Dedicated.

Learn more

State of the InfluxDB Cloud Serverless documentation

The new documentation for InfluxDB Cloud Serverless is a work in progress. We are adding new information and content almost daily. Thank you for your patience!

If there is specific information you’re looking for, please submit a documentation issue.