Introduction to authorization in InfluxDB Enterprise
Authorization in InfluxDB Enterprise refers to managing user permissions. To secure and manage access to an InfluxDB Enterprise cluster, first configure authentication. You can then manage users and permissions as necessary.
This page is meant to help new users choose the best method for managing permissions in InfluxDB Enterprise.
Permissions in InfluxDB Enterprise
InfluxDB Enterprise has an expanded set of 16 permissions. These permissions allow for controlling read and write access to data for all databases and for individual databases, as well as permitting certain cluster-management actions like creating or deleting resources.
InfluxDB 1.x OSS only supports database-level privileges:
A third permission,
ALL, grants admin privileges.
These three permissions exist in InfluxDB Enterprise as well.
They can only be granted by using InfluxQL.
Manage user authorization
Choose one of the following methods manage authorizations in InfluxDB Enterprise:
- using InfluxQL
InfluxQL can can only grant
ALL PRIVILEGESprivileges. To use the full set of InfluxDB Enterprise permissions, use Chronograf or the Meta API (recommended).
- using Chronograf
- using the InfluxDB Enterprise meta API (Recommended)
Manage read and write privileges with InfluxQL
If you only need to manage basic
use InfluxQL to manage authorizations.
(For instance, if you upgraded from InfluxDB OSS 1.x
and do not need the more detailed authorization in InfluxDB Enterprise, continue to use InfluxQL.)
We recommend operators do not mix and match InfluxQL with other authorization management methods (Chronograf and the API). Doing so may lead to inconsistencies in user permissions.
Manage Enterprise permissions with Chronograf
The Chronograf user interface can manage the full set of InfluxDB Enterprise permissions.
The permissions listed in Chronograf are global for the cluster, and available through the API.
Outside of FGA,
the only database-level permissions available are the basic
These can only be managed using InfluxQL.
Chronograf can only set permissions globally, for all databases, within a cluster. If you need to set permissions at the database level, use the Meta API.
See “Manage InfluxDB users in Chronograf” for instructions.
Manage Enterprise permissions with the Meta API
The InfluxDB Enterprise API is the recommended method for managing permissions. Use the API to manage setting cluster-wide and database-specific permissions.
For more information on using the meta API, see here.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB and this documentation. To find support, use the following resources:
InfluxDB Cloud and InfluxDB Enterprise customers can contact InfluxData Support.