Documentation

InfluxDB Enterprise

Introduction to authorization in InfluxDB Enterprise

Authorization in InfluxDB Enterprise refers to managing user permissions. To secure and manage access to an InfluxDB Enterprise cluster, first configure authentication. You can then manage users and permissions as necessary.

This page is meant to help new users choose the best method for managing permissions in InfluxDB Enterprise.

Permissions in InfluxDB Enterprise

InfluxDB Enterprise has an expanded set of 16 permissions. These permissions allow for controlling read and write access to data for all databases and for individual databases, as well as permitting certain cluster-management actions like creating or deleting resources.

InfluxDB 1.x OSS only supports database-level privileges: READ and WRITE. A third permission, ALL, grants admin privileges. These three permissions exist in InfluxDB Enterprise as well. They can only be granted by using InfluxQL.

Manage user authorization

Choose one of the following methods manage authorizations in InfluxDB Enterprise:

Manage read and write privileges with InfluxQL

If you only need to manage basic READ, WRITE, and ALL privileges, use InfluxQL to manage authorizations. (For instance, if you upgraded from InfluxDB OSS 1.x and do not need the more detailed authorization in InfluxDB Enterprise, continue to use InfluxQL.)

We recommend operators do not mix and match InfluxQL with other authorization management methods (Chronograf and the API). Doing so may lead to inconsistencies in user permissions.

Manage Enterprise permissions with Chronograf

The Chronograf user interface can manage the full set of InfluxDB Enterprise permissions.

The permissions listed in Chronograf are global for the cluster, and available through the API. Outside of FGA, the only database-level permissions available are the basic READ and WRITE. These can only be managed using InfluxQL.

Chronograf can only set permissions globally, for all databases, within a cluster. If you need to set permissions at the database level, use the Meta API.

See “Manage InfluxDB users in Chronograf” for instructions.

Manage Enterprise permissions with the Meta API

The InfluxDB Enterprise API is the recommended method for managing permissions. Use the API to manage setting cluster-wide and database-specific permissions.

For more information on using the meta API, see here.

Was this page helpful?

Thank you for your feedback!

© 2024 InfluxData, Inc.

Where are you running InfluxDB?

Customize your InfluxDB Enterprise URL and we’ll update code examples for you.

Default
Custom

For more information, see InfluxDB Enterprise HTTP settings.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

InfluxDB v3 enhancements and InfluxDB Clustered is now generally available

New capabilities, including faster query performance and management tooling advance the InfluxDB v3 product line. InfluxDB Clustered is now generally available.

InfluxDB v3 performance and features

The InfluxDB v3 product line has seen significant enhancements in query performance and has made new management tooling available. These enhancements include an operational dashboard to monitor the health of your InfluxDB cluster, single sign-on (SSO) support in InfluxDB Cloud Dedicated, and new management APIs for tokens and databases.

Learn about the new v3 enhancements

InfluxDB Clustered general availability

InfluxDB Clustered is now generally available and gives you the power of InfluxDB v3 in your self-managed stack.

Talk to us about InfluxDB Clustered