Administration & Security

Warning! This page documents an old version of InfluxDB, which is no longer actively developed. InfluxDB v1.2 is the most recent stable version of InfluxDB.

The following section details the endpoints in the HTTP API for administering the cluster and managing database security.

Creating and Dropping Databases

There are two endpoints for creating or dropping databases. The requesting user must be a cluster administrator.

# create a database
curl -X POST 'http://localhost:8086/db?u=root&p=root' \
  -d '{"name": "site_development"}'

# drop a database
curl -X DELETE 'http://localhost:8086/db/site_development?u=root&p=root'

Security

InfluxDB has three different kinds of users:

cluster admin

A cluster admin can add and drop databases. Add and remove database users and database admins to any database and change their read and write access. A cluster admin can’t query a database though. Below are the endpoints specific to cluster admins:

# get list of cluster admins curl
curl 'http://localhost:8086/cluster_admins?u=root&p=root'

# add cluster admin
curl -X POST 'http://localhost:8086/cluster_admins?u=root&p=root' \
  -d '{"name": "paul", "password": "i write teh docz"}'

# update cluster admin password
curl -X POST 'http://localhost:8086/cluster_admins/paul?u=root&p=root' \
  -d '{"password": "new pass"}'

# delete cluster admin
curl -X DELETE 'http://localhost:8086/cluster_admins/paul?u=root&p=root'

database admin

A database admin can add and remove databases admins and database users and change their read and write permissions. It can’t add or remove users from a different database.

database user

A database user can read and write data to the current database. The user can’t add or remove users or admins or read/write data from/to time series that they don’t have permissions for.

Below are examples of adding/removing databases users and database admins:

# Database users, with a database name of site_dev

# add database user
curl -X POST 'http://localhost:8086/db/site_dev/users?u=root&p=root' \
  -d '{"name": "paul", "password": "i write teh docz"}'

# delete database user
curl -X DELETE 'http://localhost:8086/db/site_dev/users/paul?u=root&p=root'

# update user's password
curl -X POST 'http://localhost:8086/db/site_dev/users/paul?u=root&p=root' \
  -d '{"password": "new pass"}'

# get list of database users
curl 'http://localhost:8086/db/site_dev/users?u=root&p=root'

# add database admin privilege
curl -X POST 'http://localhost:8086/db/site_dev/users/paul?u=root&p=root' \
  -d '{"admin": true}'

# remove database admin privilege
curl -X POST 'http://localhost:8086/db/site_dev/users/paul?u=root&p=root' \
  -d '{"admin": false}'

Limiting User Access

Database users have two additional arguments when creating or updating their objects: readFrom and writeTo. Here’s what a default database user looks like when those arguments aren’t specified on create.

{
  "name": "paul",
  "readFrom": ".*",
  "writeTo": ".*"
}

This example user has the ability to read and write from any time series. If you want to restrict the user to only being able to write data, update the user by POSTing to db/site_dev/users/paul.

{
  "readFrom": "^$",
  "writeTo": ".*"
}

You have to specify both readFrom and writeTo when you update the permissions of a user. Both are a regex that determine which time series the user has permission to read from or write to.