InfluxDB 3 Core authentication and authorization
InfluxDB 3 Core uses an Attribute-Based Access Control (ABAC) model to manage permissions.
The ABAC model includes the following components:
Authentication (authn): The process through which a user verifies their identity. In InfluxDB 3 Core, this occurs when a token is validated. Users may be human or machine (for example, through automation). InfluxDB 3 Core tokens represent previously verified authenticated users that facilitate automation.
Authorization (authz): The process that determines if an authenticated user can perform a requested action. In InfluxDB 3 Core, authorization evaluates whether a token has permissions to perform actions on specific resources.
Context: The system may use contextual information, such as location or time, when evaluating permissions.
Subject: The identity requesting access to the system. In InfluxDB 3 Core, the subject is a token (similar to an “API key” in other systems). Tokens include attributes such as identifier, name, description, and expiration date.
Action: The operations (for example, CRUD) that subjects may perform on resources.
Permissions: The set of actions that a specific subject can perform on a specific resource. Authorization compares the incoming request against the permissions set to decide if the request is allowed or not.
In InfluxDB 3 Core, admin tokens have all permissions.
Resource: The objects that can be accessed or manipulated. In InfluxDB 3 Core, resources include databases and system information endpoints. Resources have attributes such as identifier and name.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB 3 Core and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.