InfluxDB 3 Core authentication and authorization

InfluxDB 3 Core uses an Attribute-Based Access Control (ABAC) model to manage permissions and supports multiple token types for different authentication scenarios.

The ABAC model includes the following components:

• Authentication (authn): The process through which a user verifies their identity. In InfluxDB 3 Core, this occurs when a token is validated. Users may be human or machine (for example, through automation). InfluxDB 3 Core tokens represent previously verified authenticated users that facilitate automation.

• Authorization (authz): The process that determines if an authenticated user can perform a requested action. In InfluxDB 3 Core, authorization evaluates whether a token has permissions to perform actions on specific resources.

• Context: The system may use contextual information, such as location or time, when evaluating permissions.

• Subject: The identity requesting access to the system. In InfluxDB 3 Core, the subject is a token (similar to an “API key” in other systems). Tokens include attributes such as identifier, name, description, and expiration date.

• Action: The operations (for example, CRUD) that subjects may perform on resources.

• Permissions: The set of actions that a specific subject can perform on a specific resource. Authorization compares the incoming request against the permissions set to decide if the request is allowed or not.

  In InfluxDB 3 Core, admin tokens have all permissions.

• Resource: The objects that can be accessed or manipulated. Resources have attributes such as identifier and name. In InfluxDB 3 Core, resources include databases and system information endpoints.