--- title: InfluxDB 3 Core authentication and authorization description: InfluxDB 3 Core uses an Attribute-Based Access Control (ABAC) model to manage permissions for authentication (authn) and authorization (authz). url: https://docs.influxdata.com/influxdb3/core/reference/internals/authentication/ estimated_tokens: 527 product: InfluxDB 3 Core version: core --- # InfluxDB 3 Core authentication and authorization InfluxDB 3 Core uses an Attribute-Based Access Control (ABAC) model to manage permissions and supports multiple token types for different authentication scenarios. The ABAC model includes the following components: - **Authentication (authn)**: The process through which a user verifies their identity. In InfluxDB 3 Core, this occurs when a token is validated. Users may be human or machine (for example, through automation). InfluxDB 3 Core tokens represent previously verified authenticated users that facilitate automation. - **Authorization (authz)**: The process that determines if an authenticated user can perform a requested action. In InfluxDB 3 Core, authorization evaluates whether a token has permissions to perform actions on specific resources. - **Context**: The system may use contextual information, such as location or time, when evaluating permissions. - **Subject**: The identity requesting access to the system. In InfluxDB 3 Core, the subject is a *token* (similar to an “API key” in other systems). Tokens include attributes such as identifier, name, description, and expiration date. - **Action**: The operations (for example, CRUD) that subjects may perform on resources. - **Permissions**: The set of actions that a specific subject can perform on a specific resource. Authorization compares the incoming request against the permissions set to decide if the request is allowed or not. In InfluxDB 3 Core, *admin* tokens have all permissions. - **Resource**: The objects that can be accessed or manipulated. Resources have attributes such as identifier and name. In InfluxDB 3 Core, resources include databases and system information endpoints. #### Related - [Manage tokens](/influxdb3/core/admin/tokens/)