---
title: InfluxDB 3 Core authentication and authorization
description: InfluxDB 3 Core uses an Attribute-Based Access Control (ABAC) model to manage permissions for authentication (authn) and authorization (authz).
url: https://docs.influxdata.com/influxdb3/core/reference/internals/authentication/
estimated_tokens: 442
product: InfluxDB 3 Core
version: core
publisher: InfluxData
canonical: https://docs.influxdata.com/influxdb3/core/reference/internals/authentication/
date: '2025-04-21T12:54:13-05:00'
lastmod: '2025-04-21T12:54:13-05:00'
---

InfluxDB 3 Core uses an Attribute-Based Access Control (ABAC) model to
manage permissions and supports multiple token types for different authentication scenarios.

The ABAC model includes the following components:

* **Authentication (authn)**: The process through which a user verifies their identity.
  In InfluxDB 3 Core, this occurs when a token is validated.
  Users may be human or machine (for example, through automation).
  InfluxDB 3 Core tokens represent previously verified authenticated users that facilitate automation.

* **Authorization (authz)**: The process that determines if an authenticated user can perform a requested action.
  In InfluxDB 3 Core, authorization evaluates whether a token has permissions to perform actions on specific resources.

* **Context**: The system may use contextual information, such as location or time,
  when evaluating permissions.

* **Subject**: The identity requesting access to the system.
  In InfluxDB 3 Core, the subject is a *token* (similar to an “API key” in other systems).
  Tokens include attributes such as identifier, name, description, and expiration date.

* **Action**: The operations (for example, CRUD) that subjects may perform on resources.

* **Permissions**: The set of actions that a specific subject can perform on a specific resource.
  Authorization compares the incoming request against the permissions set to decide if the request is allowed or not.

  In InfluxDB 3 Core, *admin* tokens have all permissions.

* **Resource**: The objects that can be accessed or manipulated.
  Resources have attributes such as identifier and name.
  In InfluxDB 3 Core, resources include databases and system information endpoints.

#### Related

* [Manage tokens](/influxdb3/core/admin/tokens/)