Documentation

InfluxDB 3 Enterprise

InfluxDB 3 Enterprise authentication and authorization

InfluxDB 3 Enterprise uses an Attribute-Based Access Control (ABAC) model to manage permissions and supports multiple token types for different authentication scenarios.

This model allows for fine-grained control over access to resources and actions within an InfluxDB 3 Enterprise instance.

The ABAC model includes the following components:

  • Authentication (authn): The process through which a user verifies their identity. In InfluxDB 3 Enterprise, this occurs when a token is validated. Users may be human or machine (for example, through automation). InfluxDB 3 Enterprise tokens represent previously verified authenticated users that facilitate automation.

  • Authorization (authz): The process that determines if an authenticated user can perform a requested action. In InfluxDB 3 Enterprise, authorization evaluates whether a token has permissions to perform actions on specific resources.

  • Context: The system may use contextual information, such as location or time, when evaluating permissions.

  • Subject: The identity requesting access to the system. In InfluxDB 3 Enterprise, the subject is a token (similar to an “API key” in other systems). Tokens include attributes such as identifier, name, description, and expiration date.

  • Action: The operations (for example, CRUD) that subjects may perform on resources.

  • Permissions: The set of actions that a specific subject can perform on a specific resource. Authorization compares the incoming request against the permissions set to decide if the request is allowed or not.

    In InfluxDB 3 Enterprise, admin tokens have all permissions, while resource tokens have specific permissions. Resource tokens have fine-grained permissions for specific resources of a specific type. For example, a database token can have permissions to read from a specific database but not write to it.

  • Resource: The objects that can be accessed or manipulated. Resources have attributes such as identifier and name. In InfluxDB 3 Enterprise, resources include databases and system information endpoints.

    • Database tokens provide access to specific databases for actions like writing and querying data.
    • System tokens provide access to system-level resources, such as API endpoints for server runtime statistics and health. Access controls for system information API endpoints help prevent information leaks and attacks (such as DoS).

Was this page helpful?

Thank you for your feedback!

© 2025 InfluxData, Inc.

What is your InfluxDB 3 Enterprise URL?

Customize your InfluxDB 3 Enterprise URL and we’ll update code examples for you.

Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

New in InfluxDB 3.2

Key enhancements in InfluxDB 3.2 and the InfluxDB 3 Explorer UI is now generally available.

See the Blog Post

InfluxDB 3.2 is now available for both Core and Enterprise, bringing the general availability of InfluxDB 3 Explorer, a new UI that simplifies how you query, explore, and visualize data. On top of that, InfluxDB 3.2 includes a wide range of performance improvements, feature updates, and bug fixes including automated data retention and more.

For more information, check out:

Ask AI