Documentation

InfluxDB 3 Enterprise

InfluxDB 3 Enterprise authentication and authorization

InfluxDB 3 Enterprise uses an Attribute-Based Access Control (ABAC) model to manage permissions and supports multiple token types for different authentication scenarios.

This model allows for fine-grained control over access to resources and actions within an InfluxDB 3 Enterprise instance.

The ABAC model includes the following components:

  • Authentication (authn): The process through which a user verifies their identity. In InfluxDB 3 Enterprise, this occurs when a token is validated. Users may be human or machine (for example, through automation). InfluxDB 3 Enterprise tokens represent previously verified authenticated users that facilitate automation.

  • Authorization (authz): The process that determines if an authenticated user can perform a requested action. In InfluxDB 3 Enterprise, authorization evaluates whether a token has permissions to perform actions on specific resources.

  • Context: The system may use contextual information, such as location or time, when evaluating permissions.

  • Subject: The identity requesting access to the system. In InfluxDB 3 Enterprise, the subject is a token (similar to an “API key” in other systems). Tokens include attributes such as identifier, name, description, and expiration date.

  • Action: The operations (for example, CRUD) that subjects may perform on resources.

  • Permissions: The set of actions that a specific subject can perform on a specific resource. Authorization compares the incoming request against the permissions set to decide if the request is allowed or not.

    In InfluxDB 3 Enterprise, admin tokens have all permissions, while resource tokens have specific permissions. Resource tokens have fine-grained permissions for specific resources of a specific type. For example, a database token can have permissions to read from a specific database but not write to it.

  • Resource: The objects that can be accessed or manipulated. Resources have attributes such as identifier and name. In InfluxDB 3 Enterprise, resources include databases and system information endpoints.

    • Database tokens provide access to specific databases for actions like writing and querying data.
    • System tokens provide access to system-level resources, such as API endpoints for server runtime statistics and health. Access controls for system information API endpoints help prevent information leaks and attacks (such as DoS).

Was this page helpful?

Thank you for your feedback!

© 2025 InfluxData, Inc.

What is your InfluxDB 3 Enterprise URL?

Customize your InfluxDB 3 Enterprise URL and we’ll update code examples for you.

Default
Custom

For more information, see InfluxDB Cloud regions or InfluxDB OSS URLs.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

Now Generally Available

InfluxDB 3 Core and Enterprise

Start fast. Scale faster.

Get the Updates

InfluxDB 3 Core is an open source, high-speed, recent-data engine that collects and processes data in real-time and persists it to local disk or object storage. InfluxDB 3 Enterprise builds on Core’s foundation, adding high availability, read replicas, enhanced security, and data compaction for faster queries and optimized storage. A free tier of InfluxDB 3 Enterprise is available for non-commercial at-home or hobbyist use.

For more information, check out:

Ask AI