InfluxQL read-only queries "DROP MEASUREMENT" and "DELETE"

Hello everyone,

I am currently running influxdb OSS version 2.0 and I am using grafana version 8.2.1 to visualize my data.

My problem is that while using InfluxQL in grafana I am able to drop or delete measurements/ data although I am only using a read-only token for this bucket.
This possibility is an huge security problem for my project. From the documentation it appears that “DROP MEASUREMENT” and “DELETE” count as read-only queries (see " InfluxDB OSS 2.0 supports InfluxQL read-only queries. See supported and unsupported queries below. To learn more about InfluxQL, see Influx Query Language (InfluxQL)" Query data with InfluxQL | InfluxDB OSS 2.0 Documentation).

I’m new to influxdb and would like to know if there is a possibility to prohibit those commands or restrict users rights so that a grafana user cant delete my data.

Thank you!

I’m not using InflxDB2, but in version 1x I have created a user that has only READ permission on the DB for Grafana.

What’s your current user permission?
can you run DELETE and DROP successfully even with a user that only has READ permission? (I really really hope the answer is no)

I suggest you open an issue on GitHub about this one. (read-only token allows to run DROP and DELETE)

I tested everything with the 1.8 version of Influx yesterday. And it works as it should. A user with just read permission is blocked from performing “DROP MEASUREMENT” or “DELETE” queries.

However i cant get it work with 2.0 and this new token system. I created a new user and created a read-only token for this user only with read access to this specific bucket (see picture below). Still I am able to delete data with him by running those queries in the raw query mode.

I am using the token in the custom http header section with the value: token “myToken” as described in many blogs and tried every combination in the auth details and below in the user and password file. Nothing worked yet.

I will create an issue about this in github too.


Did you create a feature request?

I opened an issue in github

1 Like