I am currently running influxdb OSS version 2.0 and I am using grafana version 8.2.1 to visualize my data.
My problem is that while using InfluxQL in grafana I am able to drop or delete measurements/ data although I am only using a read-only token for this bucket.
This possibility is an huge security problem for my project. From the documentation it appears that “DROP MEASUREMENT” and “DELETE” count as read-only queries (see " InfluxDB OSS 2.0 supports InfluxQL read-only queries. See supported and unsupported queries below. To learn more about InfluxQL, see Influx Query Language (InfluxQL)" Query data with InfluxQL | InfluxDB OSS 2.0 Documentation).
I’m new to influxdb and would like to know if there is a possibility to prohibit those commands or restrict users rights so that a grafana user cant delete my data.
I’m not using InflxDB2, but in version 1x I have created a user that has only READ permission on the DB for Grafana.
What’s your current user permission?
can you run DELETE and DROP successfully even with a user that only has READ permission? (I really really hope the answer is no)
I suggest you open an issue on GitHub about this one. (read-only token allows to run DROP and DELETE)
I tested everything with the 1.8 version of Influx yesterday. And it works as it should. A user with just read permission is blocked from performing “DROP MEASUREMENT” or “DELETE” queries.
However i cant get it work with 2.0 and this new token system. I created a new user and created a read-only token for this user only with read access to this specific bucket (see picture below). Still I am able to delete data with him by running those queries in the raw query mode.
I am using the token in the custom http header section with the value: token “myToken” as described in many blogs and tried every combination in the auth details and below in the user and password file. Nothing worked yet.
