I want to set up my Kapacitor user properly - as a user with minimal DB privileges to execute my alerts.
The following user creates a Kapacitor error:
> CREATE USER "reader" WITH PASSWORD '111111' > GRANT READ ON some_db TO reader
run: open server: open service *influxdb.Service: failed to link subscription on startup: error authorizing query: reader not authorized to execute statement 'SHOW RETENTION POLICIES ON _internal'
I tried granting read / all permissions on _internal to the reader user - Kapacitor still doesn’t start.
Kapacitor starts successfully with an admin role. I want the alert user to have minimal privileges though, and prefer to avoid using admin.
What is this minimal set of privileges?