I can’t query _monitoring bucket using read-only token. It works with all-access token.
It seems that there is problem with system bucket permissions.
With all-access token
> influx auth create --all-access -o example
ID Description Token User Name User ID Permissions
0af8b494f7246000 YGxuKBHhZzQS7Dwr49U9FBlVfVAxxgoFkr4D_T4RrpX1lhdjQr0ESMmZdOZIY6VFOzTB7dsEC-TKZyvFGWZxAQ== admin 0ad3c91cacafc000 [read:orgs/b9701ceb087c8983/authorizations write:orgs/b9701ceb087c8983/authorizations read:orgs/b9701ceb087c8983/buckets write:orgs/b9701ceb087c8983/buckets read:orgs/b9701ceb087c8983/dashboards write:orgs/b9701ceb087c8983/dashboards read:/orgs/b9701ceb087c8983 read:orgs/b9701ceb087c8983/sources write:orgs/b9701ceb087c8983/sources read:orgs/b9701ceb087c8983/tasks write:orgs/b9701ceb087c8983/tasks read:orgs/b9701ceb087c8983/telegrafs write:orgs/b9701ceb087c8983/telegrafs read:/users/0ad3c91cacafc000 write:/users/0ad3c91cacafc000 read:orgs/b9701ceb087c8983/variables write:orgs/b9701ceb087c8983/variables read:orgs/b9701ceb087c8983/scrapers write:orgs/b9701ceb087c8983/scrapers read:orgs/b9701ceb087c8983/secrets write:orgs/b9701ceb087c8983/secrets read:orgs/b9701ceb087c8983/labels write:orgs/b9701ceb087c8983/labels read:orgs/b9701ceb087c8983/views write:orgs/b9701ceb087c8983/views read:orgs/b9701ceb087c8983/documents write:orgs/b9701ceb087c8983/documents read:orgs/b9701ceb087c8983/notificationRules write:orgs/b9701ceb087c8983/notificationRules read:orgs/b9701ceb087c8983/notificationEndpoints write:orgs/b9701ceb087c8983/notificationEndpoints read:orgs/b9701ceb087c8983/checks write:orgs/b9701ceb087c8983/checks read:orgs/b9701ceb087c8983/dbrp write:orgs/b9701ceb087c8983/dbrp read:orgs/b9701ceb087c8983/notebooks write:orgs/b9701ceb087c8983/notebooks read:orgs/b9701ceb087c8983/annotations write:orgs/b9701ceb087c8983/annotations read:orgs/b9701ceb087c8983/remotes write:orgs/b9701ceb087c8983/remotes read:orgs/b9701ceb087c8983/replications write:orgs/b9701ceb087c8983/replications]
> influx bucket ls -t
ID Name Retention Shard group duration Organization ID Schema Type
af78a3123d4bf8af _monitoring 168h0m0s 24h0m0s b9701ceb087c8983 implicit
e0a65d9f25bafb31 _tasks 72h0m0s 24h0m0s b9701ceb087c8983 implicit
8f4f63ed110931cf example-bucket 168h0m0s 168h0m0s b9701ceb087c8983 implicit
With read (all) buckets token I can view only user bucket
> influx auth create --read-buckets -o example
ID Description Token User Name User ID Permissions
0af8b54787646000 qq9aPwR9suwsSwlqIqIrvhVitYy-IYeTCdf0Mas0ljSKRevBeoEdvBjTMl-Hej3bW2sawRpgq53gMdKkEuVrCA== admin 0ad3c91cacafc000 [read:orgs/b9701ceb087c8983/buckets]
> influx bucket ls -o example -t qq9aPwR9suwsSwlqIqIrvhVitYy-IYeTCdf0Mas0ljSKRevBeoEdvBjTMl-Hej3bW2sawRpgq53gMdKkEuVrCA==
ID Name Retention Shard group duration Organization ID Schema Type
8f4f63ed110931cf example-bucket 168h0m0s 168h0m0s b9701ceb087c8983 implicit
It also does not work when granting permission only to _monitoring bucket.
> influx auth create --read-bucket af78a3123d4bf8af -o example
ID Description Token User Name User ID Permissions
0af8b61e30246000 akIOi3WQXaamGyb9CQ0zKSvFwVLss3J0udShwh5GK0myzvJAwUfbVJI1ng5duZ9E0glmvwpG-IyU8GkYsqYAzQ== admin 0ad3c91cacafc000 [read:orgs/b9701ceb087c8983/buckets/af78a3123d4bf8af]
> influx bucket ls -o example -t akIOi3WQXaamGyb9CQ0zKSvFwVLss3J0udShwh5GK0myzvJAwUfbVJI1ng5duZ9E0glmvwpG-IyU8GkYsqYAzQ==
ID Name Retention Shard group duration Organization ID Schema Type
I’m using InfluxDB OSS 2.6.1.
