Type of permissions/authorization for token

hello good morning.
It occurred to me to create a token for a telegraph agent installed on a remote server and that this has restricted permissions/authorization for a specific bucket. What type of permissions/authorization do you recommend that this token have?, or what type of permissions would be necessary for the remote agent to be able to operate without problems when writing metrics in influxdb. My idea is to have only the necessary permissions to write to a bucket.

I asked something similar on github and they answered me writing, but looking at the flags associated with the ‘influx auth create’ command I see that several flags refer to writing. So, I have a doubt about whether it is all the permissions/authorization to write or just some specific ones. By the way, I am using influxdb2.

Thank you very much for your time and help.