Is it possible to create a non-admin user who can't delete data in influxdb?
I would like to create a user who can read/write (query/insert) data but not delete what has already been inserted.
According to what I can see in the official docs, I don't think I can. Is that correct? Or is there a sneaky workaround?
Non-admin users
Non-admin users can have one of the following three privileges per database:
*READ
◦WRITE
◦ALL(bothREADandWRITEaccess)
READ,WRITE, andALLprivileges are controlled per user per database. A new non-admin user has no access to any database until they are specifically granted privileges to a database by an admin user.
GRANTREAD,WRITEorALLdatabase privileges to an existing user:GRANT [READ,WRITE,ALL] ON <database_name> TO <username>
No, Deleting is a write operation. Write privilege allows you to make changes which can be adding, overwriting, or deleting things. Even if deleting was somehow restricted, if you can insert data then you can always overwrite existing data which allows you to destroy any actual data, essentially "deleting" it.
EDIT: as pointed out in the comment below, this applies for community edition of influxdb. Indeed the Enterprise edition supports more refined roles, and supports what the OP asked for, namely DROP_DATA role. Read more here https://docs.influxdata.com/chronograf/v1.7/administration/managing-influxdb-users/#dropdata and here https://docs.influxdata.com/enterprise_influxdb/v1.7/guides/fine-grained-authorization/