From 7eb64606cdbee84809542caac2c29d371a29a374 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 10 Dec 2025 17:04:28 +0000 Subject: [PATCH 1/3] Initial plan From 2cbf3524d020abf266227e93cf8d13ad53369207 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 10 Dec 2025 17:24:13 +0000 Subject: [PATCH 2/3] Change token type headings from h4 to h3 to fix fragment detection Changed heading levels for Operator token, All Access token, and Read/Write token from level 4 to level 3. This ensures better compatibility with link checkers that may have issues detecting fragments in h4 headings. Co-authored-by: jstirnaman <212227+jstirnaman@users.noreply.github.com> --- content/influxdb/v2/admin/tokens/_index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/influxdb/v2/admin/tokens/_index.md b/content/influxdb/v2/admin/tokens/_index.md index 3a4a391d96..37cde83bda 100644 --- a/content/influxdb/v2/admin/tokens/_index.md +++ b/content/influxdb/v2/admin/tokens/_index.md @@ -24,7 +24,7 @@ Learn how to create, view, update, or delete an API token. - [All Access API token](#all-access-token) - [Read/Write token](#readwrite-token) -#### Operator token +### Operator token Grants full read and write access to **all organizations and all organization resources in InfluxDB OSS 2.x**. Some operations, e.g. [retrieving the server configuration](/influxdb/v2/reference/config-options/), require operator permissions. Operator tokens are created in the InfluxDB setup process. @@ -39,10 +39,10 @@ for each organization and using those to manage InfluxDB. This helps to prevent accidental interactions across organizations. {{% /note %}} -#### All Access token +### All Access token Grants full read and write access to all resources in an organization. -#### Read/Write token +### Read/Write token Grants read access, write access, or both to specific buckets in an organization. {{< children hlevel="h2" >}} From 0735912b19513cd846aac04628d7b8e850eec5c2 Mon Sep 17 00:00:00 2001 From: Jason Stirnaman Date: Tue, 16 Dec 2025 12:45:53 -0600 Subject: [PATCH 3/3] fix(v2): Clarify operator token auto- vs manual- generation --- content/influxdb/v2/admin/tokens/_index.md | 28 +++++++++++++++------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/content/influxdb/v2/admin/tokens/_index.md b/content/influxdb/v2/admin/tokens/_index.md index 37cde83bda..a763fb3db2 100644 --- a/content/influxdb/v2/admin/tokens/_index.md +++ b/content/influxdb/v2/admin/tokens/_index.md @@ -25,24 +25,36 @@ Learn how to create, view, update, or delete an API token. - [Read/Write token](#readwrite-token) ### Operator token + Grants full read and write access to **all organizations and all organization resources in InfluxDB OSS 2.x**. -Some operations, e.g. [retrieving the server configuration](/influxdb/v2/reference/config-options/), require operator permissions. -Operator tokens are created in the InfluxDB setup process. +Some operations--for example, [retrieving the server configuration](/influxdb/v2/reference/config-options/)--require _operator_ permissions. + +#### Initial operator token + +When you first initialize {{% product-name %}}, the [setup](/influxdb/v2/get-started/setup/) process creates an initial user, org, bucket, and an Operator token with full read/write access to all organizations. +When running setup, you can either: + +- Supply the token value yourself ([`influx setup --token` flag](/influxdb/v2/reference/cli/influx/setup/) or the [setup API](/influxdb/v2/api/v2/#tag/Setup) `token` field), or +- Let InfluxDB auto-generate it. InfluxDB stores the generated token in the active influx CLI config so the CLI can use it later. + +#### Creating operator tokens after setup + To [create an operator token manually](/influxdb/v2/admin/tokens/create-token/) with the InfluxDB UI, `api/v2` API, or `influx` CLI after the setup process is completed, you must use an existing [Operator token](/influxdb/v2/admin/tokens/#operator-token). To create a new Operator token without using an existing one, see how to use the [`influxd recovery auth`](/influxdb/v2/reference/cli/influxd/recovery/auth/) CLI. -{{% note %}} -Because Operator tokens have full read and write access to all organizations in the database, -we recommend [creating an All Access token](/influxdb/v2/admin/tokens/create-token/) -for each organization and using those to manage InfluxDB. -This helps to prevent accidental interactions across organizations. -{{% /note %}} +> [!Tip] +> Because Operator tokens have full read and write access to all organizations in the database, +> we recommend [creating an All Access token](/influxdb/v2/admin/tokens/create-token/) +> for each organization and using those to manage InfluxDB. +> This helps to prevent accidental interactions across organizations. ### All Access token + Grants full read and write access to all resources in an organization. ### Read/Write token + Grants read access, write access, or both to specific buckets in an organization. {{< children hlevel="h2" >}}