User access levels
User > User access levels
See also: How to manage users
A Juju user may have different abilities, according to the access level they have been granted. This document describes the various access levels and the corresponding abilities.
Contents:
- Valid access levels for controllers
- Valid access levels for clouds
- Valid access levels for models
- Valid access levels for application offers
Valid access levels for controllers
| Access level | Granted | Abilities |
|---|---|---|
|
Via juju register. |
Log in to the controller. |
|
Automatically by bootstrapping a controller. Automatically by having the username ‘admin’. Via |
God-mode for the controller. You can do anything that it is possible to do within a controller. |
A person logged into the jaas controller automatically has the login access level. This is automatically granted via juju grant login everyone@external.
Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser access level is usually what people refer to as “the admin”.
Valid access levels for clouds
A controller can manage models on many clouds. With cloud-level access you can give a user permission to access one cloud but not another related to that controller.
| Access level | Granted | Abilities |
|---|---|---|
|
Via juju grant-cloud. |
Add a model. Grant another user model-level permissions. |
|
Via juju grant-cloud. |
God-mode for the cloud. |
Valid access levels for models
| Access level | Granted | Abilities |
|---|---|---|
|
Via juju grant. |
View the content of a model without changing it. Can use any of the read commands. |
|
Via juju grant. |
Deploy and manage applications on the model. |
|
Via juju grant. |
God-mode for the model. |
Valid access levels for application offers
| Access level | Granted | Abilities |
|---|---|---|
|
Via juju grant. |
|
|
Via juju grant. |
|
|
Via juju grant. |
Last updated 5 months ago.