User access levels

User > User access levels

See also: How to manage a user’s access level

A Juju user may have different abilities, according to the access level they have been granted. This document describes the various access levels and the corresponding abilities.

Contents:

Valid access levels for controllers

Access level Granted Abilities

login

Via juju register. Log in to the controller.

superuser

Automatically by bootstrapping a controller.

Automatically by having the username ‘admin’.

Via juju grant.

You can do anything that it is possible to do at the level of a controller.

A person logged into the jaas controller automatically has the login access level. This is automatically granted via juju grant login everyone@external.

Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser access level is usually what people refer to as “the admin”.

Valid access levels for clouds

A controller can manage models on many clouds. With cloud-level access you can give a user permission to access one cloud but not another related to that controller.

Access level Granted Abilities

add-model

Via juju grant-cloud. Add a model.

Grant another user model-level permissions.

admin

Via juju grant-cloud. You can do anything that it is possible to do at the level of a cloud.

Valid access levels for models

Access level Granted Abilities

read

Via juju grant. View the content of a model without changing it. Can use any of the read commands.

write

Via juju grant. Deploy and manage applications on the model.

admin

Via juju grant. You can do anything that it is possible to do at the level of a model.

Valid access levels for application offers

Access level Granted Abilities

read

Via juju grant. View offers during a search with juju find-offers.

consume

Via juju grant. Relate an application to the offer.

admin

Via juju grant. You can do anything that it is possible to do at the level of an offer.


Contributors: @aieri, @tmihoc, @wallyworld