See also:

A Juju user is any person able to log in to a Juju controller. This document describes the various ways that a user may interact with Juju, depending on their role.


User roles

Controller-level roles


Gives you the ability to log in to the controller, nothing else. Role granted via juju register. Effective starting with the moment the user has registered.

A person logged into the jaas controller automatically has the login role. This is automatically granted via juju grant login everyone@external.


Gives you the ability to create your own model in the controller. Role granted by the controller superuser using the juju grant add-model <(comma-separated list of )username(s)>. A person with an add-model role can give someone else whatever model permissions they want to that model via juju grant <(comma-separated list of )rolename(s)> <(comma-separated list of )username(s)>.


God-mode. Admin. You can do anything, e.g., add or remove users, give permissions, etc. Role granted to the Juju client when bootstrapping a controller. Role name automatically assigned to the username “admin”. The role can also be granted via juju grant superuser <(comma-separated list of )username(s)>.

Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser role is usually what people refer to as “the admin”.

Model-level roles


A person with this role can view the content of a model without changing it. The most common command to do this is juju status, but the user can also use any other of the read commands, e.g., juju machines> or juju show-machines`.


A person with this role can deploy and manage applications on the model. Essentially, they can do anything to the model except delete it and grant permissions to other users.


A person with this role can consume offers hosted by that model. They cannot do anything else to the model.


God-mode for the model.

Cloud-level roles



Last updated 2 months ago.