A Juju user is any person able to log in to a Juju controller. This document describes the various ways that a user may interact with Juju, depending on their role.
- User roles
Gives you the ability to log in to the controller, nothing else. Role granted via
juju register. Effective starting with the moment the user has registered.
A person logged into the
jaas controller automatically has the login role. This is automatically granted via
juju grant login everyone@external.
Gives you the ability to create your own model in the controller. Role granted by the controller superuser using the
juju grant add-model <(comma-separated list of )username(s)>. A person with an add-model role can give someone else whatever model permissions they want to that model via
juju grant <(comma-separated list of )rolename(s)> <(comma-separated list of )username(s)>.
God-mode. Admin. You can do anything, e.g., add or remove users, give permissions, etc. Role granted to the Juju client when bootstrapping a controller. Role name automatically assigned to the username “admin”. The role can also be granted via
juju grant superuser <(comma-separated list of )username(s)>.
Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser role is usually what people refer to as “the admin”.
A person with this role can view the content of a model without changing it. The most common command to do this is
juju status, but the user can also use any other of the read commands, e.g.,
juju machines> or juju show-machines`.
A person with this role can deploy and manage applications on the model. Essentially, they can do anything to the model except delete it and grant permissions to other users.
A person with this role can consume offers hosted by that model. They cannot do anything else to the model.
God-mode for the model.
Last updated 2 months ago.