User

See also:

• Working with multiple users

A Juju user is any person able to log in to a Juju controller. This document describes the various ways that a user may interact with Juju, depending on their role.

Contents:

• User roles
  • Controller-level roles
    • login
    • add-model
    • superuser
  • Model-level roles
    • read
    • write
    • consume
    • admin
  • Cloud-level roles
    • admin
    • add-model

User roles

Controller-level roles

login

Gives you the ability to log in to the controller, nothing else. Role granted via juju register. Effective starting with the moment the user has registered.

add-model

Gives you the ability to create your own model in the controller. Role granted by the controller superuser using the juju grant add-model <(comma-separated list of )username(s)>. A person with an add-model role can give someone else whatever model permissions they want to that model via juju grant <(comma-separated list of )rolename(s)> <(comma-separated list of )username(s)>.

superuser

God-mode. Admin. You can do anything, e.g., add or remove users, give permissions, etc. Role granted to the Juju client when bootstrapping a controller. Role name automatically assigned to the username “admin”. The role can also be granted via juju grant superuser <(comma-separated list of )username(s)>.

Model-level roles

read

A person with this role can view the content of a model without changing it. The most common command to do this is juju status, but the user can also use any other of the read commands, e.g., juju machines> or juju show-machines`.

write

A person with this role can deploy and manage applications on the model. Essentially, they can do anything to the model except delete it and grant permissions to other users.

consume

A person with this role can consume offers hosted by that model. They cannot do anything else to the model.

admin

God-mode for the model.

Cloud-level roles

admin

add-model

Last updated 2 months ago.