User access levels

Parent doc: User

A Juju user may have different abilities, according to the access level they have been granted. This document describes the various access levels and the corresponding abilities.

Contents:

Valid access levels for controllers

Access level Granted Abilities

login

Via juju register. Log in to the controller.

superuser

Automatically by bootstrapping a controller.

Automatically by having the username ‘admin’.

Via juju grant.

God-mode for the controller. You can do anything that it is possible to do within a controller.

A person logged into the jaas controller automatically has the login role. This is automatically granted via juju grant login everyone@external.

Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser role is usually what people refer to as “the admin”.

Valid access levels for models

Access level Granted Abilities

read

Via juju grant. View the content of a model without changing it. Can use any of the read commands.

write

Via juju grant. Deploy and manage applications on the model.

admin

Via juju grant. God-mode for the model.

Valid access levels for application offers

Access level Granted Abilities

read

Via juju grant.

consume

Via juju grant.

admin

Via juju grant.

Valid access levels for clouds

A controller can manage models on many clouds. With cloud-level access you can give a user permission to access one cloud but not another related to that controller.

Access level Granted Abilities

add-model

Via juju grant-cloud. Add a model.

Grant another user model-level permissions.

admin

Via juju grant-cloud. God-mode for the cloud.

Last updated a month ago.