User access levels

doc
1

User > User access levels

See also: How to manage a user’s access level

A Juju user may have different abilities, according to the access level they have been granted. This document describes the various access levels and the corresponding abilities.

Contents:

Valid access levels for controllers

Access level Granted Abilities

login

 Via juju register. Log in to the controller.

superuser

 Automatically by bootstrapping a controller.

Automatically by having the username ‘admin’.

Via juju grant.

 You can do anything that it is possible to do at the level of a controller.

A person logged into the jaas controller automatically has the login access level. This is automatically granted via juju grant login everyone@external.

Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser access level is usually what people refer to as “the admin”.

Valid access levels for clouds

A controller can manage models on many clouds. With cloud-level access you can give a user permission to access one cloud but not another related to that controller.

Access level Granted Abilities

add-model

 Via juju grant-cloud. Add a model.

Grant another user model-level permissions.

admin

 Via juju grant-cloud. You can do anything that it is possible to do at the level of a cloud.

Valid access levels for models

Access level Granted Abilities

read

 Via juju grant. View the content of a model without changing it. Can use any of the read commands.

write

 Via juju grant. Deploy and manage applications on the model.

admin

 Via juju grant. You can do anything that it is possible to do at the level of a model.

Valid access levels for application offers

Access level Granted Abilities

read

 Via juju grant. View offers during a search with juju find-offers.

consume

 Via juju grant. Relate an application to the offer.

admin

 Via juju grant. You can do anything that it is possible to do at the level of an offer.


Contributors: @aieri, @tmihoc, @wallyworld

2
3
4

As a Doom and Quake (and many other FPSs) player, I totally get the meaning of “God-mode”, but I wonder if this could be considered upsetting / offensive to some users?

1 Like
5

Fixed, thanks! (PS Also added you as a contributor.)