User access levels

User > User access levels

See also: How to manage a user’s access level

A Juju user may have different abilities, according to the access level they have been granted. This document describes the various access levels and the corresponding abilities.


Valid access levels for controllers

Access level Granted Abilities


Via juju register. Log in to the controller.


Automatically by bootstrapping a controller.

Automatically by having the username ‘admin’.

Via juju grant.

God-mode for the controller. You can do anything that it is possible to do within a controller.

A person logged into the jaas controller automatically has the login access level. This is automatically granted via juju grant login everyone@external.

Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser access level is usually what people refer to as “the admin”.

Valid access levels for clouds

A controller can manage models on many clouds. With cloud-level access you can give a user permission to access one cloud but not another related to that controller.

Access level Granted Abilities


Via juju grant-cloud. Add a model.

Grant another user model-level permissions.


Via juju grant-cloud. God-mode for the cloud.

Valid access levels for models

Access level Granted Abilities


Via juju grant. View the content of a model without changing it. Can use any of the read commands.


Via juju grant. Deploy and manage applications on the model.


Via juju grant. God-mode for the model.

Valid access levels for application offers

Access level Granted Abilities


Via juju grant. View offers during a search with juju find-offers.


Via juju grant. Relate an application to the offer.


Via juju grant. God-mode for managing the offer.

As a Doom and Quake (and many other FPSs) player, I totally get the meaning of “God-mode”, but I wonder if this could be considered upsetting / offensive to some users?