User access levels

User > User access levels

See also: How to manage a user’s access level

A Juju user may have different abilities, according to the access level they have been granted. This document describes the various access levels and the corresponding abilities.

Contents:

Valid access levels for controllers

Access level Granted Abilities

login

Via juju register. Log in to the controller.

superuser

Automatically by bootstrapping a controller.

Automatically by having the username ‘admin’.

Via juju grant.

God-mode for the controller. You can do anything that it is possible to do within a controller.

A person logged into the jaas controller automatically has the login access level. This is automatically granted via juju grant login everyone@external.

Since multiple controllers—and therefore multiple controller administrators—are possible, there is no such thing as an overarching “Juju administrator”. Nevertheless, a user with the superuser access level is usually what people refer to as “the admin”.

Valid access levels for clouds

A controller can manage models on many clouds. With cloud-level access you can give a user permission to access one cloud but not another related to that controller.

Access level Granted Abilities

add-model

Via juju grant-cloud. Add a model.

Grant another user model-level permissions.

admin

Via juju grant-cloud. God-mode for the cloud.

Valid access levels for models

Access level Granted Abilities

read

Via juju grant. View the content of a model without changing it. Can use any of the read commands.

write

Via juju grant. Deploy and manage applications on the model.

admin

Via juju grant. God-mode for the model.

Valid access levels for application offers

Access level Granted Abilities

read

Via juju grant. View offers during a search with juju find-offers.

consume

Via juju grant. Relate an application to the offer.

admin

Via juju grant. God-mode for managing the offer.