Manage permissions¶
See first: Juju | Juju access levels
See also: Authorization
Add a permission¶
To add a permission between an entity A (always a user, whether identified directly or through a group/role) and an entity B (group, role, or resource – controller, cloud, model, or application offer), run the add-permission command followed by A (in tag notation or alternatives), the desired B-supported permission, and B (in tag notation). For example:
# Make Alice cloud admin:
juju add-permission [email protected] administrator cloud-mycloud
# Add Bob and Cindy to the mygroup group:
juju add-permission [email protected] member group-mygroup
juju add-permission [email protected] member group-mygroup
# Let everyone in group mygroup add models that will use resources from cloud my-cloud:
juju add-permission group-mygroup#member can-addmodel cloud-mycloud
entity A |
permission |
entity B |
|---|---|---|
For any given resource, permissions are currently hierarchical and some permissions are implicit – e.g., given a cloud associated with a controller and a model associated with the cloud, a controller administrator entails cloud administrator entails cloud can_addmodel.
See more: juju add-permission
Verify a permission¶
Given two entities A and B, to verify that there is a specific permission between them, run the check-permission command followed by the tag of A, the permission, and the tag of B. For example:
juju check-permission [email protected] administrator controller-aws-controller-1
See more: juju check-permission
View all the current permissions¶
To view all the current permissions, run the list-permissions command. For example:
juju list-permissions [options]
See more: juju list-permissions
Remove a permission¶
Given two entities A and B and a pre-existing permission between them, to remove the permission, run the remove-permission command followed by the tag of A, the permission, and the tag of B. For example:
juju remove-permission [email protected] member group-mygroup