Manage users¶
See first: User
Set up a new user¶
Configure your JIMM controller to have a DNS address and share it with the user.
Add a Juju controller to JAAS.
Add the user to JAAS.
See more: Control user access
Assuming the user already has the juju
CLI client installed, get the user to log in to JIMM using the DNS address. For example:
juju login test-jimm.localhost:443 -c jaas
At this point juju controllers
should show the jaas
controller and commands like juju models
should work work. However, to perform any meaningful operations, the user will also need access to a cloud by adding a cloud (or being granted access to one via juju grant-cloud
), adding cloud credentials, and using juju update-credentials
with the --controller jimm
flag to make their credentials available to JIMM (which will store them in Vault). For example, assuming the localhost
cloud:
juju update-credentials localhost --controller jimm
At this point the user can start doing whatever the permissions you’ve granted them allow them to do, for example, add a model and deploy applications to it.
Control user access¶
Note
This permissions mechanism supplements the Juju way of granting a user access to controllers, clouds, models, and offers, and can be used in addition to it. See more: Juju | Manage a user’s access level or Terraform Provider Juju | Manage a user’s access level.
To control user access to another entity – be it a role or a group, or a resource such as a controller, a cloud, a model, or an application offer – add a permission between the user and the entity. For example:
# Assign a user to a role:
juju add-permission [email protected] assignee role-myrole
# Add a user to a group:
juju add-permission [email protected] member group-mygroup
# Give a user administrator rights to a cloud:
juju add-permission [email protected] administrator cloud-mycloud
# Give all users in group A add-model rights on a controller:
juju add-permission group-groupA#member can_addmodel controller-mycontroller
# Give all users the ability to consume an offer:
juju add-permission user-everyone@external consumer applicationoffer-mycontroller/mymodel.myoffer