Manage users

See first: User

Set up a new user

Configure your JIMM controller to have a DNS address and share it with the user.

Add a Juju controller to JAAS.

Add the user to JAAS.

Assuming the user already has the juju CLI client installed, get the user to log in to JIMM using the DNS address. For example:

juju login test-jimm.localhost:443 -c jaas

At this point juju controllers should show the jaas controller and commands like juju models should work work. However, to perform any meaningful operations, the user will also need access to a cloud by adding a cloud (or being granted access to one via juju grant-cloud), adding cloud credentials, and using juju update-credentials with the --controller jimm flag to make their credentials available to JIMM (which will store them in Vault). For example, assuming the localhost cloud:

juju update-credentials localhost --controller jimm

At this point the user can start doing whatever the permissions you’ve granted them allow them to do, for example, add a model and deploy applications to it.

Control user access

Note

This permissions mechanism supplements the Juju way of granting a user access to controllers, clouds, models, and offers, and can be used in addition to it. See more: Juju | Manage a user’s access level or Terraform Provider Juju | Manage a user’s access level.

To control user access to another entity – be it a role or a group, or a resource such as a controller, a cloud, a model, or an application offer – add a permission between the user and the entity. For example:

# Assign a user to a role:
juju add-permission [email protected] assignee role-myrole

# Add a user to a group:
juju add-permission [email protected] member group-mygroup

# Give a user administrator rights to a cloud:
juju add-permission [email protected] administrator cloud-mycloud

# Give all users in group A add-model rights on a controller:
juju add-permission group-groupA#member can_addmodel controller-mycontroller

# Give all users the ability to consume an offer:
juju add-permission user-everyone@external consumer applicationoffer-mycontroller/mymodel.myoffer