How to manage users¶
See also: User
Add a user¶
Tip
If you’re the controller creator:
Juju has already set up a user for you. Your username is admin
and your access level is that of controller superuser
. Run juju logout
to be prompted to set up a password. Use juju change-user-password
to set the password.
To add a user to a controller, run the add-user
command followed by the username you want to assign to this user. For example:
juju add-user alex
This will create a user with username ‘alex’ and a controller login
access level.
See more: User access levels
It will also print a line of code that you must give this user to run using their Juju client – this will register the controller with their client and also prompt them to set up a password for the user.
Example user setup
Admin adding a new user ‘alex’ to the controller:
# Add a user named `alex`:
$ juju add-user alex
User "alex" added
Please send this command to alex:
juju register MFUTBGFsZXgwFRMTMTAuMTM2LjEzNi4xOToxNzA3MAQghBj6RLW5VgmCSWsAesRm5unETluNu1-FczN9oVfNGuYTFGxvY2FsaG9zdC1jb250cm9sbGVy
"alex" has not been granted access to any models. You can use "juju grant" to grant access.
New user ‘alex’ accessing the controller:
$ juju register MFUTBGFsZXgwFRMTMTAuMTM2LjEzNi4xOToxNzA3MAQghBj6RLW5VgmCSWsAesRm5unETluNu1-FczN9oVfNGuYTFGxvY2FsaG9zdC1jb250cm9sbGVy
Enter a new password: ********
Confirm password: ********
Enter a name for this controller {ref}`localhost-controller]: localhost-controller
Initial password successfully set for alex.
Welcome, alex. You are now logged into "localhost-controller".
There are no models available. You can add models with
"juju add-model", or you can ask an administrator or owner
of a model to grant access to that model with "juju grant".
Note
Controller registration (and any other Juju operations that involves communication between a client and a controller) requires that the client be able to contact the controller over the network on TCP port 17070. In particular, if using a LXD-based cloud, network routes need to be in place (i.e. to contact the controller LXD container the client traffic must be routed through the LXD host).
See more: juju add-user, register-a-controller
View all the known users¶
To view a list of all the users known (i.e., allowed to log in) to the current controller, run the users
command:
juju users
The command also has flags that will allow you to specify a different controller, an output file, an output format, whether to print the full timestamp for connection times, etc.
See more: juju users
View details about a user¶
To view details about a specific user, run the show-user
command followed by the name of the user. For example:
juju show-user alice
This will display the user’s username, display name (if available), access level, creation date, and last connection time, in a YAML format.
Expand to see a sample output for user ‘admin’
user-name: admin
display-name: admin
access: superuser
date-created: 8 minutes ago
last-connection: just now
See more: juju show-user
View details about the current user¶
To see details about the current user, run the whoami
command:
juju whoami
This will print the current controller, model, and user username.
Example output
Controller: microk8s-controller
Model: <no-current-model>
User: admin
See more: juju whoami
Manage a user’s access level¶
See also: User access levels
The procedure for how to control a user’s access level depends on whether you want to grant access at the level of the controller, model, application, or application offer or rather at the level of a cloud.
Important
This division doesn’t currently align perfectly with the scope hierarchy, which is rather controller > cloud > model > application > offer (because the cloud scope is designed as a restriction on the controller scope for cases where multiple clouds are managed via the same controller).
Manage access at the controller, model, application, or offer level¶
Grant access. To grant a user access at the controller, model, application, or offer level, run the grant
command, specifying the user, applicable desired access level, and the target controller, model, application, or offer. For example:
juju grant jim write mymodel
The command also has a flag that allows you to specify a different controller to operate in.
See more: juju grant
Revoke access. To revoke a user’s access at the controller, model, application, or offer level, run the revoke
command, specifying the user, access level to be revoked, and the controller, model, application, or offer to be revoked from. For example:
juju revoke joe read mymodel
The command also has a flag that allows you to specify a different controller to operate in.
See more: juju revoke
Manage access at the cloud level¶
Grant access. To grant a user’s access at the cloud level, run the grant-cloud
command followed by the name of the user, the access level, and the name of the cloud. For example:
juju grant-cloud joe add-model fluffy
See more: juju grant-cloud
Revoke access. To revoke a user’s access at the cloud level, run the revoke-cloud
command followed by the name of the user, the access level to be revoked, and the name of the cloud. For example:
juju revoke-cloud joe add-model fluffy
See more: juju revoke-cloud
Manager a user’s login details¶
Set a password. The procedure for how to set a password depends on whether you are the controller creator or rather some other user.
To set a password as a controller creator user (‘admin’), run the
change-user-password
command, optionally followed by your username, ‘admin’.
juju change-user-password
This will prompt you to type, and then re-type, your desired password.
See more: juju change-user-password
To set a password as a non-controller-creator user, follow the prompt you get when registering the controller via the
register
command.
See more: register-a-controller
Change a password. To change the current user’s password, run the change-user-password
command:
juju change-user-password
This will prompt you to type, and then re-type, your desired password.
The command also allows an optional username argument, and flags, allowing an admin to change / reset the password for another user.
See more: juju change-user-password
Manage a user’s login status¶
Log in.
Important
If you’re the controller creator:
You’ve already been logged in as the admin
user. To verify, run juju whoami
or juju show-user admin
; to set a password, run juju change-user-password
to set a password; to log out, run juju logout
.
Important
If you’ve just registered an external controller with your client (via juju register
):
You’re already logged in. Run juju whoami
or juju show-user <username
to view your user details.
To log in as a user on the current controller, run the login
command, using the -u
flag to specify the user you want to log in as. For example:
juju login -u alice
This will prompt you to enter the password.
The command also has flags that allow you to specify a controller, etc.
See more: juju login
Log out.
Important
If you’re the controller creator, and you haven’t set a password yet:
You will be prompted to set a password. Make sure to set it before logging out.
To log a user out of the current controller, run the logout
command:
juju logout
See more: juju logout
Manage a user’s enabled status¶
To disable a user on the current controller, run the disable-user
command followed by the name of the user. For example:
juju disable-user mike
See more: juju disable-user
Tip
To view disabled users in the output of juju users
: Use the --all
flag.
To re-enable a disabled user on a controller, run the enable-user
command followed by the name of the user. For example:
juju enable-user mike
See more: juju enable-user
Remove a user¶
To remove a user from the current controller, run the remove-user
command followed by the name of the user. For example:
juju remove-user bob
This will prompt you to confirm, and then proceed to remove.
The command also has flags that allow you to specify a different controller, skip the confirmation, etc.
See more: juju remove-user