Manage users¶

See first: User

Set up a new user¶

Configure your JIMM controller to have a DNS address and share it with the user.

See more: Charmhub | juju-jimm-k8s > Configurations > dns-name

Add a Juju controller to JAAS.

Add the user to JAAS.

See more: Control user access

Assuming the user already has the juju CLI client installed, get the user to log in to JIMM using the DNS address. For example:

juju login test-jimm.localhost:443 -c jaas

This will print a string that includes a link to the identity provider connected to the JIMM controller. The user can use this to log in.

Once that’s done, if the user runs juju controllers, they should be able to see the jaas controller, and commands like juju models should work work. However, to perform any meaningful operations, the user will also need access to a cloud by adding a cloud (or being granted access to one via juju grant-cloud), adding cloud credentials, and using juju update-credentials with the --controller jimm flag to make their credentials available to JIMM (which will store them in Vault). For example, assuming the localhost cloud:

juju update-credentials localhost --controller jimm

At this point the user can start doing whatever the permissions you’ve granted them allow them to do, for example, add a model and deploy applications to it.

Control user access¶

Note

This permissions mechanism supplements the Juju way of granting a user access to controllers, clouds, models, and offers, and can be used in addition to it. See more: Juju | Manage a user’s access level or Terraform Provider Juju | Manage a user’s access level .

To control user access to another entity – be it a role or a group, or a resource such as a controller, a cloud, a model, or an application offer – add a permission between the user and the entity. For example:

# Assign a user to a role:
juju add-permission [email protected] assignee role-myrole

# Add a user to a group:
juju add-permission [email protected] member group-mygroup

# Give a user administrator rights to a cloud:
juju add-permission [email protected] administrator cloud-mycloud

# Give all users in group A add-model rights on a controller:
juju add-permission group-groupA#member can_addmodel controller-mycontroller

# Give all users the ability to consume an offer:
juju add-permission user-everyone@external consumer applicationoffer-mycontroller/mymodel.myoffer

See more: Manage permissions, Assign a user to a role, Add a user to a group, Control user access to a Juju controller, Control user access to a cloud, Control user access to a model, Control user access to an offer