Commands can be disabled on a per-model basis. This is to protect the model
from unintentional changes. This is accomplished through the use of the
disable-command command with one of three progressively restrictive command
By disabling the
destroy-model group, for instance, users lose the ability to
destroy both the model and its controller. Specifying the
adds to these restrictions by disabling the removal of machines, relations,
applications, and units. The
all group disables the complete set of commands
that can change the configuration of a model.
To give users an idea as to why a command is disabled, an optional message argument can be passed.
For example, to prevent execution of both the
juju disable-command destroy-model "Check with SA before destruction."
If a user now attempts to destroy a protected model, they'd encounter an error similar to the following:
Destroying model ERROR cannot destroy model: Check with SA before destruction. destroy-model operation has been disabled for the current model. To enable the command run juju enable-command destroy-model
--force option supported by some commands overrides disabled commands.
To re-enable a command the
enable-command is used.
For example, to restore the commands associated with the 'destroy-model' command group:
juju enable-command destroy-model
As usual, these actions are performed against the currently selected controller and model.
To list which commands have been disabled, use
This will output will list any group that's currently disabled:
Disabled commands Message all
Note: In some cases, the disable command will only take effect after the user has logged out of Juju (
juju logout) and logged back in again (