The administrator role, or admin, is that with the highest permission level. Admins can use all features and have access to all system data, user data, and repository data. This article describes how to create admin accounts and what admins can do.
When you setup the Drone server you have the ability to create the initial administrative account. If the account does not exist in the system it is automatically created on startup. This process is known as bootstrapping. This initial administrative account can be used to grant the administrator role to additional accounts.
DRONE_USER_CREATE environment variable can be used to bootstrap the initial administrator. In the below example we provide the account username (e.g. github handle) with the admin flag set to true.
If you have an existing Drone installation and you need to bootstrap an administrative user, you can provide specify an existing username. Drone will update the account and grant administrator role on server restart.
Admins have a number of special capabilities. Among them are the following:
Admins have the ability to create and delete user accounts from the system using the command line tools. Admins are also capable of granting or revoking administrative permissions to other accounts.
Edit Repository Details
Admins can modify repository settings, including cron jobs and secrets. Admins cannot view secrets. Admins also have the ability to increase or decrease the individual repository timeout (the default timeout is 60 minutes).
Edit Repository Trusted Flag
Admins can enable or disable trusted mode for a repository. If trusted mode is enabled, the repository pipelines have access to privileged capabilities, including the ability to start privileged containers and mount host machine volumes.
Admins have access to restricted API endpoints, including system metrics, queue management and user management endpoints.