The administrator role has the highest permission level in the system. An administrator can use all features and has access to all system data, user data, and repository data.
Admins have a number of special capabilities. Among them are the following:
Admins have the ability to create and delete user accounts from the system using the command line tools. Admins are also capable of granting or revoking administrative permissions to other accounts.
Edit Repository Details
Admins can modify repository settings, including cron jobs and secrets. Admins cannot view secrets. Admins also have the ability to increase or decrease the individual repository timeout (the default timeout is 60 minutes).
Edit Repository Trusted Flag
Admins can enable or disable trusted mode for a repository. If trusted mode is enabled, the repository pipelines have access to privileged capabilities, including the ability to start privileged containers and mount host machine volumes.
Admins have access to restricted API endpoints, including system metrics, queue management and user management endpoints.
Create the Primary Admin
When you setup the Drone server you have the ability to create the initial administrative account. If the account does not exist in the system it is automatically created on startup. This process is known as bootstrapping. This initial administrative account can be used to grant the administrator role to additional accounts.
DRONE_USER_CREATE environment variable can be used to bootstrap the initial administrator. In the below example we provide the account username (e.g. github handle) with the admin flag set to true.
If you have an existing Drone installation and you need to bootstrap an administrative user, you can provide specify an existing username. Drone will update the account and grant administrator role on server restart.
Create Additional Admins
You can create administrator accounts using the command line tools. Please see the command line tools documentation for installation instructions.
Create a new administrator account:
$ drone user create octocat --admin
Grant the administrator role to existing accounts:
$ drone user update octcat --admin