Admin Users

The administrator role has the highest permission level in the system. An administrator can use all features and has access to all system data, user data, and repository data.

Capabilities

Admins have a number of special capabilities. Among them are the following:

Manage Accounts

Admins have the ability to create and delete user accounts from the system using the command line tools. Admins are also capable of granting or revoking administrative permissions to other accounts.

Edit Repository Details

Admins can modify repository settings, including cron jobs and secrets. Admins cannot view secrets. Admins also have the ability to increase or decrease the individual repository timeout (the default timeout is 60 minutes).

Edit Repository Trusted Flag

Admins can enable or disable trusted mode for a repository. If trusted mode is enabled, the repository pipelines have access to privileged capabilities, including the ability to start privileged containers and mount host machine volumes.

System Endpoints

Admins have access to restricted API endpoints, including system metrics, queue management and user management endpoints.

Create the Primary Admin

When you setup the Drone server you have the ability to create the initial administrative account. If the account does not exist in the system it is automatically created on startup. This process is known as bootstrapping. This initial administrative account can be used to grant the administrator role to additional accounts.

The DRONE_USER_CREATE environment variable can be used to bootstrap the initial administrator. In the below example we provide the account username (e.g. github handle) with the admin flag set to true.

DRONE_USER_CREATE=username:octocat,admin:true

If you have an existing Drone installation and you need to bootstrap an administrative user, you can provide specify an existing username. Drone will update the account and grant administrator role on server restart.

Create Additional Admins

You can create administrator accounts using the command line tools. Please see the command line tools documentation for installation instructions.

Create a new administrator account:

$ drone user create octocat --admin

Grant the administrator role to existing accounts:

$ drone user update octcat --admin