Administrators

The administrator role has the highest permission level in the system. An administrator can use all features and has access to all system data, user data, and repository data.

Capabilities

Admins have a number of special capabilities. Among them are the following:

  • Manage Accounts
    Admins have the ability to create and delete user accounts from the system using the command line tools. Admins are also capable of granting or revoking administrative permissions to other accounts.
  • Edit Repository Details
    Admins can modify repository settings, including cron jobs and secrets. Admins cannot view secrets. Admins also have the ability to increase or decrease the individual repository timeout (the default timeout is 60 minutes).
  • Edit Repository Trusted Flag
    Admins can enable or disable trusted mode for a repository. If trusted mode is enabled, the repository pipelines have access to privileged capabilities, including the ability to start privileged containers and mount host machine volumes.
  • System Endpoints
    Admins have access to restricted API endpoints, including system metrics, queue management and user management endpoints.

Admins cannot perform the following tasks:

  • Enable Any Repository
    Admins cannot enable repositories unless they have admin access to the repository in the source control management system (e.g. github). Admin access to the repository is required in order to register webhooks.

Create the Primary Admin

When you configure the Drone server you can create the initial administrative account by passing the below environment variable, which defines the account username (e.g. github handle) and admin flag set to true.

DRONE_USER_CREATE=username:octocat,admin:true

If you need to grant the primary administrative role to an existing user, you can provide an existing username. Drone will update the account and grant administrator role on server restart.

Create Additional Admins

You can create administrator accounts using the command line tools. Please see the command line tools documentation for installation instructions.

  • Create a new administrator account:

    $ drone user create octocat --admin
    
  • Or grant the administrator role to existing accounts:

    $ drone user update octocat --admin