* docs: external provisioners * better wording * fix wording * fix wording in various places * keep fixing wording * add another note about template management
4.3 KiB
Users
This article walks you through the user roles available in Coder and creating and managing users.
Roles
Coder offers these user roles in the community edition:
Auditor | User Admin | Template Admin | Owner | |
---|---|---|---|---|
Add and remove Users | ✅ | ✅ | ||
Manage groups (enterprise) | ✅ | ✅ | ||
Change User roles | ✅ | |||
Manage ALL Templates | ✅ | ✅ | ||
View, update and delete ALL Workspaces | ✅ | ✅ | ||
Run external provisioners | ✅ | ✅ | ||
Execute and use ALL Workspaces | ✅ | |||
View all user operation Audit Logs | ✅ | ✅ |
A user may have one or more roles. All users have an implicit Member role that may use personal workspaces.
Security notes
A malicious Template Admin could write a template that executes commands on the host (or coder server
container), which potentially escalates their privileges or shuts down the Coder server. To avoid this, run external provisioners.
In low-trust environments, we do not recommend giving users direct access to edit templates. Instead, use CI/CD pipelines to update templates with proper security scans and code reviews in place.
Create a user
To create a user with the web UI:
- Log in as a user admin.
- Go to Users > New user.
- In the window that opens, provide the username, email, and password for the user (they can opt to change their password after their initial login).
- Click Submit to create the user.
The new user will appear in the Users list. Use the toggle to change their Roles if desired.
To create a user via the Coder CLI, run:
coder users create
When prompted, provide the username and email for the new user.
You'll receive a response that includes the following; share the instructions with the user so that they can log into Coder:
Download the Coder command line for your operating system:
https://github.com/coder/coder/releases/latest
Run coder login https://<accessURL>.coder.app to authenticate.
Your email is: email@exampleCo.com
Your password is: <redacted>
Create a workspace coder create !
Suspend a user
User admins can suspend a user, removing the user's access to Coder.
To suspend a user via the web UI:
- Go to Users.
- Find the user you want to suspend, click the vertical ellipsis to the right, and click Suspend.
- In the confirmation dialog, click Suspend.
To suspend a user via the CLI, run:
coder users suspend <username|user_id>
Confirm the user suspension by typing yes and pressing enter.
Activate a suspended user
User admins can activate a suspended user, restoring their access to Coder.
To activate a user via the web UI:
- Go to Users.
- Find the user you want to activate, click the vertical ellipsis to the right, and click Activate.
- In the confirmation dialog, click Activate.
To activate a user via the CLI, run:
coder users activate <username|user_id>
Confirm the user activation by typing yes and pressing enter.
Reset a password
To reset a user's via the web UI:
- Go to Users.
- Find the user whose password you want to reset, click the vertical ellipsis to the right, and select Reset password.
- Coder displays a temporary password that you can send to the user; copy the password and click Reset password.
Coder will prompt the user to change their temporary password immediately after logging in.
You can also reset a password via the CLI:
# run `coder reset-password <username> --help` for usage instructions
coder reset-password <username>