This article walks you through the user roles available in Coder and creating and managing users.
Coder offers these user roles in the community edition:
|Auditor||User Admin||Template Admin||Owner|
|Add and remove Users||✅||✅|
|Manage groups (enterprise)||✅||✅|
|Change User roles||✅|
|Manage ALL Templates||✅||✅|
|View, update and delete ALL Workspaces||✅||✅|
|Run external provisioners||✅||✅|
|Execute and use ALL Workspaces||✅|
|View all user operation Audit Logs||✅||✅|
A user may have one or more roles. All users have an implicit Member role that may use personal workspaces.
A malicious Template Admin could write a template that executes commands on the host (or
coder server container), which potentially escalates their privileges or shuts down the Coder server. To avoid this, run external provisioners.
In low-trust environments, we do not recommend giving users direct access to edit templates. Instead, use CI/CD pipelines to update templates with proper security scans and code reviews in place.
Create a user
To create a user with the web UI:
- Log in as a user admin.
- Go to Users > New user.
- In the window that opens, provide the username, email, and password for the user (they can opt to change their password after their initial login).
- Click Submit to create the user.
The new user will appear in the Users list. Use the toggle to change their Roles if desired.
To create a user via the Coder CLI, run:
coder users create
When prompted, provide the username and email for the new user.
You'll receive a response that includes the following; share the instructions with the user so that they can log into Coder:
Download the Coder command line for your operating system: https://github.com/coder/coder/releases/latest Run coder login https://<accessURL>.coder.app to authenticate. Your email is: [email protected] Your password is: <redacted> Create a workspace coder create !
Suspend a user
User admins can suspend a user, removing the user's access to Coder.
To suspend a user via the web UI:
- Go to Users.
- Find the user you want to suspend, click the vertical ellipsis to the right, and click Suspend.
- In the confirmation dialog, click Suspend.
To suspend a user via the CLI, run:
coder users suspend <username|user_id>
Confirm the user suspension by typing yes and pressing enter.
Activate a suspended user
User admins can activate a suspended user, restoring their access to Coder.
To activate a user via the web UI:
- Go to Users.
- Find the user you want to activate, click the vertical ellipsis to the right, and click Activate.
- In the confirmation dialog, click Activate.
To activate a user via the CLI, run:
coder users activate <username|user_id>
Confirm the user activation by typing yes and pressing enter.
Reset a password
To reset a user's via the web UI:
- Go to Users.
- Find the user whose password you want to reset, click the vertical ellipsis to the right, and select Reset password.
- Coder displays a temporary password that you can send to the user; copy the password and click Reset password.
Coder will prompt the user to change their temporary password immediately after logging in.
You can also reset a password via the CLI:
run `coder reset-password <username> --help` for usage instructions coder reset-password <username>