There is one group of users, called “Admins”, which have elevated powers. This includes:

  • They have an “Admin” tab at the top right.

  • There, they can configure settings of the server in “Site Settings” – i.e. those values, which are not set in the globals.settings dict in your my-values.yaml config file.

  • Create/modify Licenses.

  • Manage “Registration Tokens”.

  • Open any project.

  • Adjust resources of individual projects: open a project → Upgrades → “Admin Quota Editor” → “Edit”.

  • Impersonate any user to give support, debugging issues, etc.: Admin → “User Search”.

  • Access more detailed information via “CRM” files: create them with the ending *.cocalc-crm.

Elevate privileges

If you created an admin via the Admin Setup, but you want more users to have that role, you have to modify the database directly. Note, for security reasons (lack of monitoring/oversight), there is no control for admins to elect other users as admins.

UPDATE accounts SET groups='{admin}' WHERE email_address='[email protected]'

or by account id:

UPDATE accounts SET groups='{admin}' WHERE account_id='Account-UUID-XYZ-ABC'


To remove someone from the admin group:

UPDATE accounts SET groups=NULL
WHERE email_address='[email protected]'
-- or, see above
WHERE account_id='Account-UUID-XYZ-ABC'


It’s also a good practice, to wrap such statements in a transaction.

Create accounts

If those additional accounts for admins do not exist yet, you can either create these accounts via the API or directly via the database as well. In the latter case, you have to make sure the email_address field is unique and other setup actions will not run – which is fine, if you just want a brand new account on a fresh setup.

INSERT INTO accounts (account_id, first_name, last_name, email_address, creation_actions_done, created)
VALUES (gen_random_uuid(), 'Foo', 'Bar', '[email protected]', TRUE, NOW())

To set a password, it’s probably best to trigger a password reset or tell the user to open the path: /auth/password-reset.