From d0a485f8aab1b4e2bf7cea3356fe825120b5b4cc Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Sat, 24 Aug 2024 17:01:39 +0530
Subject: [PATCH] [docs] Document first user as admin

https://github.com/ente-io/ente/pull/2869/
---
 docs/docs/self-hosting/faq/index.md    |  7 +++++++
 docs/docs/self-hosting/guides/admin.md | 27 ++++++++++++++++++++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/docs/docs/self-hosting/faq/index.md b/docs/docs/self-hosting/faq/index.md
index 622e74a242..b1f0c0d311 100644
--- a/docs/docs/self-hosting/faq/index.md
+++ b/docs/docs/self-hosting/faq/index.md
@@ -31,3 +31,10 @@ particular, you can use the `ente admin update-subscription` CLI command to
 increase the
 [storage and account validity](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_admin_update-subscription.md)
 of accounts on your instance.
+
+### How can I become an admin on my self hosted instance?
+
+The first user you create on your instance is treated as an admin.
+
+If you want, you can modify this behaviour by providing an explicit list of
+admins in the [configuration](/self-hosting/guides/admin#becoming-an-admin).
diff --git a/docs/docs/self-hosting/guides/admin.md b/docs/docs/self-hosting/guides/admin.md
index 92f52a91f0..c138eb4c33 100644
--- a/docs/docs/self-hosting/guides/admin.md
+++ b/docs/docs/self-hosting/guides/admin.md
@@ -24,8 +24,31 @@ and subsequently increase the
 [storage and account validity](https://github.com/ente-io/ente/blob/main/cli/docs/generated/ente_admin_update-subscription.md)
 using the CLI.
 
-For security purposes, we need to whitelist the user IDs that can perform admin
-actions on the server. To do this,
+> [!NOTE]
+>
+> The CLI command to add an account does not create Ente accounts. It only adds
+> existing accounts to the list of (existing) accounts that the CLI can use.
+
+## Becoming an admin
+
+By default, the first user (and only the first user) created on the system is
+considered as an admin.
+
+This facility is provided as a convenience for people who are getting started
+with self hosting. For more serious deployments, we recommend creating an
+explicit whitelist of admins.
+
+> [!NOTE]
+>
+> The first user is only treated as the admin if there are the list of admins in
+> the configuration is empty.
+>
+> Also, if at some point you delete the first user, then you will need to define
+> a whitelist to make some other user as the admin if you wish (since the first
+> account has been deleted).
+
+To whitelist the user IDs that can perform admin actions on the server, use the
+following steps:
 
 -   Create a `museum.yaml` in the directory where you're starting museum from.
     For example, if you're running using `docker compose up`, then this file