mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-15 21:19:39 -05:00
[GH-ISSUE #24829] issue: Public workspace model alias fails with "model not found" when base model is private (regression from v0.8.6) #123718
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @mikisseth on GitHub (May 17, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/24829
Check Existing Issues
Installation Method
Docker
Open WebUI Version
v0.9.5 (broken) v0.8.6 (last known working)
Ollama Version (if applicable)
vllm v0.20.1
Operating System
Linux
Browser (if applicable)
Chrome
Confirmation
README.md.Expected Behavior
Before upgrading, we used public workspace models as user-facing aliases
pointing to private (admin-only) base models. Users would see and use the
public alias, while the real underlying model stayed hidden from the model
selector. This pattern worked correctly in v0.8.6.
Actual Behavior
After upgrading to v0.9.5, sending a message with any such alias fails with
a "model not found" error. The error disappears only if the base model is
also made public — which defeats the purpose of the alias pattern, as users
then see both the alias and the raw base model in the selector.
This appears to be a regression in how access control is enforced during
model resolution. Previously the public alias acted as the access boundary.
Now the backend re-checks the requesting user's permissions against the base
model at completion time, causing the failure.
Steps to Reproduce
Set its visibility to Private (admin-only).
Set this workspace model to Public.
Expected: The message completes successfully using the underlying base model.
Actual: The request fails with "model not found" (HTTP 400/404).
Logs & Screenshots
With Admin user:


Behaviour for normal user:

Additional Information
Workaround
Making the base model public resolves the error, but exposes it in every
user's model selector alongside the alias — which is undesirable in
organizations that want to hide implementation details from end users.
Related issues
@owui-terminator[bot] commented on GitHub (May 17, 2026):
🔍 Related Issues Found
I found some existing issues that might be related. Please check if any of these are duplicates or contain helpful solutions:
🟣 #23946 issue: 400 Model not found for Workspace Models whose base models are not available to the user
Directly matches the regression: a workspace model is listed, but chat returns 400/404 'model not found' unless users also have access to the underlying base model. The new issue describes the same access-control failure for a public alias over a private base model.
by itsHenry35 ·
bug🟣 #24043 issue: Public custom models fail if base model connection is restricted
This reports the same core behavior for public custom models: the model is visible, but completion fails because backend access checks are applied to the hidden base model/connection. It is effectively the same regression described here, just with a provider connection example.
by jotaperez3 ·
bug🟣 #24175 issue: Model access issue with private base models (works with older models, fails with newer ones)
Closely related regression report that newer models/custom wrappers require the base model to be public, while older ones worked. It points to the same chained base-model access check breaking wrapper/alias usage.
by Teimetues ·
bug🟣 #24647 feat: allow the bypassing of the chained base model check
This feature request is about bypassing the chained base model check introduced in v0.9, which is the exact mechanism causing the public workspace alias to fail against a private base model.
by JIW-roosi
🟣 #11237 issue: Models defined by user from workspace has 404 model not found if foundation model is not available for admin
Older but structurally similar: a workspace-defined model returns 404 when the foundation/base model is unavailable to the admin, indicating the same class of model-resolution/access-control problem.
by Oaklight ·
bug💡 If your issue is a duplicate, please close it and add any additional details to the existing issue instead.
This comment was generated automatically. React with 👍 if helpful, 👎 if not.
@mikisseth commented on GitHub (May 17, 2026):
I can see this is a duplicate of #24134
The suggested solution of hiding the base model is sufficient for me. I will close this issue