[GH-ISSUE #17957] feat: Align Model Configuration Logic for External Tools and Internal Features/Capabilities (WebSearch, Code Execution, Image Generation.) #18447

New Issue

Closed

opened 2026-04-20 00:40:11 -05:00 by GiteaMirror · 1 comment

GiteaMirror commented 2026-04-20 00:40:11 -05:00

Owner

Copy Link

Originally created by @Maximilian-Pichler on GitHub (Oct 1, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/17957

Check Existing Issues

• I have searched the existing issues and discussions.

Problem Description

Currently, internal features such as WebSearch, Image Generation, and Code Interpreter support a permission and model-based activation logic:

If a user has access to a feature (e.g., WebSearch) but the feature is disabled for a particular model, the user cannot activate or use that feature with this model, even if they have global permission.
For external tools (e.g., custom integrations like MCP server, Confluence access, etc.), the behavior is different:

If a user has permission for an external tool, they can use it with any model, regardless of model configuration. This means external tools are not limited or managed at the model level like internal features.

Desired Solution you'd like

Introduce logic at the model level that enables admins to:

• Model-level Enable/Disable: Admins should be able to enable or disable external tools for each model, just as they currently do for internal features.
• Default Activation: It should be possible to configure external tools to be enabled or disabled by default per model, but always subject to both the user’s global permission and the model configuration.
• Consistent Permission Enforcement: If a user has global permission for an external tool, but the tool is disabled for a specific model, the user should NOT be able to use that tool with this model.
• Central Management: Admins should have a clear overview and central control over which internal and external tools are available for which models, including the ability to set defaults.

Benefits:

• Brings clarity and consistency to feature/tool governance.
• Prevents users from bypassing tool limitations imposed by model configurations.
• Supports compliance and security requirements for sensitive or powerful integrations.
• Simplifies user expectations: “If it’s not enabled for the model, it’s not available, even if I have access.”

Implementation Suggestions:

• Extend the model configuration UI and backend logic to support external tool assignment and defaults, similar to internal features.
• Update the tool availability logic to require: (user has permission) AND (tool is enabled for the chosen model).
• Optional / For Backwards Compatibility:
  • Implement a general tools_allowed attribute/option for models.
  • If this is set, the system behaves as it does today (all tools allowed based on user permission).
  • If absent, only tools that are checked are allowed.

Examples:

• User X has permission for Tool A (external), WebSearch, and File Upload.
• Model “Standard” allows WebSearch and Tool A, but disables File Upload.
• Model “Internal Only” allows File Upload but not Tool A or WebSearch.
• User X can only use Tool A with “Standard”, not with “Internal Only”, regardless of global permission.

Alternatives Considered

As an alternative, we have considered implementing this functionality via custom pipelines that could enforce the described logic. However, integrating these rules natively at the model configuration level would lead to a more user-friendly, maintainable, and transparent solution, reducing the complexity and potential for configuration errors.

Additional Context

No response

Originally created by @Maximilian-Pichler on GitHub (Oct 1, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/17957 ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description Currently, internal features such as WebSearch, Image Generation, and Code Interpreter support a permission and model-based activation logic: If a user has access to a feature (e.g., WebSearch) but the feature is disabled for a particular model, the user cannot activate or use that feature with this model, even if they have global permission. For external tools (e.g., custom integrations like MCP server, Confluence access, etc.), the behavior is different: If a user has permission for an external tool, they can use it with any model, regardless of model configuration. This means external tools are not limited or managed at the model level like internal features. ### Desired Solution you'd like **Introduce logic at the model level that enables admins to:** - Model-level Enable/Disable: Admins should be able to enable or disable external tools for each model, just as they currently do for internal features. - Default Activation: It should be possible to configure external tools to be enabled or disabled by default per model, but always subject to both the user’s global permission and the model configuration. - Consistent Permission Enforcement: If a user has global permission for an external tool, but the tool is disabled for a specific model, the user should NOT be able to use that tool with this model. - Central Management: Admins should have a clear overview and central control over which internal and external tools are available for which models, including the ability to set defaults. **Benefits**: - Brings clarity and consistency to feature/tool governance. - Prevents users from bypassing tool limitations imposed by model configurations. - Supports compliance and security requirements for sensitive or powerful integrations. - Simplifies user expectations: “If it’s not enabled for the model, it’s not available, even if I have access.” **Implementation Suggestions:** - Extend the model configuration UI and backend logic to support external tool assignment and defaults, similar to internal features. - Update the tool availability logic to require: (user has permission) AND (tool is enabled for the chosen model). - Optional / For Backwards Compatibility: - Implement a general tools_allowed attribute/option for models. - If this is set, the system behaves as it does today (all tools allowed based on user permission). - If absent, only tools that are checked are allowed. **Examples**: - User X has permission for Tool A (external), WebSearch, and File Upload. - Model “Standard” allows WebSearch and Tool A, but disables File Upload. - Model “Internal Only” allows File Upload but not Tool A or WebSearch. - User X can only use Tool A with “Standard”, not with “Internal Only”, regardless of global permission. ### Alternatives Considered As an alternative, we have considered implementing this functionality via custom pipelines that could enforce the described logic. However, integrating these rules natively at the model configuration level would lead to a more user-friendly, maintainable, and transparent solution, reducing the complexity and potential for configuration errors. ### Additional Context _No response_

GiteaMirror closed this issue 2026-04-20 00:40:12 -05:00

GiteaMirror commented 2026-04-20 00:40:13 -05:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Oct 2, 2025):

Intended behaviour here. Model config will always supersede user level permissions.

<!-- gh-comment-id:3358593242 --> @tjbck commented on GitHub (Oct 2, 2025): Intended behaviour here. Model config will always supersede user level permissions.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#18447