github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-08 04:16:03 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #2143] feat: Enrich super admin and admin role by assigning their respective roles #28299

New Issue
Open
opened 2026-04-25 02:58:34 -05:00 by GiteaMirror · 3 comments
GiteaMirror commented 2026-04-25 02:58:34 -05:00
Owner
Copy Link

Originally created by @Lanhild on GitHub (May 9, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/2143

There's been a new super admin role since the 0.1.123 version to restrict user actions to other admins.

It'd be useful if model downloading/deletion were restricted to the super admin.

image

Originally created by @Lanhild on GitHub (May 9, 2024). Original GitHub issue: https://github.com/open-webui/open-webui/issues/2143 There's been a new super admin role since the `0.1.123` version to restrict user actions to other admins. It'd be useful if model downloading/deletion were restricted to the super admin. ![image](https://github.com/open-webui/open-webui/assets/73610779/fd10a0d4-d4c2-4b28-88d0-522a7ba4cdb1)
GiteaMirror commented 2026-04-25 02:58:35 -05:00
Author
Owner
Copy Link

@Lanhild commented on GitHub (May 9, 2024):

After being confused by the 2nd line;

User action buttons from the admin panel are now disabled for users with admin roles.

I discussed with another contributor about this, and thought some modifications would be necessary for this new "super admin" role

  • Make the super admin role assignable by other super admins
  • Super admin should be the only one able to see others chats, modify roles or modify users
  • "Normal" admins would preserve their current permissions, minus the latter

Below is a transcript of our conversation.

image
image

<!-- gh-comment-id:2102843561 --> @Lanhild commented on GitHub (May 9, 2024): After being confused by the 2nd line; > User action buttons from the admin panel are now disabled for users with admin roles. I discussed with another contributor about this, and thought some modifications would be necessary for this new "super admin" role - Make the super admin role assignable by other super admins - Super admin should be the only one able to see others chats, modify roles or modify users - "Normal" admins would preserve their current permissions, minus the latter Below is a transcript of our conversation. ![image](https://github.com/open-webui/open-webui/assets/73610779/90f9642a-a213-4eff-aaeb-5bd3858b89a7) ![image](https://github.com/open-webui/open-webui/assets/73610779/e13243f0-141e-4753-b743-d8d5a392278b)
GiteaMirror commented 2026-04-25 02:58:35 -05:00
Author
Owner
Copy Link

@Lanhild commented on GitHub (May 9, 2024):

@tjbck here's a link to a table describing the needs/permissions for this "Super Admin" role.

It restricts "Admin" permissions a lot, but it makes sense in the way that the "Super Admin"(s) exists, and mitigates the risk of a bad actor compromising one's WebUI instance.

https://docs.google.com/spreadsheets/d/1Zb6_aC3h-wPb7K7eVxFYO9PV0k4PAlIUKM0AxRQd_dc/edit?usp=sharing

Anyhow, once we have the role for that, it'll be easier in the future to allow/restrict other features.

<!-- gh-comment-id:2102967278 --> @Lanhild commented on GitHub (May 9, 2024): @tjbck here's a link to a table describing the needs/permissions for this "Super Admin" role. It restricts "Admin" permissions a lot, but it makes sense in the way that the "Super Admin"(s) exists, and mitigates the risk of a bad actor compromising one's WebUI instance. https://docs.google.com/spreadsheets/d/1Zb6_aC3h-wPb7K7eVxFYO9PV0k4PAlIUKM0AxRQd_dc/edit?usp=sharing Anyhow, once we have the role for that, it'll be easier in the future to allow/restrict other features.
GiteaMirror commented 2026-04-25 02:58:36 -05:00
Author
Owner
Copy Link

@elipinals12 commented on GitHub (Jan 27, 2025):

Not sure if this is mentioned elsewhere, I did look but couldn't find any mention, for some reason the only way to change the super admin's email is by editing their profile through a normal admin's account? It's funny a super admin doesn't have the priv to edit their own email but a normal admin can edit the super admin's email for them...

<!-- gh-comment-id:2616606190 --> @elipinals12 commented on GitHub (Jan 27, 2025): Not sure if this is mentioned elsewhere, I did look but couldn't find any mention, for some reason the only way to change the super admin's email is by editing their profile through a normal admin's account? It's funny a super admin doesn't have the priv to edit their own email but a normal admin can edit the super admin's email for them...
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#28299
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?