mirror of
https://github.com/open-webui/open-webui.git
synced 2026-05-06 19:08:59 -05:00
[GH-ISSUE #2924] feat: user group/teams #51735
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/open-webui#51735
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @tjbck on GitHub (Jun 8, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/2924
Originally assigned to: @tjbck on GitHub.
user group
https://github.com/open-webui/open-webui/issues/1096
@mindspawn commented on GitHub (Jun 9, 2024):
So glad to see a 0.4.0 target release :) can't wait.
@mindspawn commented on GitHub (Jun 9, 2024):
Hopefully the notion of teams propagates to chromadb queries as well so that each team can have its own set of documents. Also having a way to have some documents shared among all teams would also be great.
@tjbck commented on GitHub (Jun 9, 2024):
might get delayed to v0.5.0 depending on my availability 😅
@mindspawn commented on GitHub (Jun 9, 2024):
haha. No worries. Completely understandable :)
@jannikstdl commented on GitHub (Jun 10, 2024):
Related #715
@Moisebala commented on GitHub (Jul 15, 2024):
Implements a new access control system that allows for granular permissions on specific models without granting full admin rights to users. The main features should include:
This feature must enhances security and flexibility by allowing administrators to grant limited access to certain models or functionalities without compromising overall system integrity. It addresses the need for more nuanced user roles beyond the binary admin/non-admin distinction.
@kelvinq commented on GitHub (Aug 8, 2024):
We may consider how AnythingLLM (https://github.com/Mintplex-Labs/anything-llm) implements it:
These enables the implementation to be used by multiple teams ("departments", "user roles", "user groups") according to their unique usecases and respecting the differing data policies.
For your consideration @tjbck and thank you for adding details @Moisebala
@flefevre commented on GitHub (Aug 8, 2024):
Thanks for these elements.
If I may add something about anythingllm, there is a small default since
there is a missing role.
Admin user of the platform: ok
Basic user : ok
ManagerS of a workspace: missing
This role should enable to manage some internal parameters: inference and
embedding model, vectorisation and document set etc...
It will be great to be able to add in the workspace 'non human user' such
as assistant.
What is key, it is to have a secure design where each data workspace is
separated, no share vector database.
François , from Paris 2024
Le jeu. 8 août 2024, 07:15, Kelvin Quee @.***> a écrit :
@thiswillbeyourgithub commented on GitHub (Aug 27, 2024):
I don't know if you've settled on a UI for teams and permissions but I just wanted to illustrate for example what paperless-ngx is doing:
@RobinBially commented on GitHub (Sep 17, 2024):
I have now implemented a workspace feature myself. This allows any user to have completely separate OpenWebUI instances with their own team members who can be imported from the main workspace.
https://github.com/user-attachments/assets/0eed0a15-2512-438d-821d-f12c73b685bf
@tjbck commented on GitHub (Nov 17, 2024):
This feature has been implemented on dev branch, a lot of testing wanted here!
@meetzuber commented on GitHub (Nov 17, 2024):
Hi @tjbck
While testing I found issue related to workspace permission.
but when I try to open models page directly from url it redirects to home page. The permission issue only come when we click on workspace link.
Also if normal user create a private model and do not add any group to the model. user can not use that model. user should have by default access to the model. also there should be an option to give access to individual users apart from group.
@meetzuber commented on GitHub (Nov 17, 2024):
Hi I also found issue while uploading docs in collection. not sure if it is related to this or some issue. Please check the logs below.
@tjbck commented on GitHub (Nov 17, 2024):
@meetzuber both should be fixed, let me know if the issue persists!
As for the individual user access control option, I plan on adding support for it soon after 0.4 is out, stay tuned!
@meetzuber commented on GitHub (Nov 17, 2024):
@tjbck Above reported issues are fixed. Please check below issues.
example situation:
User X created a knowledge base and uploaded multiple docs. now user X is sifted to other team or department and he should not have access to that knowledge base. As admin removed User X from the the group but still user X is able to access all knowledge base and Admin can not verify if user X is having the access or not. As per Admin dashboard user do not have access to KB, but user still have access to the KB.
This situation can be handled KB owner where admin can change owner and remove all access from the user. and can also see who is the owner on KB and verify the access. This is applicable to other objects like Model, Tools and Prompt.
I current implementation no can tell who created KB/Model and have by default access to that component (KB, Model, Tool or prompt).
@linuxrrze commented on GitHub (Nov 17, 2024):
I've been using openwebui with WEBUI_AUTH_TRUSTED* authentication and postgres database for some time now.
And I was amazed to see first version with group support, so I upgraded to the dev branch.
However since doing so I can no longer login:
I suppose the relevant error message is:
psycopg2.errors.UndefinedFunction: operator does not exist: json ~~ text
LINE 3: WHERE ("group".user_ids LIKE '%' || '["abae27ac-159b-41f5-a6...
I also tried the dev branch with an empty postgres database, the error stayed the same.
Starting with an empty sqlite database worked however.
Maybe some kind of special SQL handling from postgres (json <-> text type) ?
@meetzuber commented on GitHub (Nov 17, 2024):
@tjbck another issue while using base model with non admin user. I non admin user trying to chat using public base model gets below error. while working for for admin user.
Logs:
@meetzuber commented on GitHub (Nov 17, 2024):
@tjbck There is no playground access to non-admin users. Can we have option to enable playground in group permissions. Giving admin rights just for playground access is not a good idea.
@tjbck commented on GitHub (Nov 17, 2024):
@meetzuber Both issues should be fixed, let me know issue persists.
After careful consideration, I've decided that the playground feature will not be made available to general users at this time. We may consider adding more granular permissions for it when the feature is more refined, but as of now, it's far from being ready for wider access.
Also, please be mindful of how you communicate with everyone. We're here to collaborate, not to serve demands. Additionally, avoid spamming the thread—make use of the edit feature instead of posting repeatedly.
@tjbck commented on GitHub (Nov 17, 2024):
@linuxrrze should be addressed with #6996, let me know if the issue persists!
@linuxrrze commented on GitHub (Nov 18, 2024):
@tjbck login works again - thank you for the super-fast solution!
@haseebsultankhan commented on GitHub (Nov 18, 2024):
Apologies for a such a basic question.
@tjbck , Should i just clone the dev branch and run with docker. That will have a teams/users feature?
Ollama is already installed in my system and models are also downloaded
@sebdanielsson commented on GitHub (Nov 18, 2024):
If you're using Docker you only need to make sure that you use the dev tag, and make sure to pull the latest dev image from time to time.
@Bleckert72 commented on GitHub (Dec 12, 2024):
Hello fantastic team!
I'm new here but we use Open WebUI with greate sucess. The update with groups are good. But I miss the feature of cloning a public model.
The usecase is:
I as admin have created a model. I have created a group thar are allowed to create models, but when they login they do not see my models, i.e., they can not clode it and add there features.
Perhaps I would like to have two levels, one for contributers and one for contributers and access to modify my models, I do not want to make them Admin to get all thoses settings.
Can I already do this? Or can this be a feature in the backlog?
@Wadera commented on GitHub (Dec 12, 2024):
I've got it working this way:
And then in Admin settings -> Models
I've set base models as private with access only for Models Creators group:
This way - ordinary users can only see models I've created and assigned to them in my Workspace, example:
But Few smart people can see base models as well and they are able to create new ones and share them with other people (or keep them private) in their work spaces as well.
Is that what you are looking for?
@Wadera commented on GitHub (Dec 12, 2024):
Other groups I've got (minus a few more private which I've hidden) maybe it would inspire you for more granular management:
This way - people can create models and knowledge bases and share them only within only people they intent to share (it's a shame that we can share it only with groups, but not with individual users).
@Bleckert72 commented on GitHub (Dec 19, 2024):
@Wadera Many thanks, Yes, this is the way.
@flefevre commented on GitHub (Dec 19, 2024):
I have created a discussion on how to improve group management for the version 2 here https://github.com/open-webui/open-webui/discussions/7928
perhaps somes ideas are good others bad.
@mason-chase commented on GitHub (Dec 21, 2024):
@tjbck
Hi Tim,
Great work on open-webui
May I ask what is the reason for excluding the playground? if it's technical,
will you accept a PR if the feature is added to granular permission?
Cheers
Mason
@bobkumar-online commented on GitHub (Apr 8, 2025):
First off, Great Work. Love this platform.
Has there been any progress of getting multiple workspaces added as an added feature into the main branch? Would love to see this effort continue to move forward.