From d403cabfa0fa11049bf1ac8034b25c9e12fe9c74 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Sat, 20 Dec 2025 20:15:28 +0100 Subject: [PATCH] update rbac --- docs/features/rbac/index.mdx | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/docs/features/rbac/index.mdx b/docs/features/rbac/index.mdx index 656d018b..65b1cae6 100644 --- a/docs/features/rbac/index.mdx +++ b/docs/features/rbac/index.mdx @@ -3,9 +3,28 @@ sidebar_position: 100 title: "Role-Based Access Control (RBAC)" --- -## Access Control -- [‍🔑 Roles](./roles.md) - The roles defined in Open WebUI -- [‍🔐 Groups](./groups.md) - Setup groups of users to share access to resources -- [🔒 Permissions](./permissions.md) - Configure access controls and feature availability +Open WebUI implements a flexible and secure **Role-Based Access Control (RBAC)** system. This system allows administrators to precisely manage user capabilities and access to resources through three interconnected layers: -Roles, groups and permissions are designed to work together to provide a finegrained model for controlling user access to individual resources. +1. [**Roles**](./roles.md): The high-level user type (Admin, User, Pending). This defines the baseline trust level. +2. [**Permissions**](./permissions.md): Granular feature flags (e.g., "Can Delete Chats", "Can Use Web Search"). +3. [**Groups**](./groups.md): The mechanism for organizing users, granting additional permissions, and managing shared access to resources (ACLs). + +:::info Key Concept: Additive Permissions +The security model is **Additive**. Users start with their default rights, and Group memberships **add** capabilities. A user effectively has the *union* of all rights granted by their Roles and Groups. +::: + +## Documentation Guide + +* [‍🔑 **Roles**](./roles.md) + * Understand the difference between Admins and Users. + * Learn about Admin limitations and security/privacy configurations. + +* [🔒 **Permissions**](./permissions.md) + * Explore the full list of available permission toggles. + * Understand granular controls for Chat, Workspace, and Features. + * **Security Tip**: Learn how properly configured Global Defaults protect your system. + +* [‍🔐 **Groups**](./groups.md) + * Learn how to structure teams and projects. + * **Strategy**: Distinguish between "Permission Groups" (for rights) and "Sharing Groups" (for access). + * Manage Access Control Lists (ACLs) for private Models and Knowledge.