mirror of
https://github.com/open-webui/docs.git
synced 2026-01-03 18:26:47 +07:00
31 lines
1.6 KiB
Plaintext
31 lines
1.6 KiB
Plaintext
---
|
|
sidebar_position: 100
|
|
title: "Role-Based Access Control (RBAC)"
|
|
---
|
|
|
|
Open WebUI implements a flexible and secure **Role-Based Access Control (RBAC)** system. This system allows administrators to precisely manage user capabilities and access to resources through three interconnected layers:
|
|
|
|
1. [**Roles**](./roles.md): The high-level user type (Admin, User, Pending). This defines the baseline trust level.
|
|
2. [**Permissions**](./permissions.md): Granular feature flags (e.g., "Can Delete Chats", "Can Use Web Search").
|
|
3. [**Groups**](./groups.md): The mechanism for organizing users, granting additional permissions, and managing shared access to resources (ACLs).
|
|
|
|
:::info Key Concept: Additive Permissions
|
|
The security model is **Additive**. Users start with their default rights, and Group memberships **add** capabilities. A user effectively has the *union* of all rights granted by their Roles and Groups.
|
|
:::
|
|
|
|
## Documentation Guide
|
|
|
|
* [🔑 **Roles**](./roles.md)
|
|
* Understand the difference between Admins and Users.
|
|
* Learn about Admin limitations and security/privacy configurations.
|
|
|
|
* [🔒 **Permissions**](./permissions.md)
|
|
* Explore the full list of available permission toggles.
|
|
* Understand granular controls for Chat, Workspace, and Features.
|
|
* **Security Tip**: Learn how properly configured Global Defaults protect your system.
|
|
|
|
* [🔐 **Groups**](./groups.md)
|
|
* Learn how to structure teams and projects.
|
|
* **Strategy**: Distinguish between "Permission Groups" (for rights) and "Sharing Groups" (for access).
|
|
* Manage Access Control Lists (ACLs) for private Models and Knowledge.
|