diff --git a/docs/features/workspace/index.mdx b/docs/features/workspace/index.mdx index 5b8b066..2f9a24e 100644 --- a/docs/features/workspace/index.mdx +++ b/docs/features/workspace/index.mdx @@ -3,4 +3,11 @@ sidebar_position: 0 title: "🖥️ Workspace" --- -COMING SOON! +The Workspace in Open WebUI provides a comprehensive environment for managing your AI interactions and configurations. It consists of several key components: + +- [🤖 Models](./models.md) - Create and manage custom models tailored to specific purposes +- [📚 Knowledge](./knowledge.md) - Manage your knowledge bases for retrieval augmented generation +- [📝 Prompts](./prompts.md) - Create and organize reusable prompts +- [🔒 Permissions](./permissions.md) - Configure access controls and feature availability + +Each section of the Workspace is designed to give you fine-grained control over your Open WebUI experience, allowing for customization and optimization of your AI interactions. diff --git a/docs/features/workspace/permissions.md b/docs/features/workspace/permissions.md new file mode 100644 index 0000000..ad1f4e4 --- /dev/null +++ b/docs/features/workspace/permissions.md @@ -0,0 +1,61 @@ +--- +sidebar_position: 3 +title: "🔒 Permissions" +--- + +The `Permissions` section of the `Workspace` within Open WebUI allows administrators to configure access controls and feature availability for users. This powerful system enables fine-grained control over what users can access and modify within the application. + +## Workspace Permissions + +Workspace permissions control access to core components of the Open WebUI platform: + +* **Models Access**: Toggle to allow users to access and manage custom models. (Environment variable: `USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS`) +* **Knowledge Access**: Toggle to allow users to access and manage knowledge bases. (Environment variable: `USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ACCESS`) +* **Prompts Access**: Toggle to allow users to access and manage saved prompts. (Environment variable: `USER_PERMISSIONS_WORKSPACE_PROMPTS_ACCESS`) +* **Tools Access**: Toggle to allow users to access and manage tools. (Environment variable: `USER_PERMISSIONS_WORKSPACE_TOOLS_ACCESS`) *Note: Enabling this gives users the ability to upload arbitrary code to the server.* + +## Chat Permissions + +Chat permissions determine what actions users can perform within chat conversations: + +* **Allow Chat Controls**: Toggle to enable access to chat control options. +* **Allow File Upload**: Toggle to permit users to upload files during chat sessions. (Environment variable: `USER_PERMISSIONS_CHAT_FILE_UPLOAD`) +* **Allow Chat Delete**: Toggle to permit users to delete chat conversations. (Environment variable: `USER_PERMISSIONS_CHAT_DELETE`) +* **Allow Chat Edit**: Toggle to permit users to edit messages in chat conversations. (Environment variable: `USER_PERMISSIONS_CHAT_EDIT`) +* **Allow Temporary Chat**: Toggle to permit users to create temporary chat sessions. (Environment variable: `USER_PERMISSIONS_CHAT_TEMPORARY`) + +## Features Permissions + +Features permissions control access to specialized capabilities within Open WebUI: + +* **Web Search**: Toggle to allow users to perform web searches during chat sessions. (Environment variable: `ENABLE_RAG_WEB_SEARCH`) +* **Image Generation**: Toggle to allow users to generate images. (Environment variable: `ENABLE_IMAGE_GENERATION`) +* **Code Interpreter**: Toggle to allow users to use the code interpreter feature. + +## Default Permission Settings + +By default, Open WebUI applies the following permission settings: + +**Workspace Permissions**: +- Models Access: Disabled (`USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS=False`) +- Knowledge Access: Disabled (`USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ACCESS=False`) +- Prompts Access: Disabled (`USER_PERMISSIONS_WORKSPACE_PROMPTS_ACCESS=False`) +- Tools Access: Disabled (`USER_PERMISSIONS_WORKSPACE_TOOLS_ACCESS=False`) + +**Chat Permissions**: +- Allow Chat Controls: Enabled +- Allow File Upload: Enabled (`USER_PERMISSIONS_CHAT_FILE_UPLOAD=True`) +- Allow Chat Delete: Enabled (`USER_PERMISSIONS_CHAT_DELETE=True`) +- Allow Chat Edit: Enabled (`USER_PERMISSIONS_CHAT_EDIT=True`) +- Allow Temporary Chat: Enabled (`USER_PERMISSIONS_CHAT_TEMPORARY=True`) + +**Features Permissions**: +- Web Search: Enabled (`ENABLE_RAG_WEB_SEARCH=True`) +- Image Generation: Enabled (`ENABLE_IMAGE_GENERATION=True`) +- Code Interpreter: Enabled + +## Managing Permissions + +Administrators can adjust these permissions through the user interface or by setting the corresponding environment variables in the configuration. All permission-related environment variables are marked as `PersistentConfig` variables, meaning they are stored internally after the first launch and can be managed through the Open WebUI interface. + +This flexibility allows organizations to implement security policies while still providing users with the tools they need. For more detailed information about environment variables related to permissions, see the [Environment Variable Configuration](../../getting-started/env-configuration.md#workspace-permissions) documentation. diff --git a/docs/getting-started/env-configuration.md b/docs/getting-started/env-configuration.md index c486dff..eb0363d 100644 --- a/docs/getting-started/env-configuration.md +++ b/docs/getting-started/env-configuration.md @@ -682,6 +682,12 @@ directly. Ensure that no users are present in the database, if you intend to tur - Docker Default: Randomly generated on first start - Description: Overrides the randomly generated string used for JSON Web Token. +:::info + +When deploying Open-WebUI in a multiple node cluster with a load balancer, you must ensure that the WEBUI_SECRET_KEY value is the same across all instances in order to enable users to continue working if a node is recycled or their session is transferred to a different node. Without it, they will need to sign in again each time the underlying node changes. + +::: + #### `OFFLINE_MODE` - Type: `bool`