At the moment everyone has the admin role, that's not ideal. Ideally we could set the role to user or admin using a trusted header, but see: open-webui/open-webui#4858 -- this still needs work in openwebui.
It is already possible to add users to groups (as opposed to roles) using a trusted header. That would allow setting granular permissions based on a group (but not making people admin)
We can get the sram groups that an authenticated user is a member of in nginx using this in the reverse proxy conf:
auth_request_set $src_roles $upstream_http_src_co_roles;
At the moment everyone has the
adminrole, that's not ideal. Ideally we could set the role touseroradminusing a trusted header, but see: open-webui/open-webui#4858 -- this still needs work in openwebui.It is already possible to add users to groups (as opposed to roles) using a trusted header. That would allow setting granular permissions based on a group (but not making people admin)
We can get the sram groups that an authenticated user is a member of in nginx using this in the reverse proxy conf: