You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/docs/features/access_control.mdx
+3-7Lines changed: 3 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ LibreChat ships with a full authorization system on top of authentication. Acces
11
11
This page explains how the pieces fit together so you can model permissions to match your organization, from a small team where everyone shares freely, to an enterprise deployment with sync'd Entra ID groups, custom roles, and delegated admins.
12
12
13
13
<Callouttype="info"title="Admin Panel">
14
-
A dedicated [**LibreChat Admin Panel**](/docs/features/admin_panel) is the upcoming UI for managing users, groups, roles, custom permission profiles, and system-wide grants introduced in [v0.8.5-rc1](/changelog/v0.8.5-rc1). This page documents the underlying model, which is available today in LibreChat itself.
14
+
A dedicated [**LibreChat Admin Panel**](/docs/features/admin_panel) is the upcoming UI for managing users, groups, roles, custom permission profiles, and system-wide grants introduced in [v0.8.5](/changelog/v0.8.5). This page documents the underlying model, which is available today in LibreChat itself.
15
15
</Callout>
16
16
17
17
## The Access Model at a Glance
@@ -77,11 +77,11 @@ The [`interface` block](/docs/configuration/librechat_yaml/object_structure/inte
77
77
78
78
### Custom Roles
79
79
80
-
Beyond `USER` and `ADMIN`, administrators can create **custom roles** with their own feature-permission matrix (introduced in v0.8.5-rc1; see [#12528](https://github.com/danny-avila/LibreChat/pull/12528)). A user can hold multiple roles, and their effective permissions are the union across all held roles. Custom roles are managed from the admin panel.
80
+
Beyond `USER` and `ADMIN`, administrators can create **custom roles** with their own feature-permission matrix (introduced in v0.8.5; see [#12528](https://github.com/danny-avila/LibreChat/pull/12528)). A user can hold multiple roles, and their effective permissions are the union across all held roles. Custom roles are managed from the admin panel.
81
81
82
82
### Role- and Group-Scoped Configuration Overrides
83
83
84
-
In addition to feature flags, v0.8.5-rc1 introduced a **DB-backed configuration override** system ([#12354](https://github.com/danny-avila/LibreChat/pull/12354)). This lets you assign a *different `librechat.yaml`-style config* to specific groups or roles. For example, a "Research" group might have access to additional endpoints, a higher recursion limit, and different agent capabilities than the default. Overrides are resolved at login and composed on top of the base configuration.
84
+
In addition to feature flags, v0.8.5 introduced a **DB-backed configuration override** system ([#12354](https://github.com/danny-avila/LibreChat/pull/12354)). This lets you assign a *different `librechat.yaml`-style config* to specific groups or roles. For example, a "Research" group might have access to additional endpoints, a higher recursion limit, and different agent capabilities than the default. Overrides are resolved at login and composed on top of the base configuration.
85
85
86
86
## Layer 2: Resource ACLs (Per-Entity Sharing)
87
87
@@ -195,10 +195,6 @@ interface:
195
195
196
196
This only affects the *search UI*; existing ACL entries for hidden principal types continue to work and are enforced normally.
197
197
198
-
## Multi-Tenancy
199
-
200
-
Every record in the access system (ACL entries, access roles, groups, system grants, and custom roles) carries an optional `tenantId`. When set, visibility and resolution are tenant-scoped; when unset, records are instance-global. This allows operators to partition users, groups, and resources across tenants without leaking data between them.
201
-
202
198
## Migrations from Pre-ACL Versions
203
199
204
200
Versions prior to v0.8.0-rc3 used a simpler ownership model. Upgrading requires running the ACL migration so existing agents and prompts remain accessible:
Copy file name to clipboardExpand all lines: content/docs/features/admin_panel.mdx
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ description: A standalone web UI for managing LibreChat users, groups, roles, co
9
9
The **LibreChat Admin Panel** is a standalone browser-based management interface for LibreChat. It connects to the same database as LibreChat itself and provides a GUI for the administrative tasks that power [granular access control](/docs/features/access_control): user and group administration, role management, configuration overrides scoped to roles or groups, and system-level capability grants.
10
10
11
11
<Callouttype="info"title="Status: Preview">
12
-
The admin panel is available for testing now and is the upcoming management surface that builds on the admin APIs introduced in [LibreChat v0.8.5-rc1](/changelog/v0.8.5-rc1). Source, issues, and releases live at [github.com/ClickHouse/librechat-admin-panel](https://github.com/ClickHouse/librechat-admin-panel).
12
+
The admin panel is available for testing now and is the upcoming management surface that builds on the admin APIs introduced in [LibreChat v0.8.5](/changelog/v0.8.5). Source, issues, and releases live at [github.com/ClickHouse/librechat-admin-panel](https://github.com/ClickHouse/librechat-admin-panel).
13
13
</Callout>
14
14
15
15
## What It Does
@@ -56,7 +56,7 @@ The admin API surface exposed by LibreChat is:
56
56
57
57
### Prerequisites
58
58
59
-
- A running LibreChat instance on **v0.8.5-rc1 or later** (admin APIs are not available in earlier versions)
59
+
- A running LibreChat instance on **v0.8.5 or later** (admin APIs are not available in earlier versions)
60
60
- Network access from the admin-panel container/host to the LibreChat API
61
61
- An admin account on LibreChat: either the first-registered user (auto-admin), a user with `role: 'ADMIN'` set in Mongo, or a principal that has been granted the `access:admin` capability
62
62
@@ -158,5 +158,5 @@ This is the surface behind LibreChat's [DB-backed per-principal configuration ov
158
158
-[Access Control](/docs/features/access_control): the permission model the admin panel is built on
159
159
-[Interface Configuration](/docs/configuration/librechat_yaml/object_structure/interface): the feature flags the panel edits
160
160
-[Authentication](/docs/features/authentication): user authentication on LibreChat
161
-
-[v0.8.5-rc1 changelog](/changelog/v0.8.5-rc1): admin API foundations
161
+
-[v0.8.5 changelog](/changelog/v0.8.5): admin API foundations
0 commit comments