Comments (5)
Adding to this I would like to include some possible mockups of the UI.
Admin configuration
As suggested by @silentoplayz earilier, the ability to toggle on or off RAG for users
Which would show the documents tab in sidebar, looking something like this:
Documents page, adding documents, securing documents
The change of access control in adding of doucuments may look something like this:
I have added an extra type which is Private
which would allow users to share specific documents with users or just leave it as their own giving the ability to share if you choose
Notes
Excaildraw documents for those interested: https://excalidraw.com/#json=NXy7y5Tots5SZzegjjsmJ,J-7YC24eiRVPaDVc-37ggQ
I will continue to update this comment with more mock ups as i go, as I haven't covered all possible changes just yet. Please share any thoughts or possible changes
from open-webui.
Hi, maybe another idea in addition to @silentoplayz proposed solutions:
Alternative 3:
- Add "workspaces" in the UI for each chat which map to a specific metadata label in ChromaDB
- Any user can create a "workspace" and share it with other users (admins can create global "workspaces", automatically shared with all users - which could be used to dump company-wide knowledge bases)
- Only the original creator can delete a "workspace"
- Users select the workspaces relevant to the chats when starting a new one
Benefits:
- Security: PoLP - decentralized management of data and access (teams manage their data and the admin has no power over any documents not owned by him)
- Flexibility for the users to share documents freely
from open-webui.
Alternative Solution(s)
Two potential solutions to consider are:
- Add a "Private" or "Confidential" designation to documents in the Documents tab, which would restrict access to those documents to only certain users or groups of users. This could be implemented by adding a new field to the document metadata that specifies the level of access allowed for the document.
For example, a new "Access Level" field could be added to the document metadata with the following options:
- Public: Anyone can view and interact with the document.
- Private: Only specific users or groups of users can view and interact with the document.
- Confidential: Only the document owner can view and interact with the document.
Admins could then set the Access Level field for each document as they upload it, allowing them to restrict access to documents as needed.
- Another potential solution could be to implement a private document sharing feature where users can toggle a lock/unlock icon next to each document in the Documents tab. This would allow admins to restrict access to documents on a per-document basis, while still allowing for easy access and collaboration on documents within the Open WebUI community.
Implementation
Alternative 1
- Add a new field to the document metadata for Access Level.
- Provide options for Access Level: Public, Private, and Confidential.
- Allow admins to set the Access Level for each document as they upload it.
- Restrict access to documents based on the Access Level setting.
Alternative 2
- Add a lock/unlock icon next to each document in the Documents tab in the chat navbar.
- When a user clicks on the lock icon, a dialog box could appear asking the user to confirm that they want to restrict access to the document.
- Once a document is locked, only users with explicit permission would be able to access it.
- Users with permission to access a locked document could be managed in the Users tab of the Admin Settings in the Admin Panel.
These alternative solutions would provide the following benefits:
- Improved security: Restricting access to documents would reduce the risk of unauthorized access or document leakage.
- Fine-grained control: Admins would have the ability to control access to documents on a per-document basis, providing more control and flexibility.
from open-webui.
Alternative 4
Introduce a document access approval system that triggers a notification to the document owner(s) or an assigned delegate when a user requests access to their documents within RAG.
Features:
- Request and Approval: A user can request access to a specific document, generating an approval request for the document owner(s) or a designated delegate.
- Notification system: Document owners receive a request notification, prompting them to review and either approve or deny the access request.
- Approval expiration: Implement a time limit for approvals, prompting users to review and respond to pending requests.
- Approval revocation: Allow document owners or delegates to revoke previously granted access.
Benefits:
- Enhanced security: Requesting and granting access to documents on a case-by-case basis reduces the risk of unauthorized access or document leakage.
- Increased accountability: By tracking access requests and their outcomes, admins and document owners have an overview of who accessed which documents and when.
- User convenience: The request and approval system simplifies the process of sharing documents, removing the need for managing individual access settings for each user.
I'm all ears for more alternative solutions and even a combination of proposed features already. Let's keep this issue open and lively, shall we?
from open-webui.
Because why stop there?
Alternative 5: Combined Document Access Control System (This should be a new issue at this point, lol)
Description: This solution combines together and refines the best aspects of the previous proposed alternatives and solutions in order to provide a comprehensive and user-oriented document management system that addresses access control, security, and user convenience.
Components:
1. Document Access Control
- Introduce a new field to the document metadata for Access Level, including: Public, Approval Required, and Confidential.
- When the Access Level is set to "Approval Required", users will be prompted to request access.
- Document owners or designated delegates can grant or deny access to documents based on the request.
- Approval requests have an expiration time limit, encouraging timely responses.
- Document owners or designated delegates can revoke previously granted access.
2. Workspaces
- Add "workspaces" in the UI for each chat, mapping to ChromaDB collections.
- Users can create workspaces and share them with other users, allowing for flexible and secure sharing of documents.
- Users determine the access level for each workspace, either Public, Approval Required, or Confidential.
- Only the original creator can delete a workspace.
- Users can select workspaces relevant to the chats when starting a new one.
3. Document Access Approval System
- Implement a notification system for document owners or designated delegates to receive and respond to access requests.
- Approval expiration and revocation features are integrated within the document management system.
4. Private Document Sharing
- Implement a private document sharing feature where users can toggle a lock/unlock icon next to each document in the Documents tab.
- This enables admins to restrict access to documents on a per-document basis while maintaining easy access and collaboration for documents within the Open WebUI community.
Benefits:
- Improved security: The combined solution results in a more secure system as a whole, reducing the risk of unauthorized access or document leakage.
- Flexibility for users: Users have the ability to control access to documents on a per-document basis, providing more control and flexibility.
- Decentralized management: By introducing workspaces, users can manage their data and have better control over their information.
- Scalability: Global "workspaces" created by admins enable organizations to share company-wide knowledge bases and resources with all users.
- Accountability: Document access requests and their outcomes enable admins and document owners to monitor who accessed which documents and when.
- User convenience: The combined features simplify the process of sharing documents and managing access levels, while also maintaining security and scalability.
Implementation:
- Introduce a new field to the document metadata for Access Level and implement the corresponding functionality.
- Implement workspaces within the UI, along with user interface components for sharing, revoking, and adjusting access levels for documents and workspaces.
- Develop a notification system for document owners or designated delegates to receive and respond to access requests.
- Integrate approval expiration and revocation features within the document management system.
- Implement a private document sharing feature with a lock/unlock icon in the Documents tab.
This combined solution offers improved security, flexibility, and user convenience, as well as decentralization of document management, accountability, and scalability.
from open-webui.
Related Issues (20)
- admin panel displays the administrator's name instead of the user's name. HOT 2
- I cannot create larger files as a document. HOT 2
- feat: GroqCloud integration
- enhancement: auth ollama connection
- Docker image with Ollama installed very slow HOT 2
- Can open-webui use the Assistant API of OpenAI when i give my own openai api-key?
- Missing envs for OpenAI compatible endpoints
- Control visibility of Modelfiles in side bar and Setttings -> Connections, Models, Audio, Images
- Create modelfiles that use api LLMs, e.g. gpt-4 HOT 2
- OpenAI net::ERR_CONTENT_DECODING_FAILED
- something went wrong string indices must be integers not str
- feat: Multiple Model Paths
- When run docker command to start the open-webui without internet, one issue occurred.
- profile_image_url is an injection vulnerability
- Feedback on Ollama+Ollama web ui issues HOT 1
- bug: hanging connection causing blank screen HOT 2
- Add proxy for OpenAI
- [BUG] No email being sent to pending accounts
- Modelfiles don't use GGUF anymore
- OpenAI API Key is deleted each time the Docker Container is restarted
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from open-webui.