issue: Public custom model access broken

[lochmaster]

Check Existing Issues

• I have searched for any existing and/or related issues.
• I have searched for any existing and/or related discussions.
• I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
• I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.6.41

Ollama Version (if applicable)

0.13.0

Operating System

Windows

Browser (if applicable)

Edge

Confirmation

• I have read and followed all instructions in README.md.
• I am using the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have provided every relevant configuration, setting, and environment variable used in my setup.
• I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
• I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
• Start with the initial platform/version/OS and dependencies used,
• Specify exact install/launch/configure commands,
• List URLs visited, user input (incl. example values/emails/passwords if needed),
• Describe all options and toggles enabled or changed,
• Include any files or environmental changes,
• Identify the expected and actual result at each stage,
• Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

As administrator i have the possibility to enable users to create their own models, knowledge collections and prompts. This can be enabled in the permission tab of corresponding user group:

However, models, collections, and prompts with public access (and likely tools as well—this has not been tested) should not be visible to or editable by users, as they are managed and owned by the administrator. Users should neither see nor be able to modify these public items from within their workspace.

The expected behavior described above currently applies correctly to Knowledge, Prompts, and likely Tools.

Actual Behavior

In the latest version of OWUI, public access models appear in user workspaces and can not only be viewed but also seemingly be edited. Users can click the three-dot menu and select Edit on a public model (note: clicking on the model itself does not display its settings, as it typically does for administrators). Users can make changes, although it appears they are not saved successfully after clicking Save & Update.

This behavior for models does not seem intended and is inconsistent with how access is handled for Knowledge, Prompts, and likely Tools.

Steps to Reproduce

1. As admin create a custom model and a custom prompt and set their Access to Public
2. Create a user group that has permission to access Models and Prompts functions inside the user's workspace (see screenshot above).
3. Log-in as a user which is part of the above created user group.
4. Check the user's workspace and compare visibility/editability of models with prompts.
   4.1 Public models visible/"editable" --> not expected
   4.2 Public prompts not visible --> expected

Logs & Screenshots

.

Additional Information

It might we worth considering whether users should have a read-only view (without editable text fields, buttons, etc.) of publicly accessible items such as Models, Knowledge, Prompts, or Tools in their workspace to better understand their purpose.

My Podman Container Config:

services:
open-webui:
image: registry./
container_name: open-webui
restart: always
ports:
- ":3000:8080"
volumes:
- open-webui:/app/backend/data
environment:
OAUTH_CLIENT_ID: ""
OAUTH_CLIENT_SECRET: ""
OPENID_PROVIDER_URL: ""
ENABLE_OAUTH_SIGNUP: "true"
OAUTH_PROVIDER_NAME: ""
ENABLE_OAUTH_GROUP_MANAGEMENT: "true"
OAUTH_GROUP_CLAIM: "groups"
OAUTH_SCOPES: "openid email profile"
OPENID_REDIRECT_URI: "/oauth/oidc/callback"
ENABLE_ADMIN_CHAT_ACCESS: "false"
REQUESTS_CA_BUNDLE: ""
CURL_CA_BUNDLE: ""
SSL_CERT_FILE: ""

volumes:
open-webui:
external: true

[owui-terminator]

🔍 Similar Issues Found

I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions:

1. #19711 issue: Editing function for models broken
   by skleffmann • Dec 03, 2025 • bug

2. #19588 issue: Model group permissions
   by apunkt • Nov 29, 2025 • bug

3. #19899 issue: openrouter Models not showing up in the model selection list.
   by AZComputerSolutions • Dec 12, 2025 • bug

4. #19606 issue: Error while deleting download/installed models.
   by malvarez00 • Nov 30, 2025 • bug

5. #19549 issue: usage model setting becomes unticked when model is changed
   by YetheSamartaka • Nov 27, 2025 • bug

Show 5 more related issues

6. #19604 issue: Cannot create a custom model or edit a custom model because base model list is empty
   by blazejp83 • Nov 30, 2025 • bug

7. #19461 issue: Models shared with write permission to group no longer visible in workspace
   by destination-one • Nov 25, 2025 • bug

8. #19188 issue: Model drop-down fails to show models from remote hosts (ollama, llama.cpp)
   by d-shehu • Nov 14, 2025 • bug

9. #19575 issue: Remove / delete Ollama models not possible - Error occurred
   by JoeyVinc • Nov 28, 2025 • bug

10. #19555 issue: Regular user cannot see shared models in Workspace anymore
    by arslancloud • Nov 27, 2025 • bug

---

💡 Tips:

• If this is a duplicate, please consider closing this issue and adding any additional details to the existing one
• If you found a solution in any of these issues, please share it here to help others

This comment was generated automatically by a bot. Please react with a 👍 if this comment was helpful, or a 👎 if it was not.

[Classic298]

Duplicate - this exact question was asked dozens of times

However, models, collections, and prompts with public access (and likely tools as well—this has not been tested) should not be visible to or editable by users, as they are managed and owned by the administrator. Users should neither see nor be able to modify these public items from within their workspace.
In the latest version of OWUI, public access models appear in user workspaces and can not only be viewed but also seemingly be edited. Users can click the three-dot menu and select Edit on a public model (note: clicking on the model itself does not display its settings, as it typically does for administrators). Users can make changes, although it appears they are not saved successfully after clicking Save & Update.

and yes this is intended behaviour for now - and the settings are NOT saved because they dont have write perm

[Classic298]

"Check the user's workspace and compare visibility/editability of models with prompts.
4.1 Public models visible/"editable" --> not expected"

for the next version (in dev):

Knowledge workspace now displays all collections with read access including shared read-only collections, enabling users to discover and explore knowledge bases they don't own while maintaining proper access controls through visual "Read Only" badges and automatically disabled editing controls for name, description, file uploads, content editing, and deletion operations. Commit

[Classic298]

are you sure you tested .41 and not dev?

[lochmaster]

My current version of the pulled image my issue was based: on

"Labels": {
      "io.buildah.version": "1.41.5",
      "org.opencontainers.image.created": "2025-12-02T22:29:19.580Z",
      "org.opencontainers.image.description": "User-friendly AI Interface (Supports Ollama, OpenAI API, ...)",
      "org.opencontainers.image.licenses": "NOASSERTION",
      "org.opencontainers.image.revision": "6f1486ffd0cb288d0e21f41845361924e0d742b3",
      "org.opencontainers.image.source": "https://github.com/open-webui/open-webui",
      "org.opencontainers.image.title": "open-webui",
      "org.opencontainers.image.url": "https://github.com/open-webui/open-webui",
      "org.opencontainers.image.version": "main"
    }

6f1486f

[lochmaster]

Duplicate - this exact question was asked dozens of times

However, models, collections, and prompts with public access (and likely tools as well—this has not been tested) should not be visible to or editable by users, as they are managed and owned by the administrator. Users should neither see nor be able to modify these public items from within their workspace.
In the latest version of OWUI, public access models appear in user workspaces and can not only be viewed but also seemingly be edited. Users can click the three-dot menu and select Edit on a public model (note: clicking on the model itself does not display its settings, as it typically does for administrators). Users can make changes, although it appears they are not saved successfully after clicking Save & Update.

and yes this is intended behaviour for now - and the settings are NOT saved because they dont have write perm

Alright, I could have sworn that, just a few versions ago, these custom public models were not visible to regular users. In any case, it is good to know that potential user changes, while technically possible at first glance, are ultimately not saved.

[lochmaster]

"Check the user's workspace and compare visibility/editability of models with prompts. 4.1 Public models visible/"editable" --> not expected"

for the next version (in dev):

Knowledge workspace now displays all collections with read access including shared read-only collections, enabling users to discover and explore knowledge bases they don't own while maintaining proper access controls through visual "Read Only" badges and automatically disabled editing controls for name, description, file uploads, content editing, and deletion operations. Commit

Nice! Would it make sense to apply the same UX/permission pattern to custom public models as well (discoverable/readable, not editable)?
And for consistency, should Prompts and Tools follow the same rule (visible with read access + “Read Only” badge + disabled editing)?