ragflow icon indicating copy to clipboard operation
ragflow copied to clipboard
Published 1 week ago β€’ verified publisher icon infiniflow

[Feature Request]: User Management and Role-Based Access Control (RBAC)

Open rplescia opened this issue 1 year ago β€’ 1 comments

Is there an existing issue for the same feature request?

  • [X] I have checked the existing issues.

Is your feature request related to a problem?

No

Describe the feature you'd like

As an administrator, I want to have the ability to add/manage/remove a user's ability to access the application and control what features in the app they can use via roles so that it can be deployed in an organisation with more security restrictions. I also want to hide some features from less technical users to avoid confusing them with too much information.

New 'Admin' page for managing 'Users', 'Teams' and 'Roles'

  • Users: Admin users can add new users to the system using their email addresses, once added, the system generates an invitation email to the user with a link, the link should take the user to a page where they are asked to set a strong password. Also, Admins can modify/delete users.
  • Teams: Admin users can create Teams, add users, and assign teams to roles.
  • Roles: Admin users can create/modify/remove Roles. Roles are used to restrict access to knowledge bases or system features such as 'Agent'.

3 System Roles that come 'out-of-the-box'

  1. Administrator: Full access
  2. Power User: Full access excluding the ability to add/change/remove users, teams and roles.
  3. Standard User: Access to all features excluding:
  • Add/modify/remove users, teams and roles.
  • Add/modify/remove model providers
  • 'System' Page is hidden from view

Describe the implementation you've considered

No response

Documentation, adoption, use case

No response

Additional information

No response

rplescia avatar Sep 25 '24 10:09 rplescia

Seconded. I have just been trying to test this out myself. I want to limit what users can see and do.

meltedhead avatar Nov 12 '24 12:11 meltedhead

I second it.

It's very useful for enterprise users.

ProfessorX avatar Apr 10 '25 02:04 ProfessorX

i second it. without any way to restrict the newly registrated users, you can get a real bot problem...

HerzogVolpe avatar Apr 12 '25 15:04 HerzogVolpe

This is actually a much needed thing. I'm not yet sure how you can get users invited into a RAG system without exposing every single piece of detail of the system without building a custom UI entirely.

galovics avatar May 05 '25 09:05 galovics

Agreed, without admin control this isn't really deployable in a production setting.

snazzer avatar May 06 '25 21:05 snazzer

I mean the two alternatives I see for a production deployment are:

  • you develop an entirely custom frontend while RAGFlow's current deployment serves as an admin UI + the backend components for RAG
  • if you wanna use the Agent mechanism, you can create the agent and embed it as an iframe into a custom frontend

galovics avatar May 07 '25 08:05 galovics

@ProfessorX Thanks a lot for your suggestion β€” and apologies for the delayed response! ⏳

We've implemented basic team management in the open-source version, and full team permission control is available in the commercial version πŸ”. If your use case requires advanced access management, feel free to reach out to the RAGFLOW Assistant for commercial-level support.

If this addresses your needs, please consider closing the issue when you get a chance. Otherwise, we’ll plan to close it during our next round of maintenance.

Appreciate your continued interest and input β€” we’re excited to keep improving with your feedback! πŸš€

which-W avatar May 19 '25 07:05 which-W

So you've taken my idea and commercialised it... Not very nice when this is supposed to be an OPEN-SOURCE project!

rplescia avatar May 19 '25 11:05 rplescia

@which-W I might have missed something but I didn't even know you have a commercial version. There's nothing on the website, nothing here in the readme. Is there a plan to monetize the open-source product just like any other SaaS out there?

galovics avatar May 19 '25 17:05 galovics

@rplescia Thanks for sharing your thoughts, and sorry for any confusion caused. Just to clarify β€” our implementation of team permissions is quite different from the structure you mentioned, and it's something we've been exploring independently based on long-standing user needs.

RAGFlow is a hybrid open- and closed-source product, built and maintained by a dedicated team πŸš€. We really appreciate your feedback, and we'd love to have you involved in helping shape its future. Contributions, ideas, and discussions are always welcome! πŸ’¬βœ¨

Thanks again for engaging with us!

which-W avatar May 20 '25 03:05 which-W

@galovics Thanks for your interest! Yes β€” our project includes components designed for commercial collaboration 🀝. If you're interested in learning more or exploring potential opportunities, feel free to join our Discord where we share updates and handle partnership inquiries πŸ’¬βœ¨.

Looking forward to connecting with you there!

which-W avatar May 20 '25 03:05 which-W

This is totally not cool! At no point in this project's history has it been published that this project has a commercial angle to it until now. Now you take the community's work and try to make money off it... not cool! I will no longer contribute my ideas to this project.

rplescia avatar May 20 '25 08:05 rplescia