When Access Control is enabled, anonymous users (not logged in) will only see the read-only parts of the UI which are the following:
- printer state
- available gcode files and stats (upload is disabled)
- gcode viewer
- terminal output (sending commands is disabled)
- available timelapse movies
- any components provided through plugins which are enabled for anonymous users
Logged in users will get access to everything besides the Settings and System Commands, which are admin-only.
If Access Control is disabled, everything is directly accessible. That also includes all administrative functionality as well as full control over the printer, and without the need for an API key!
Upon first start a configuration wizard is provided which allows configuration of the first administrator account or alternatively disabling Access Control (which is NOT recommended for systems that are directly accessible via the internet or other untrusted networks!).
If you plan to have your OctoPrint instance accessible over the internet, always enable Access Control and ideally don’t make it accessible to everyone over the internet but instead use a VPN or at the very least HTTP basic authentication on a layer above OctoPrint.
A physical device that includes heaters and stepper motors really should not be publicly reachable by everyone with an internet connection, even with access control enabled.
Rerunning the wizard¶
In case Access Control was disabled in the configuration wizard, it is
possible to re-run it by editing
config.yaml  and setting
server section and
enabled in the
accessControl section to
accessControl: enabled: true # ... server: firstRun: true
Then restart the server and connect to the web interface - the wizard should be shown again.
If user accounts were created prior to disabling Access Control and those
user accounts are not to be used any more, remove
If you don’t remove this file, the above changes won’t lead to the
configuration being shown again, instead Access Control will just be
enabled using the already existing login data. This is to prevent you from
resetting access control by accident.
|||For Linux that will be |