Access Control

When Access Control is enabled, anonymous users (not logged in) will only see the read-only parts of the UI which are the following:

  • printer state
  • available gcode files and stats (upload is disabled)
  • temperature
  • webcam
  • gcode viewer
  • terminal output (sending commands is disabled)
  • available timelapse movies
  • any components provided through plugins which are enabled for anonymous users

Logged in users will get access to everything besides the Settings and System Commands, which are admin-only.

If Access Control is disabled, everything is directly accessible. That also includes all administrative functionality as well as full control over the printer, and without the need for an API key!

Upon first start a configuration wizard is provided which allows configuration of the first administrator account or alternatively disabling Access Control (which is NOT recommended for systems that are directly accessible via the internet or other untrusted networks!).


If you plan to have your OctoPrint instance accessible over the internet, always enable Access Control and ideally don’t make it accessible to everyone over the internet but instead use a VPN or at the very least HTTP basic authentication on a layer above OctoPrint.

A physical device that includes heaters and stepper motors really should not be publicly reachable by everyone with an internet connection, even with access control enabled.

Rerunning the wizard

In case Access Control was disabled in the configuration wizard, it is possible to re-run it by editing config.yaml [1] and setting firstRun in the server section and enabled in the accessControl section to true:

  enabled: true
# ...
  firstRun: true

Then restart the server and connect to the web interface - the wizard should be shown again.


If user accounts were created prior to disabling Access Control and those user accounts are not to be used any more, remove .octoprint/users.yaml. If you don’t remove this file, the above changes won’t lead to the configuration being shown again, instead Access Control will just be enabled using the already existing login data. This is to prevent you from resetting access control by accident.


[1]For Linux that will be ~/.octoprint/config.yaml, for Windows it will be %APPDATA%/OctoPrint/config.yaml and for Mac ~/Library/Application Support/OctoPrint/config.yaml