System Settings

Overview

The System Settings page provides a centralized location for managing configuration parameters across Enterprise h2oGPTe. Use this page to:

• Control global settings: Manage application-wide configuration parameters
• Map custom config values to users: Override global settings for specific users
• Map custom config values to roles: Override global settings for specific roles

Global settings are configured during Helm deployment and enforce maximum value limits. Many global settings can be overridden at the user or role level. Some settings are read-only and cannot be modified.

Important

All actions on the System Settings page require administrator privileges.

Access the System Settings page

1. In Enterprise h2oGPTe, click account_circle Account Circle.
2. Select System Dashboard.
3. In the Configuration section, click System settings.

You can manage your settings across the Global, User, and Role tabs.

Global Settings

Global settings are application-wide configuration parameters organized by category: General, FEATURES, LIMITS, OAUTH, SECURITY, and SYSTEM. The search bar lets you filter global settings by name or key. These settings are shown in a table format, organized by the following columns:

• Setting: The configuration name
• Value: The current setting value
• Max Limit: The maximum allowed value (if applicable)
• Overridable: Whether the setting can be overridden by users or roles (overridable means the setting can be customized at the user or role level)
• Visibility: Whether the setting is Public or Private
• Read-Write: Whether the setting can be modified

Add a global setting

Only administrators can add global settings. Only settings that are overridable and not read-only can be added as new global settings.

1. In the Global Settings tab, click + New Setting.
2. Select a setting from the dropdown.
3. Enter a value for the setting. The value must not exceed the maximum limit specified for the setting.
4. If applicable, configure overridable and visibility options.
5. Click Submit.

If all available global settings have been configured, the + New Setting button is disabled and displays the message "All available global settings have been configured".

Edit a global setting

Only administrators can edit global settings. Read-only settings cannot be edited.

1. In the Global Settings table, locate the setting you want to modify and click more_vert for that setting.
2. Select Edit.
3. This opens the Edit Global Setting dialog box. Update the value without exceeding the maximum limit.
4. Enable Overridable to let user settings override this global setting.
5. Enable Publicly visible to let users see the value for this global setting.
6. Click Submit.

Remove a global setting

Only administrators can remove global settings.

1. In the Global Settings table, locate the setting you want to remove.
2. Click the Actions menu (more_vert) for that setting.
3. Select Delete.
4. Confirm the deletion.

note

You cannot remove default global settings that are pre-configured by the system. You can only remove settings that were added manually.

Global Guardrails

Administrators can enable guardrails system-wide for new chats and new collections through the System Settings UI or by setting environment variables at deployment time.

Enable guardrails for all new chats by default

Option 1: System Settings UI (Recommended)

1. Navigate to System Settings → Features section.
2. Toggle Enable guardrails for all new chats by default.
3. When enabled, global guardrails are automatically initialized with all standard categories.
4. Changes take effect immediately — no restart required.

Option 2: Environment Variable (Deployment Time)

Set this environment variable during deployment to pre-enable the setting:

H2OGPTE_MUX_DEFAULT_CHAT_GUARDRAILS_ENABLED=true

note

The actual guardrails initialization happens when the setting is toggled ON in the UI or when the config is changed via API.

Enable guardrails for new collections by default

When enabled, all newly created collections automatically inherit the global guardrail settings. Users see guardrails pre-enabled when they open the collection configuration page.

1. Navigate to System Settings → Features section.
2. Toggle Enable guardrails for new collections by default.
3. New collections created after this point will have guardrails enabled with the global default categories.

note

Existing collections are not affected by this setting. Only collections created after the setting is enabled will have guardrails applied by default.

Allow users to remove default guardrails

By default, users can remove the inherited default guardrails from their collections. Administrators can restrict this behavior:

1. Navigate to System Settings → Features section.
2. Toggle Allow users to remove default guardrails from their collections.
   • Enabled (default): Users can freely disable or modify the inherited guardrails on their collections.
   • Disabled: Non-admin users cannot turn off or remove the default guardrail categories from collections that inherited them. Users can still add additional guardrail categories beyond the defaults.

note

Administrators can always modify guardrails on any collection regardless of this setting.

Default guardrail categories

When enabled, the system automatically applies all available guardrail categories to new chats or collections. The specific categories depend on your deployment configuration and may include categories such as:

• Violent Crimes
• Non-Violent Crimes
• Child Sexual Exploitation
• Hate
• Suicide & Self-Harm
• Privacy

Your deployment may include additional categories beyond those listed here.

note

The actual guardrail categories are determined by your deployment's configuration (guardrails_entities in settings). Deployments can customize which categories are available and may include custom categories specific to your use case.

Hierarchy and Enforcement

The guardrails system uses a merge model to ensure admin-configured guardrails cannot be bypassed:

1. Global settings - Admin-configured guardrails that apply system-wide as a minimum baseline
2. Collection settings - Additional guardrails added at the collection level (merged with global)
3. Chat-specific settings - Additional guardrails added at the chat level (merged with global + collection)

important

Global guardrails are enforced as a minimum. When an administrator enables global guardrails and disables the option to remove them, users cannot disable or remove those categories at the collection or chat level. Users can only add additional guardrail categories beyond the global baseline.

Example: If an administrator enables Violent Crimes and Hate globally, and a user selects only Child Sexual Exploitation for their collection, the effective guardrails will include all three categories (merged).

note

When guardrails are enabled for chats or collections by default, the system automatically applies all available guardrail categories configured in your deployment. When streaming is enabled, responses are generated without streaming so that guardrails can validate the full response before displaying it to the user.

User settings

User settings allow you to override global settings for specific users. Only administrators can manage user settings.

View user settings

1. In the User Settings tab, select a user from the User dropdown.
2. View the list of settings configured for that user.

If no settings are configured, the message "Selected user has no settings" is displayed.

Add a user setting

Only administrators can add user settings. A setting must exist in the global configuration and must be marked as overridable (can_overwrite = true) to be added as a user setting. The setting cannot be read-only.

1. In the User Settings tab, select the user from the User dropdown.
2. Click + New Setting.
3. Select a setting from the dropdown. Only overridable and non-read-only settings are available. The LLM Configuration setting (runtime_llms) is not available for user settings because it configures system-wide LLM models and must be managed at the global level only.
4. Enter a value for the setting. The value must not exceed the maximum limit specified in the global configuration.
5. Click Submit.

Edit a user setting

Only administrators can edit user settings.

1. In the User Settings table, locate the setting you want to modify.
2. Click the Actions menu (more_vert) for that setting.
3. Select Edit.
4. Update the value as needed. Ensure the value does not exceed the maximum limit specified in the global configuration.
5. Click Submit.

Remove a user setting

Only administrators can remove user settings.

1. In the User Settings table, locate the setting you want to remove.
2. Click the Actions menu (more_vert) for that setting.
3. Select Delete.
4. Confirm the deletion.

Role Settings

Role settings override global settings for specific roles. Role settings apply to all users assigned to that role. Only administrators can manage role settings.

View role settings

1. In the Role Settings tab, select a role from the Role dropdown.
2. View the list of settings configured for that role.

If no settings are configured, the message "No role settings found" is displayed.

Add a role setting

Only administrators can add role settings. A setting must exist in the global configuration and must be marked as overridable (can_overwrite = true) to be added as a role setting. The setting cannot be read-only.

1. In the Role Settings tab, select the role from the Role dropdown.
2. Click + New Setting.
3. Select a setting from the dropdown. Only overridable, non-read-only settings are available. The LLM Configuration setting (runtime_llms) is not available for role settings because it configures system-wide LLM models and must be managed at the global level only.
4. Enter a value for the setting. The value must not exceed the maximum limit specified in the global configuration.
5. Click Submit.

Edit a role setting

Only administrators can edit role settings. You must select a role before editing its settings.

1. In the Role Settings table, locate the setting you want to modify.
2. Click the Actions menu (more_vert) for that setting.
3. Select Edit. The LLM Configuration setting (runtime_llms) cannot be edited from role settings because it configures system-wide LLM models and must be managed at the global level only.
4. Update the value as needed. Ensure the value does not exceed the maximum limit specified in the global configuration.
5. Click Submit.

Remove a role setting

Only administrators can remove role settings. You must select a role before removing its settings.

1. In the Role Settings table, locate the setting you want to remove.
2. Click the Actions menu (more_vert) for that setting.
3. Select Delete. The LLM Configuration setting (runtime_llms) cannot be deleted from role settings because it configures system-wide LLM models and must be managed at the global level only.
4. Confirm the deletion.

Related topics

• Roles and Permissions - Learn how to manage roles and permissions in Enterprise h2oGPTe

---

Feedback

• Submit and view feedback for this page
• Send feedback about Enterprise h2oGPTe to cloud-feedback@h2o.ai