fix: default invite user modal global role to least-privilege

[ryan-crabbe-berri]

Summary

The Global Proxy Role dropdown in the Invite User modal had no default value, so admins had to remember to pick a role before submitting. If they forgot, the form posted user_role: undefined to /user/new.

This PR pre-selects internal_user_viewer — the least-privileged of the four roles returned by /user/available_roles — on both the standalone modal (used on the Users page) and the embedded form (used inside the Create Key flow). Defaulting to least privilege means an admin has to opt into granting more access rather than opting out.

Role options available on the endpoint:

• proxy_admin
• proxy_admin_viewer
• internal_user
• internal_user_viewer ← new default

circleci: https://app.circleci.com/pipelines/github/BerriAI/litellm/73620/workflows/83c1d890-896e-46ac-93b2-8658761b0a50

Screenshots

before - default doesnt show

after - least privilege default shows

Test plan

• Open the Users page, click + Invite User, confirm "Internal User Viewer" is pre-selected in the Global Proxy Role dropdown
• Submit the form without touching the role dropdown and confirm the user is created with internal_user_viewer
• Change the role to something else and confirm the override is respected
• Open the Create Key flow and use the embedded invite user form; confirm the same default applies there

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Apr 14, 2026 10:47pm

[greptile-apps]

Greptile Summary

This PR adds initialValues={{ user_role: "internal_user_viewer" }} to both the embedded and standalone <Form> instances in CreateUserButton.tsx, ensuring the Global Proxy Role dropdown is pre-selected to the least-privileged role on open. Both paths (isEmbedded and the modal) are covered, and because Ant Design's form.resetFields() restores initialValues, subsequent opens/resets also default to internal_user_viewer.

Confidence Score: 5/5

Safe to merge — minimal, correct UI change with no logic or security regressions.

The change is a two-line addition of initialValues props that correctly defaults the role to least-privilege on mount and after every form.resetFields() call. Both form paths are covered, no backend contract is altered, and no existing behavior is broken.

No files require special attention.

Important Files Changed

Filename	Overview
ui/litellm-dashboard/src/components/CreateUserButton.tsx	Adds initialValues={{ user_role: "internal_user_viewer" }} to both the embedded and standalone Form instances, defaulting the Global Proxy Role to least-privilege on mount and after each form.resetFields() call.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Admin opens Invite User modal] --> B{isEmbedded?}
    B -- Yes --> C[Embedded Form\ninitialValues: internal_user_viewer]
    B -- No --> D[Standalone Modal Form\ninitialValues: internal_user_viewer]
    C --> E[Admin optionally changes role]
    D --> E
    E --> F[Submit form]
    F --> G[userCreateCall with user_role]
    G --> H[form.resetFields\nresets to internal_user_viewer]

Loading

_{Reviews (1): Last reviewed commit: "fix: default invite user modal global ro..." | Re-trigger Greptile}

[codspeed-hq]

Merging this PR will not alter performance

✅ 16 untouched benchmarks

---

_{Comparing litellm_fix-invite-user-default-role (a428ae7) with main (7b36cfc)}