Use roles, permissions, and scopes in Zendesk Workforce Management (WFM) to control access to data, settings, and reports. This article provides best practices for controlling access so you can give users the right level of visibility without exposing more than necessary.

What's my plan?
Add-on Workforce Management (WFM) or Workforce Engagement Management (WEM)

Summary: ◀▼

Use roles, permissions, and scopes to control access to data, settings, and reports in Workforce Management. Manage user visibility by configuring teams, locations, and workstreams carefully. Update permissions and scopes as needed, watch for auto-scope expansion, and handle unassigned agents cautiously. Reassign users before deleting custom roles to avoid permission loss. Keep visibility rules in mind to ensure appropriate access levels.

Use roles, permissions, and scopes in Zendesk Workforce Management (WFM) to control access to data, settings, and reports. This article provides best practices for controlling access so you can give users the right level of visibility without exposing more than necessary.

  • Configure roles, permissions, and teams carefully. Teams, locations, and workstreams are dimensions you can use in role and scopes to control which agents’ data a user can see.
  • Control access with the allow and block lists. Use the allow and block lists to control who has access to WFM. By default, all Zendesk agents are added to WFM. Keep the list in a spreadsheet if you want to review or update it before you paste changes into WFM. See Managing user access in your WFM account.
  • Use roles and scopes to limit access. Use WFM roles and scopes to control who can access data, settings, and reports. Configure them so users can access the right data without exposing more than necessary. A user can have a permission enabled, but if their scope doesn’t include the relevant team, they won’t see that team’s data. See Creating custom WFM roles and assigning users.
  • Update permissions, scopes, and users as needed. You can update permissions, adjust scopes, and reassign users when needed. See Understanding WFM roles and permissions.
  • Watch for auto-scope expansion. Any team, location, or workstream that a user with a custom role creates is automatically added to that role’s scope, which means all users with the same role gain access to it. Teams and workstreams that admins create aren’t subject to this auto-expansion. Review scopes whenever a custom role user creates new organizational items.
  • Assign unassigned agents carefully. Agents who aren’t assigned to a team are visible to all roles with an All preset scope. Be cautious when you assign an unassigned agent to a team, because this can expand visibility instead of restricting it. Roles with matching team-based scopes then also gain visibility into that agent.
  • Keep visibility rules in mind. The Team schedule appears in the agent schedule app only if agents have permission to view it and their scope includes more than one agent. If their role includes only self, or a team that contains only that agent, they don’t see the Team schedule tab, even if the permission is granted.
  • Reassign users before deleting custom roles. Deleting a custom role can silently downgrade its users. Every agent assigned to a deleted role is automatically reassigned to the standard WFM Agent role, which may have limited permissions. Always reassign users to a new role before you delete the old one.
Powered by Zendesk