Zendesk Support defines a number of user roles that are key to managing the people who generate support requests, those who resolve them, and the tickets themselves.
Users and people are essentially equivalent terms; it's the broadest definition for all people who use your Zendesk. When you need to manage people, your starting point is almost always the People page. This is where you add new users, define their roles and privileges, and then organize them using groups and organizations. You'll usually only see the word users in documentation like this.
Each user's role is defined when they are added, although you may change a user's role as needed. And, when users sign in, they are only shown the parts of Zendesk Support that they are allowed to see and use.
This article contains the following sections:
End users, or customers
End users are also sometimes referred to as customers. These are the people who generate support requests from any of the available support channels. End users don't have access to any of the administrator and agent features of Zendesk Support. They can only submit and track tickets and communicate with agents publicly, which means that their ticket comments can never be private.
How end users interact with your Zendesk Support depends first on the support channels you've made available to them and then by how you've defined public access. You can provide either open or closed support. Open support in Zendesk means that anyone can submit tickets. Closed support in Zendesk means the opposite. For example, you might use closed support for an internal support operation within a corporation.
In a closed Zendesk, you add the end users. In an open Zendesk, you can either add users yourself or end users can add themselves by submitting tickets. If end users can add themselves, you can either require them to register or not. In a closed Zendesk, all end users must be registered.
You can also control if and how your end users access your Help Center. This is the end user's view and includes the Submit Request page, the Knowledge Base, the Community (if available), and a view of their tickets. For more information on how end users can access Zendesk Support, see Configuring how end users access and sign in to Zendesk Support.
However, if your end users aren't registered, they don't have access to that view of tickets (they must be signed in). For these end users, all communication with the support team is via email. For more information, see Setting up to provide email-only support .
You also have the option of adding your end users to an organization, which is a collection of users (both end users and agents) that can be used in many ways throughout your ticket workflow. For more information, see About organizations and groups.
Agents, administrators, account owner
The people who resolve support requests, you, play different roles in setting up and managing your ticket workflow.
Agents
- May be added to more than one group (must be added to at least one)
- Add and edit end user profiles. Agents cannot create or edit other agent or administrator profiles, and may not have permission to edit all properties in an end user's profile.
- Add public or private comments or both to tickets
- Create and edit their own macros
- Create and edit their own views
- Can view reports. Only agents with access to all tickets in your Zendesk account will be able to view reports.
- Moderate and manage articles in the Help Center
- Access tickets in one of the following ways:
- All tickets in your Zendesk account
- Only tickets assigned to the group or groups to which they belong. Restricting an agent's permissions prevents them from making certain edits to users, including adding notes to user profiles.
- Only tickets received from the organization to which they belong
- Only tickets that they are assigned to
Administrators can add new agents either manually one at a time or as a bulk import operation (you can set the user role in the CSV data file used in a bulk import). Agents can be promoted to the administrator role by an administrator.
Agents are added to groups. Each agent must be added to at least one group. For more information about groups, see About organizations and groupsAbout organizations and groups.
As noted above, there are a number of ways to limit the access agents have to tickets. These are explained in Creating, managing, and using groupsCreating, managing, and using groups.
Notwithstanding ticket access restrictions, CC'ing an agent on any ticket lets the agent receive email notifications of all public and private updates to the ticket. For example, suppose an agent is only allowed to see tickets in the L2 group. After the agent is CC'ed on a ticket in the L3 group, the agent gets email notifications of all public or private updates to the ticket even though she's not authorized to see L3 tickets.
Administrators
- Access all tickets (not just the tickets they are assigned to)
- Access, create, and edit business rules (automations, macros, SLA service targets, triggers, views)
- Access and edit targets
- Install and configure apps
- Create reports
- Edit all reports
- Access and manage settings (account, security, channels, ticket fields, and so on)
- Add and manage end users, agents, and admins
- Promote agents to the admin role
- Create groups and organizations
- Assume an end user's identity
- Create custom agent roles (Enterprise plan only)
Administrators are responsible for designing and implementing the ticket workflow. They add end users, agents, and other administrators; define the business rules (automations, triggers, views, etc.); and customize and extend Zendesk Support. Where an agent's primary function is to interact with end users and resolve support requests, administrators may do that as well as set up and manage the workflow.
Administrators can do all of the actions that agents can do.
Account owner
The account owner is a type of administrator. The account name is associated with this person's name, usually the person who created the account. There can only be one account owner; however, account ownership can be reassigned by the account owner to another administrator if needed. The account owner has access to areas of Zendesk Support that other administrators do not, for example:
- Subscription changes
- Billing and payment management
- Account changes
For a full list of unique permissions associated with the account owner, see Understanding account owner permissions.
User references in business rules
Business rules need to refer to some types of users in more abstract ways to define conditions and actions; therefore, you'll see references to requester, submitter, assignee, current user, and non-restricted agent.
Requester
Requester refers to the person who made the support request. Requester is used in macros, views, automations, triggers, and reports to refer to the person who generated the support request.
Submitter
The ticket submitter is either the user who submitted the request or the agent that opened the ticket on behalf of the requester.
Assignee
Assignee is the agent assigned to a ticket. Assignee is used in macros, views, automations, triggers, and reports to refer to or set the assigned agent.
Current user
In triggers, (current user) is the last person who updated the ticket. The (current user) changes each time someone different updates the ticket. The update can be made by any agent or end user with access to the ticket.
In views, (current user) is the agent who is currently viewing that view. This enables one view to show relevant tickets to each agent, without having to create a specific view for each individual agent (see Using views to manage ticket workflow).
Non-restricted agent
A non-restricted agent is an agent who has access to all tickets. In other words, they have not been restricted to only the group or groups to which they belong, the organization they belong to, or to the tickets they have been assigned to. The ability to refer to these agents may be useful when creating triggers.
38 Comments
Originally in your post on Dec 2, 2014, you stated that by default, Light Agents do not have access to edit or modify anything in the Help Center and that I would need to edit that role. In the later posts you say that we cannot edit that part of the role. So is the conclusion that there is no way for a light agent to edit help center content?
Hi Dan! Sorry for the delay. I've edited my initial comment to reflect the correct information on this. You are correct: Light Agents are not able to edit Help Center content.
As an administrator or account owner, is it possible for me to view my agents' personal macros?
Hi Charles!
Personal macros are only visible to the user who created them.
Please let me know if you have any other questions!
Could this please be updated to include Advisor, Staff and Team Lead which additional user roles available in the current product? -- Scratch this, I found it in the Enterprise Level "custom agent roles"
Hi Jessie,
I have many agents who need to take up the support issues, how can I configure or assign individual IDs to each agent so that they all can log-in to our zopim chat simultaneously? ( Of-course, after I purchase a multiple agent zendesk account)
Hi, my agents are not able to add new end users as they are not seeing any option to add user under New tab.
Anyone else faced this issue?
we are at present using the team plan.
Regards,
Hello, saurabh,
I have just created a ticket on your behalf so we can troubleshoot this further :).
I have the professional version and my agents can not create End Users. Is that only in Enterprise?
Hey Ron!
That capability is actually managed by going to your settings menu, and under People, selecting Roles.
For each agent role that should be able to create End Users, click Edit and in the People section select the appropriate permissions from the What access does this agent have to end-user profiles? dropdown menu. Then click Update role.
Hi! I am using the universal signature under the agents tab. I have a few different agents, but I want to be able to use the universal form. How can I make sure that agents with different roles have different signatures without having to do every agent manually from their profile?
Hey Ruth!
The common signature can't be broken down by agent role or group, so if there's specific information that certain agents should have in their signature it would have to be added to their personal signature.
You can use both the universal and personal signatures at the same time; you can find details here: Adding an agent signature to ticket email notifications.
This allows you to add the stuff everyone should have in the settings for the common signature, and then your agents can go in and add the more specific stuff on their own. I'd suggest an email with specific text, already formatted, that they can just copy/paste.
Hope that helps!
ZD Team,
We really need to separate the permissions for Groups and Organizations, and separate permissions to Edit and Create.
There are many agents that would need to edit the values of custom fields on an Org, but none of them should also have permissions to create/edit Groups, which impacts all of our workflows and triggers.
Similarly, being able to keep info in an Org record up to date (flag customer temp, for example) should be a simple item that account teams can access, but I will never be able to give them permission to provision new Orgs.
This limits our use of the features of Zendesk, even with Enterprise Elite plan.
Also requested here back in March with no response: https://support.zendesk.com/hc/en-us/community/posts/115001229648-Role-Permissions-for-Groups-and-Organizations
Hey Shannon -
Thanks for sharing your thoughts. Jessie responded to all of your comments on this thread.
Can admins create macros for all agents to use?
Hey Eric -
Yes, admins can create macros to be shared with their agents. The info on how to do that can be found in this article: Creating macros for tickets
Someone should really do an editorial review on a few of these sentences:
"In a closed (what?), you add the end-users. In an open (what?), you csn either add users yourself or end-users can add themselves by submitting tickets. If end-users can add themselves, you can either require them to register or not. you (capitalize) can add users yourself and end-users can add themselves by submitting tickets.
In a closed (extra space here), all end-users must be registered of course."
Thanks, Ryan, We've flagged this for our documentation team.
It looks like "Support instance" dropped out in several places. We'll get it fixed!
I'd like to see a more granular option for certain roles to access support to Zendesk. Currently, the "Help" option is found only in the Administration pages of Zendesk. This prevents the next permission group (Team Leader) for instance from communicating directly and swiftly to Zendesk Support.
Please advise if this is something on the roadmap for change?
Hi Fred -
We can't speak to the current roadmap (it's not something we share publicly in the Help Center) but I'd encourage you to share your thoughts in the Support Product Feedback topic in the Community. In case you've never posted there before, here are our tips on how to write an effective feedback post.
Hi. I've seen there's an option to allow our customers within an organization to view tickets from other users in their organization. We want these people to also respond to existing threads within their org that they weren't explicitly included in. (Sort of an uber-customer/semi-agentish thing.) I've heard this is possible - yay!
Thanks!
Hey Neman,
You should be able to set these permissions up at the Organization level by navigating to Admin>Manage>People>Organization>(org name). Screenshot for you below:
If you don't see this option then you'll most likely need to have an admin on the account make these changes.
Hope this helps!
Thanks Brett. I see the first level option ("Can view all org tickets") but there's no second level option. (True for both the org and any given user.) What's my best option to get some help from one of your support agents?
Hey Neman,
The second level option becomes available once you set the first option to can view all orgs tickets. If you select that option do you then see the second option?
Let me konw!
Thanks again. I didn't see it because I hadn't tested. I had hadn't tested because it seems org-wide and I only wanted to change it for a specific person. I suspect after this change is in place, then I might be able to set it on a per-end user basis.
When I changed it, it took a few moments to take effect. It was confusing as it kept resetting itself from ...and add comments back to ...but not add comments. Now it's set, which is good. I still don't know what that means org-wide yet.
At the user level, there's still no clear way to let the desired user contribute to the tickets from their peers:
Hello, we are looking at adding a 2nd ZD instance "HR", is it possible to make someone an admin "IT" but not have access to view tickets, just access to all backend admin settings, IE, workflows, Macros, add/remove users, licensing, etc?
Hello Jesse Medina,
Setting up an Agent Role like that is not possible in the base product. I would recommend utilizing a custom role to facilitate your request. I've linked an article below on how to set this up in your Support instance.
Creating custom roles and assigning agents
Best regards.
Hi everyone,
Is is possible to query the permissions in Admin>Manage>People>Organization>(org name) ?
I need to make sure that all orgs have at least one person that can see everything. So
Regards,
Steve
Hello Steve Morrell,
You can use the API to pull this information on your Organizations. The organizations endpoint (found here https://developer.zendesk.com/rest_api/docs/support/organizations) has a couple attributes that should help with your first question:
For your second question, you can use the Users endpoint (shown here: https://developer.zendesk.com/rest_api/docs/support/users) along with the "organization" and "ticket_restrictions" attribute to see what visibility restriction each user has.
I hope that helps!
Please sign in to leave a comment.