If you have an Enterprise plan, you can define your own agent roles and assign those roles to any agent. This allows you to define agent roles that suit your own organizational structure and workflow.
This article includes these sections:
Understanding the default Enterprise agent roles
Zendesk Support also offers a number of default agent roles that reflect typical Zendesk Support Enterprise roles. You can use these agent roles as is or clone them and create variations to suit your needs. Or, you can create your own agent roles.
| Agent role | Description |
|---|---|
| Advisor | Advisors manage the workflow and configure your Zendesk. They create or manage shared automations, macros, triggers, and views. They also set up the service level agreements, channels, and extensions. Advisors don't solve tickets, they can only make private comments. |
| Staff | A Staff agent's primary role is to solve tickets. They can edit tickets within their groups, view reports, and add or edit personal views and macros. |
| Team Leader | Team leaders have greater access to your Zendesk than staff agents. They can read and edit all tickets, moderate forums, and create and edit end-users, groups, and organizations. |
Other unique agent roles
Depending on your plan, products, and add-ons you might see these unqiue agents roles in your account.
| Agent role | Description |
|---|---|
| Chat-only Agent | Chat-only agents can initiate chat with your customers. They can also view, be CC'd on, and add private comments to tickets accessible to them. They can also view reports of all tickets in your Zendesk Support account. Chat-only agents cannot be assigned to or edit tickets.
For more information, see Understanding default roles in Zendesk Chat. |
| Contributor | If you are using Zendesk Chat Phase 4 with an integrated Support account, each new Chat agent is also added to your Support account as a contributor. Contributors in Support have limited privileges; for instance, contributors can view some tickets, but cannot respond or otherwise interact with them. Contributors do not occupy an agent seat in Support, unless they are manually upgraded to an agent role.
If you have a Chat-only Phase 4 account, and later create an integrated Support account, existing Chat agents will be added to your Support account as contributors. For more information, see Creating agents and departments in the Zendesk Chat Help Center. |
| Legacy Agent | This is transitory role that includes all agents who have yet to be assigned to a role. For all these agents, we are maintaining the permissions they previously had on the plan you upgraded from. Also, you cannot assign agents to this transitory role. Lastly, this role will disappear after all its members have been assigned to other roles. |
| Light Agent | Light Agents are available as a Professional or Enterprise Add-on. Light agents can be CC'd on tickets, can view tickets, and can add private comments to tickets within their groups. They cannot be assigned to or edit tickets. Light agents can be given permission to view reports or they can be restricted from viewing any reports. They cannot create or edit a report. You can add an unlimited number of light agents at no charge. |
Creating custom agent roles
You can create your own agent roles or base a new role on one of the predefined agent roles. You can either edit or clone the Staff, Team Leader, and Advisor roles.
- Click the Admin icon (
) in the sidebar, then select Manage > People. - Select Roles.
All of the agent roles (predefined and custom roles, if any) are displayed.
- Locate the role you want to edit or clone, then select Edit.
- Define and create the agent role as described below in Agent permissions.
- When you've finished defining the new role, click Create Role.
- Click the Admin icon () in the sidebar, then select Manage > People.
- Select Add role.
- Enter a role name and description and then select the permissions for the role (described below).
- Click Create role.
Permissions that agents with custom roles can have
| Permissions | Description |
|---|---|
| Tickets | You can define an agent's access to tickets, the types of comments they can make, and their editing permissions.
An agent may access tickets in one of the following ways:
Note: When the role restriction “Assigned to this agent only" is applied to the agentsselected, these agents with this access permission canare able to assign tickets to any other agentss fromin their groups, but they cannot assign tickets to agents outside their groups.
Notwithstanding ticket access restrictions, CC'ing an agent (including a Light Agent) on any ticket lets the agent receive email notifications of all public and private updates to the ticket. Agents can add ticket comments in one of the following ways:
In addition, you can grant agents permission to do any of the following:
Note: In the Enterprise version, the ability to delete tickets has been moved from the Agents settings page and is now an agent-level permission.
|
| Tools | The Tools section includes access and editing permissions for views, reports, customer lists, macros, and dynamic content. One option can be selected for each.
Reports:
Views:
Customer lists:
Macros:
Note: To create or edit multiple-group macros, agents must be assigned a role with permission to add and edit global macros (not just “group” macros, which will limit them to single-group macros).
Selecting Can access dynamic content enables the agent to review, add, and edit dynamic content. |
| People | You can define an agent's access to users and user profiles. One option can be selected for each.
Viewing and editing end-user profiles:
Newly-created users will automatically be assigned to the agent's organization. End-user editing rights enables the agent to verify end-users. Only administrators can change a user's role. Browsing and searching for users:
Selecting Can add or modify groups and organizations enables an agent to create and edit groups and organizations for users. This option is only available when Add, edit, and delete all is selected for view in and editing end-user profiles. |
| Guide (if Guide is enabled) | You can decide the level of permission agents should have.
When this option is selected, agents in this role have Guide Manager permissions. When this option is not selected, agents in this role have Guide vViewer permissions. For more information, see Understanding Guide roles. When this setting is not selected, it does not necessarily mean that agents can't add and edit articles and posts. Permission to add and edit articles is determined by user management permissions set on each article (see Setting agent editing and publishing permissions on articles). Permission to add and edit posts is set at the topic level and applies to all posts in the topic (see Allowing agents to add or edit posts in community topics). Note: When this setting is not selected, it does not necessarily mean that agents can't add and edit articles and posts. Permission to add and edit articles is set at the section level in the knowledge base (see Allowing agents to add or edit articles) and at the topic level in the community (see Allowing agents to add or edit posts in community topics).
|
| Channels | Depending on the channels that have been enabled for your account, agents may also be allowed to do any of the following:
|
| System |
The following two options allow the agent to create and edit triggers, automations, and SLA targets and to manage channels and extensions.
Channels are modes of communication such as chat, email, and Twitter. Extensions includes integrations and widgets. |
Permissions that agents with custom roles can't have
There are some permissions that are available to admins that you can't assign to agents with custom roles. For example:
- Create or edit other agent or admin profiles
- Install apps
- Change a user's role
- Create custom agent roles (Enterprise plan only)
- Bulk import orgs or users
- Delete call recordings from tickets
- Assume other agents
- Edit subscriptions (including trials)
- Access Admin Center
For more information about agent and admin permissions, see Understanding Zendesk Support user roles.
Assigning custom roles to agents
You can assign a role to an agent by editing their profile, or you can assign a role to multiple agents at the same time.
To change the role of a single agent
- Click the Admin icon () in the sidebar, select People, and then click the link to browse agents.
- Click Edit next to the agent's name.
- In the agent's profile, click the Role field and select a role.
In the following example, the agent is assigned a custom role called Forum Moderator.
The change is saved immediately.
To change the role of more than one agent
- Click the Admin icon () in the sidebar, select People, and then click the link to browse agents.
- Select the checkbox next to the names of the agents you want to update and click the Change Role link at the top of the list.
- Select the role, then click Submit.
31 Comments
So if we don't have the Enterprise edition there is no way for an Agent to have the ability to edit organization details such as a custom field for the end-user room numbers in that organization?
I don't want to have to enable administrative privileges for my agent role so that they will then be able to do the tedious job of filling in all of the room numbers for our users.
Hi,
We're on the Enterprise edition and quite happy with however Zendesk works, but I cannot understand why Light Agents cannot edit or change the properties in a ticket... whether or not they are the requester. There is nothing wrong with this and because of this limitation, we are bound to pay for an extra license each year just so internal people can assign the tickets back to the support team.
We have 6 people that are licensed (role of Staff) to reply back to the customers and the remaining 10 employees have a role of Light Agents. We escalate the ticket to these 10 employees (individually of course) through a custom field called "2nd Assignee" and then through views etc they can see the escalated tickets to them.
Because of this Light Agent limitation, they need to log in with a licensed account so that they can change the "2nd Assignee" back to the support person that owns the ticket... which to avoid wasting time, they always log in with the licensed account instead of their own account.
I have also tried to create a custom role which is identical to the Light Agent role, with the exception that I have checked the box on "Can edit ticket properties", but when I try to change the role of a Light Agent to this new custom Role, I get a notification that I need to buy more licenses :|
Hi Leon!
Light Agents were created so that people who don't need to actually interact with tickets or customers can still be looped into conversations internally, and keep an eye on things as needed. Because you're not actually paying for them to access Zendesk, their permissions are very limited.
If you have Light Agents who need to be a part of a workflow like what you're describing you'll need to purchase additional licenses for their use, or tweak your processes so that Light Agents don't need to perform these advanced functions.
I also should point out that having multiple people using the same login to use Zendesk is a violation of our terms of service. You can review those here if you need a refresher.
Oh :| I see... must have skipped that section in the T&C then :)
OK, i'll try to tweak around this in a different way without infringing any terms of service.
Thanks for the heads up!
We have very recently noticed that Agents are able to assign to Light Agents, despite this article stating otherwise.We have figured out this is happening by clicking the "assign" button next to the Light Agents name in the comment section. The system then assigns the ticket to that Light Agent, then when the ticket is open again the system seems to correct itself and wipes the Light Agent as assignee leaving the ticket unassigned and lost in the ether. How do I stop this?
Hi Heather!
This definitely doesn't sound right to me, but I think we'll need to do more troubleshooting. I'm going to get a ticket opened up for your so our Support team can take a look for you! YOu'll be getting an email from me shortly.
Hi Jessie,
Something changed overnight and our agents that had Guide editing permissions don't any longer.
Under the agents account they don't have a role selected, the group is set, Access is all tickets, Comments are set and Guide is Manager.
Is the issue above causing our issue?
Thanks,
Greg
We figured it out Jessie.
Hey, Orchestra Support! I'm glad you got it sorted out!
ZD Team,
We really need to separate the permissions for Groups and Organizations, and separate permissions to Edit and Create.
There are many agents that would need to edit the values of custom fields on an Org, but none of them should also have permissions to create/edit Groups, which impacts all of our workflows and triggers.
Similarly, being able to keep info in an Org record up to date (flag customer temp, for example) should be a simple item that account teams can access, but I will never be able to give them permission to provision new Orgs.
This limits our use of the features of Zendesk, even with Enterprise Elite plan.
Also requested here back in March with no response: https://support.zendesk.com/hc/en-us/community/posts/115001229648-Role-Permissions-for-Groups-and-Organizations
Hey Shannon -
Thanks for sharing your thoughts. Jessie responded to all of your comments on this thread.
@Jessie Schultz I like that you wrote: "Light Agents were created so that people who don't need to actually interact with tickets or customers can still be looped into conversations internally, and keep an eye on things as needed. Because you're not actually paying for them to access Zendesk, their permissions are very limited."
We actually would love to make use of Light Agents to loop in our Business Leaders so they can help us by approving work/requests or prioritization of one ticket or another without having to add them to CC on such tickets but ... when we tried the Light Agent role with our Business Leaders (Directors and VP levels) their ability to use the Help Center now Guide to submit a ticket as they did in the end user role was no longer available for them and their ALL their comments on ALL tickets they accessed (requested or cc'd on) became internal only.
It would be super if Light Agents kept their end user access in Guide to submit tickets for themselves using the end user perms and when replying to tickets from email or the Guide Web view, but when accessing the Support module they are locked to the Light Agent features. -- In Fact --- I see no reason to restrict an agent from using the Guide Ticket Submission process yet our agents are locked out from doing so... in fact it might be useful for a agent (light or other levels) to see what the end user sees from time-to-time.
As it works at the moment, we can't find a good use case for Light Agents. The only use case we came up with was possibly when outsourcing where you want the expertise for technical help but never want the outsourcing staff to interact directly with your customers. We don't outsource but we need a way for depart heads to look a current queues to help with approvals and priorities but they never really work in the tool or tickets enough to justify the agent license plus they find our web submission forms in Guide much easier to use when needing to submit a request for support for themselves.
Am I just missing something? Perhaps, Light Agents should still be able to use Guide with the same feature available to them as an end user role and it is somehow just dropping out in our instance.
Hey Susan -
That's some really great feedback, and I encourage you to post it in the Product Feedback topic in the Community, where our Product Managers can see it. Feedback posted on articles within the Knowledge Base is not reviewed by the development teams, and I think our PMs would be interested to hear your thoughts on Light Agent roles.
Hi,
can you give us a sample of create a role same as admin except that role can't create, edit and delete users..
Hi Rovi!
When you go in to create the role, you'd just give that role all the available permissions except for the ones pertaining to people:
Hi Jessie,
some of the feature are not allowed.. like satisfaction on reports...
Hey Rovi,
I'm sorry, I'm not sure I understand what you're asking here.
Here.. this one is missing when we try to assign some using custom role... administrator have satisfaction report...
Hi Rovi,
The purpose of the administrator role is to have people in Zendesk who can do everything the account owner can do (aside from anything billing related). Certain permissions are ONLY available for admins. If you want any role to not be able to do a certain thing, the only option you have to is create a custom role that restricts them from doing that thing. However, since it's not possible to create a custom role with admin-level permissions, there will be certain things that these custom roles can't do. Apologies if that wasn't clear at the start!
Note: In order to create or edit multiple-group macros, agents must be assigned a role with permission to add and edit global macros (not just “group” macros, which will limit them to single-group macros).
The above significantly reduces the value and use case of adding multiple groups to macros. I hope reworking this is highly prioritized on the road map. Additionally, Zendesk's permission scheme is becoming increasingly convoluted with each feature release. Please consider making these permissions easier and more intuitive to administer in future product releases.
Thanks for sharing your feedback on this, Charlie!
I would appreciate an additional setting regarding ticket access focusing on groups. In addition to "All within this agent's group(s)," I'd want to allow permissions to specific groups' tickets. We'd use this to allow for agents that may not work the tickets, but they may receive secondary contact from the person and would need to review/confirm it's regarding the older/other groups' tickets/same topic.
Hi Monica!
I'm not sure I understand your feedback here...do you mean that you'd like an additional setting that would allow agents to see tickets in a specific group, but not update those tickets?
Hi. Primarily, to see the tickets, but there may be instances where they submitted the ticket before finishing their processes and would need to update as well. My original thought is to allow them access to a few groups' tickets that they may interact with and disallow access to other groups' tickets where they don't interact with that group regularly.
Hey Monica!
I'm not sure how what you're describing is different the current functionality with group restrictions. Is that functionality not working for you? Can you describe how you've got things organized currently?
Hi there,
Of the above named roles, which ones require a license? What options in creating the role define whether a license is needed?
Thank you,
Martha
@Jessie
I'd like for agents to see tickets in Groups A, B, C, but not able to access the macros for Groups B, C. So I wouldn't want them to be in Groups B and C since they don't work on those tickets. A person may write in again about a ticket they had that finished with Group B, but if the agent in Group A can't see the ticket, they wouldn't know the background so it could be routed appropriately.
Hey Monica - thanks for that clarification.
There wouldn't be a way to restrict access like that. My suggestion if you need this workflow would be to create an entirely separate group for macro access.
I need agents to have access to tickets in all groups except for one, which contains privileged/sensitive information. I would very much appreciate an option under agent ticket permissions to allow or restrict access to specific groups. We recently had to adjust ticket permissions to "All within this agent's group(s)" which is a problem for us. Our workflow is far too expansive to put all agents in 59 of the 60 groups. They would be overwhelmed by the number of Macros, Views, etc. they do not need, and receiving calls for groups they do not work.
Any other suggestions to allow ticket access to all groups except one?
Hi Logan,
This is a tough one as there isn't a great solution to this. I've run into similar situations in the past and there are two options that I think you could consider:
1. Should the team with sensitive information be in the same Zendesk environment as other teams? If you have enough of a reason for teams to share access, this may be a reason to split that team into another instance.
2. You could have groups for ticket routing, and secondary groups for views/macros etc. For example if you had a Sales group that tickets route into, you could assign all of the macros, views, apps, etc to a [Sales - Configuration] Group. This would allow you to give view access to certain users without giving them all of the configuration that supports them (which is messy when you are in tons of groups). This solution is a bit of an administrative pain if this is just one person that wants to see things.
Personally, I'd love to see a feature that let someone see all tickets except for ones I designate otherwise. You can add to the conversation on a feature like this here: Restriction on individual tickets or groups
Please sign in to leave a comment.