Creating custom roles and assigning agents (Enterprise) Follow

enterprise plan

In the Enterprise version of Zendesk Support, you can define your own agent roles and assign those roles to any Support agent. This allows you to define agent roles that suit your own organizational structure and workflow.

This article covers the following topics:

Understanding the predefined Enterprise agent roles

Zendesk Support also offers a number of predefined agent roles that reflect typical Zendesk Support Enterprise roles. You can use these agent roles as is or clone them and create variations to suit your needs. Or, you can create your own agent roles.
Table 1. Predefined agent roles
Agent role Description
Legacy Agent This is transitory role that includes all agents who have yet to be assigned to a role. For all these agents, we are maintaining the permissions they previously had on the plan you upgraded from. Also, you cannot assign agents to this transitory role. Lastly, this role will disappear after all its members have been assigned to other roles.  
Light Agent Light Agents are available as a Professional or Enterprise Add-on. Light agents can be CC'd on tickets, can view tickets, and can add private comments to tickets within their groups. They cannot be assigned to or edit tickets. Light agents can be given permission to view reports or they can be restricted from viewing any reports. They cannot create or edit a report. You can add an unlimited number of light agents at no charge.  
Staff A Staff agent's primary role is to solve tickets. They can edit tickets within their groups, view reports, and add or edit personal views and macros.  
Team Leader Team leaders have greater access to your Zendesk than staff agents. They can read and edit all tickets, moderate forums, and create and edit end-users, groups, and organizations.  
Advisor Advisors manage the workflow and configure your Zendesk. They create or manage shared automations, macros, triggers, and views. They also set up the service level agreements, channels, and extensions. Advisors don't solve tickets, they can only make private comments.  
Administrator Administrators have control over everything within your Zendesk, except for changing billing information or payment plans (that can only be done by the account owner).  

Creating custom agent roles

You can create your own agent roles or base a new role on one of the predefined agent roles. You can either edit or clone the Staff, Team Leader, and Advisor roles.

To create a new agent role from a predefined role
  1. Click the Admin icon () in the sidebar, then select Manage > People.
  2. Select Roles.

    All of the agent roles (predefined and custom roles, if any) are displayed.

  3. Locate the role you want to edit or clone, then select Edit.
  4. Define and create the agent role as described below in Agent permissions.
  5. When you've finished defining the new role, click Create Role.
To add a new custom agent role
  1. Click the Admin icon () in the sidebar, then select Manage > People.
  2. Select Add role.

  3. Enter a role name and description and then select the permissions for the role (described below).
  4. Click Create role.

Agent permissions

When creating custom agent roles, you choose from an extensive list of permissions that define what agents can do.
Permissions Description
Tickets You can define an agent's access to tickets, the types of comments they can make, and their editing permissions.

An agent may access tickets in one of the following ways:

  • Assigned to this agent only
  • Requested by users in this agent's organization
  • All within this agent's group(s)
  • All, including suspended tickets

Notwithstanding ticket access restrictions, CC'ing an agent (including a Light Agent) on any ticket lets the agent receive email notifications of all public and private updates to the ticket.

Agents can add ticket comments in one of the following ways:

  • Private only
  • Public and private

In addition, you can grant agents permission to do any of the following:

  • Can edit ticket properties
  • Can delete tickets
  • Can merge tickets
  • Can edit ticket tags
Note: In the Enterprise version, the ability to delete tickets has been moved from the Agents settings page and is now an agent-level permission.
Tools The Tools section includes access and editing permissions for views, reports, customer lists, macros, and dynamic content. One option can be selected for each.


  • Cannot view
  • Can view only
  • Can view, add and edit


  • Play views only
  • See views only
  • Add and edit personal views
  • Add and edit personal and group views
  • Add and edit personal, group and global views
Customer lists:
  • See customer lists only
  • Add and edit personal customer lists
  • Add and edit personal and group customer lists
  • Add and edit personal, group, and global customer lists


  • Cannot add or edit
  • Can add and edit personal macros
  • Add and edit personal and group macros
  • Add and edit personal, group and global macros

Selecting Can access dynamic content enables the agent to review, add, and edit dynamic content.

People You can define an agent's access to users and user profiles. One option can be selected for each.

Viewing and editing end-user profiles:

  • Read only
  • Add and edit within their organization
  • Add, edit, and delete all

End-user editing rights enables the agent to verify end-users. Only administrators can change a user's role.

Browsing and searching for users:
  • Cannot browse or search for users
  • Can view all users in your account

Selecting Can add or modify groups and organizations enables an agent to create and edit groups and organizations for users. This option is only available when Add, edit, and delete all is selected for view in and editing end-user profiles.

Help Center (if Help Center is enabled) You can decide the level of Help Center permission agents should have.
  • Can manage Help Center

When this option is selected, agents in this role have Help Center manager permissions. When this option is not selected, agents in this role have Help Center viewer permissions.

Note: When this setting is not selected, it does not necessarily mean that agents can't add and edit articles and posts. Permission to add and edit articles is set at the section level in the knowledge base (see Allowing agents to add or edit articles) and at the topic level in the community (see Allowing agents to add or edit posts in community topics).
Forums (if Web portal is enabled)

You can set viewing and editing of forums to one of the following:

  • Add topics in unrestricted forums only
  • Add and edit topics in all forums (moderator)
  • Add, edit and reorder all forums content

All forums content includes comments, topics, forums, and categories.

Selecting Can access organization-restricted forums allows the agent to access and edit forums restricted to an organization.

Channels Depending on the channels that have been enabled for your account, agents may also be allowed to do any of the following:
  • Can answer chat requests
  • Can access Twitter functionality
  • Can answer phone calls

The following two options allow the agent to create and edit triggers, automations, and SLA targets and to manage channels and extensions.

  • Can manage business rules
  • Can manage channels and extensions

Channels are modes of communication such as chat, email, and Twitter. Extensions includes integrations and widgets.

Assigning custom roles to agents

You can assign a role to an agent by editing their profile, or you can assign a role to multiple agents at the same time.

To change the role of a single agent

  1. Click the Admin icon () in the sidebar, select People, and then click the link to browse agents.
  2. Click Edit next to the agent's name.
  3. In the agent's profile, click the Role field and select a role.

    In the following example, the agent is assigned a custom role called Forum Moderator.

The change is saved immediately.

To change the role of more than one agent

  1. Click the Admin icon () in the sidebar, select People, and then click the link to browse agents.
  2. Select the checkbox next to the names of the agents you want to update and click the Change Role link at the top of the list.

  3. Select the role, then click Submit.

Have more questions? Submit a request


  • 0

    What permissions should 'light agents' have in the forums?  I'm not seeing any ability to do anything with a light agent in the forum when I assume one of our assigned users that that role.

  • 0

    @TJ,  Light agents cannot create topics in forums which are public (open to end-users) unless end-users can also create topics in there.  However, they can access forums which are private (only open to agent and not to end-users).  On each private forum, you can enable any agent to create topics.

  • 0

    Thanks for explaining Pierre.

    Any chance that a light agent might someday be able to do things like the 'moderator' actions in the forums?

  • 0

    Ah, that is a good one.  We currently do not have any plans to enable moderation permissions for light agents.  However, we have been asked this question more and more since launching the Enterprise plan.  Hope this helps.

  • 0

    Thanks again Pierre.

    Would be great to see such an ability for light agents :)


  • 0

    Guys, the fix for the #1 issue above (Light agents will appear in the "Assignee" drop-down on a ticket page) is currently in QA and will go out on Aug. 18 (instead of Aug. 11).

  • 0

    Besides being able to view reports, I don't see "Light Agents" as being any different than an end-user who is simply CC'ed on a ticket.

    Am I missing something?

  • 0

    @Johnny...  there are other differences that are more subtle.  For instance, light agents are able to make private comments on tickets within their group.  Also, they can see all ticket properties such as status, custom fields, comment thread, events/notification log.  Furthermore, light agents can access internal content on the forums.  Actually, besides the fact that they cannot be assigned to a ticket, a light agent's permission is similar to a group-restricted agent on any of Plus/Regular/Stater.

  • 0

    Thanks for the information Pierre. What was the intended purpose of a Light Agent? They seem more like collaborators than agents per se.

    Right now I'm on a Plus+ account and successfully using Zendesk as an internal ticketing system for jobs assigned to my design department. I would love to have our other departments use Zendesk as my department does, but if I have to add everyone as an Agent (about 20 employees total), it's going to cost us an additional $24K per year!

    Could Light Agents help me in this situation so we're not breaking the bank?

  • 0

    @Johnny, yes they are like collaborators.  As you know, light agents are free of charge and only available on Enterprise.  Not sure about your use case but since you are in the design business, which tends to be more interactive, then I think light agents might be a good match.  I will have someone follow-up with you to answer your questions.

  • 0

    I have just been able to assign a ticket to a light agent where I couldn't before. Will this now be possible going forward. If so - great new feature :-)

  • 0

    @Sam, unfortunately, this is a bug.  Thank you for reporting it; this is very honest of you to do so :)

  • 0

    So my company is currently on the Plus plan and uses Zendesk for our IT department. We would like to add Maintenance, Purchasing, etc. to the helpdesk but do not want Maintenance/Purchasing to see IT tickets.

    It sounds like roles would allow me to limit each group to only have access to their tickets. Is that correct? So I could just add new groups/agents to the Zendesk and they would each only have visibility to the tickets they are assigned to?

  • 0

    @Summer, Yes, you could do this with roles *or* with restricted agents on the Plus+ plan.  In either case, you would create groups and then restrict the agents such that they could only see tickets within their own groups.  (You will need either someone with access to all tickets to assign, or a series of triggers & automations to move tickets to their correct places!) 

  • 0

    Guys, the fix for the #1 issue above (Light agents will appear in the "Assignee" drop-down on a ticket page) has not been deployed as planned on Aug. 18.  We decided to pull it out of the release after it was causing other issues on the ticket page.  I will post more information as soon as possible.

  • 0

    I had expected to be able to notify light agents via a trigger/automation. Unfortunately the light agents don't appear in the list. Any chance that might be changed or can you share thoughts on why you Zendesk isn't allowing the functionality of the "email user" for that class of agent.

  • 0

    @Devenie: Please refer back to the ticket you submitted, that is indeed a bug. 

  • 0

    What is the difference between a light agent and an administrator, staff, etc. with regards to the search function?  If I search as administrator for a client name, I see many more results than when I do the same search assuming the identity of a light agent (113:42, 69:19, etc). I thought light agent access would help other departments prep for client calls, but I need to understand what they are and aren't seeing. Thanks!

  • 0

    Molly, the search results are dependent on the agent's permissions.  Light agents are restricted so that they will see the following information in the search results:

    • Relevant forums topics

    • Organization names

    • Any tickets which belongs to a group where the light agent is a member of.

    So this implies that a light agent will not see group information or tickets which are unaccessible by him/her.

    Looking at your use case, it seems you have 2 options:

    1) Make the light agent a member of all groups

    2) Map an Organization to a Group, and make the appropriate agent part of that group.

    Hope this helps,


  • 0

    If I am reading this article correctly, there is no exact equivalent for the Plus plan "Agent" in Enterprise? It reads like "Staff" is a step below (not able to access all groups' tickets) and "Team Leader" is a step above.

    Am I understanding that correctly?

  • 0

    @Michael... you can recreate any Plus+ agents on Enterprise by creating a custom role.  "Staff" and "Team Leader" are only pre-defined roles for your convenience.

  • 0

    @Pierre - thanks for pointing that out! Obviously, I completely missed it.

  • 0

    @Pierre, thanks for the info.  I still confused though, because right now, we have only one group, so all light agents should see all tickets in that group, right?  I want to understand why their search results are different before I add more groups and confuse the issue even further. Thanks for your help.

  • 0

    Hi, Molly - If you have just one group your light agents should see all tickets, since there won't be any tickets that aren't assigned to this group. I just set up a ticket so we can take a look and see what might be going wrong in this case. Thanks!

  • 0

    We just moved from ZD+ to Enterprise, and yesterday I switched all our legacy agent rolls to "staff", and one "team lead".

    Here are some roll-based problems we had:

    1. Staff lost the ability to see all tickets. I got contacted by our team lead that some agents could no longer see some tickets. Now, I understand that 'staff' get defaulted to "Can see all tickets within this agent's group" and I can fix it if I want, but I recommend that you alert your customers converting "agents" to "staff" that this is going to happen.
    2. Loss of "assume identity" functionality - all my staff (inc'l team lead) lost the ability to assume identity. I consider this to be a pretty fundamental troubleshooting tool, but you limit access to it to Admins only. I now have to make our team lead back into an admin, just so he can get this feature. You should make this a configurable feature in the "People" section of roll editing and configuration, and the 'team lead' roll should default to it. I've make a mockup of that here:

    Thanks for listening

  • 0

    Is there any way to read an Agent's "custom-role" from the API?  I know we can set this, as documented here: - but I am not sure how to read the role assigned to the agent.

  • 0


    On item 1... noted. I'll see if we can make that clearer. 

    On item 2... If you select any of the three edit options for the People permission, your agents can assume end-users. "End-user editing rights enable the agent to verify and assume end-users." Is that not working for you? 

  • 0


    You'll be able to do that via the API very soon. I'll post here as soon as it's been deployed. 

  • 0

    By default Light Agents have the ability to update their own account password via the Profile/Actions/Change Password function.  As we are using Remote Authentication/SSO we have switched off the ability for users to update their own passwords.  I have attempted to update the light agent role to restrict this agent type from updating their own password with no success.  Is there a way to switch the ability off for agents to edit their passwords when using SSO?

  • 0

    Our client is on the Enterprise Plan by the way...

Powered by Zendesk