Creating custom roles and assigning agents (Enterprise)

enterprise plan

In the Enterprise version of Zendesk, you can define your own agent roles and assign those roles to any agent in your Zendesk. This allows you to define agent roles that suit your own organizational structure and workflow.

This article covers the following topics:

Understanding the predefined Enterprise agent roles

Zendesk also offers a number of predefined agent roles that reflect typical enterprise support roles. You can use these agent roles as is or clone them and create variations to suit your needs. Or, you can create your own agent roles.
Table 1. Predefined agent roles
Agent roleDescription
Legacy Agent This is transitory role that includes all agents who have yet to be assigned to a role. For all these agents, we are maintaining the permissions they previously had on the plan you upgraded from. Also, you cannot assign agents to this transitory role. Lastly, this role will disappear after all its members have been assigned to other roles.  
Light Agent Light Agents are available as a Professional or Enterprise Add-on. Light agents can be CC'd on tickets, can view tickets, and can add private comments to tickets within their groups. They cannot be assigned to or edit tickets. Light agents can be given permission to view reports or they can be restricted from viewing any reports. They cannot create or edit a report. You can add an unlimited number of light agents at no charge.  
Staff A Staff agent's primary role is to solve tickets. They can edit tickets within their groups, view reports, and add or edit personal views and macros.  
Team Leader Team leaders have greater access to your Zendesk than staff agents. They can read and edit all tickets, moderate forums, and create and edit end-users, groups, and organizations.  
Advisor Advisors manage the workflow and configure your Zendesk. They create or manage shared automations, macros, triggers, and views. They also set up the service level agreements, channels, and extensions. Advisors don't solve tickets, they can only make private comments.  
Administrator Administrators have control over everything within your Zendesk, except for changing billing information or payment plans (that can only be done by the account owner).  

Creating custom agent roles

You can create your own agent roles or base a new role on one of the predefined agent roles. You can either edit or clone the Staff, Team Leader, and Advisor roles.

To create a new agent role from a predefined role
  1. Click the Admin icon () in the sidebar, then select Manage > People.
    Zendesk Classic: Select the Manage menu, then select People.
  2. Select Roles.

    All of the agent roles (predefined and custom roles, if any) are displayed.

  3. Locate the role you want to edit or clone, then select Edit.
  4. Define and create the agent role as described below in Agent permissions.
  5. When you've finished defining the new role, click Create Role.
To add a new custom agent role
  1. Click the Admin icon () in the sidebar, then select Manage > People.
    Zendesk Classic: Select the Manage menu, then select People.
  2. Select Add role.

  3. Enter a role name and description and then select the permissions for the role (described below).
  4. Click Create role.

Agent permissions

When creating custom agent roles, you choose from an extensive list of permissions that define what agents can do.
Tickets You can define an agent's access to tickets, the types of comments they can make, and their editing permissions.

An agent may access tickets in one of the following ways:

  • Assigned to this agent only
  • Requested by users in this agent's organization
  • All within this agent's group(s)
  • All, including suspended tickets

Notwithstanding ticket access restrictions, CC'ing an agent (including a Light Agent) on any ticket lets the agent receive email notifications of all public and private updates to the ticket.

Agents can add ticket comments in one of the following ways:

  • Private only
  • Public and private

In addition, you can grant agents permission to do any of the following:

  • Can edit ticket properties
  • Can delete tickets
  • Can merge tickets
  • Can edit ticket tags
  • Can assign tickets to any group
Note: In the Enterprise version, the ability to delete tickets has been moved from the Agents settings page and is now an agent-level permission.
Tools The Tools section includes access and editing permissions for views, reports, customer lists, macros, and dynamic content. One option can be selected for each.


  • Cannot view
  • Can view only
  • Can view, add and edit


  • Play views only
  • See views only
  • Add and edit personal views
  • Add and edit personal and group views
  • Add and edit personal, group and global views
Customer lists:
  • See customer lists only
  • Add and edit personal customer lists
  • Add and edit personal and group customer lists
  • Add and edit personal, group, and global customer lists


  • Cannot add or edit
  • Can add and edit personal macros
  • Add and edit personal and group macros
  • Add and edit personal, group and global macros

Selecting Can access dynamic content enables the agent to review, add, and edit dynamic content.

People You can define an agent's access to users and user profiles. One option can be selected for each.

Viewing and editing end-user profiles:

  • Read only
  • Add and edit within their organization
  • Add, edit, and delete all

End-user editing rights enables the agent to verify end-users. Only administrators can change a user's role.

Browsing and searching for users:
  • Cannot browse or search for users
  • Can view all users in your account

Selecting Can add or modify groups and organizations enables an agent to create and edit groups and organizations for users. This option is only available when Add, edit, and delete all is selected for view in and editing end-user profiles.

Help Center (if Help Center is enabled) You can decide the level of Help Center permission agents should have.
  • Can manage Help Center

When this option is selected, agents in this role have Help Center manager permissions. When this option is not selected, agents in this role have Help Center viewer permissions.


Note: When this setting is not selected, it does not necessarily mean that agents can't add and edit articles and posts. Permission to add and edit articles is set at the section level in the knowledge base (see Allowing agents to add or edit articles) and at the topic level in the community (see Allowing agents to add or edit posts in community topics).
Forums (if Web portal is enabled)

You can set viewing and editing of forums to one of the following:

  • Add topics in unrestricted forums only
  • Add and edit topics in all forums (moderator)
  • Add, edit and reorder all forums content

All forums content includes comments, topics, forums, and categories.

Selecting Can access organization-restricted forums allows the agent to access and edit forums restricted to an organization.

Channels Depending on the channels that have been enabled for your account, agents may also be allowed to do any of the following:
  • Can answer chat requests
  • Can access Twitter functionality
  • Can answer phone calls

The following two options allow the agent to create and edit triggers, automations, and SLA targets and to manage channels and extensions.

  • Can manage business rules
  • Can manage channels and extensions

Channels are modes of communication such as chat, email, and twitter. Extensions includes integrations and widgets.

Assigning custom roles to agents

You can assign a role to an agent by editing their profile, or you can assign a role to multiple agents at the same time.

To change the role of a single agent

  1. Click the Admin icon () in the sidebar, select People, and then click the link to browse agents.
    Zendesk Classic: Select the Manage menu, select People and then click the link to browse agents.
  2. Click Edit next to the agent's name.
  3. In the agent's profile, click the Role field and select a role.

    In the following example, the agent is assigned a custom role called Forum Moderator.

The change is saved immediately.

To change the role of more than one agent

  1. Click the Admin icon () in the sidebar, select People, and then click the link to browse agents.
    Zendesk Classic: Select the Manage menu, select People and then click the link to browse agents.
  2. Select the checkbox next to the names of the agents you want to update and click the Change Role link at the top of the list.

  3. Select the role, then click Submit.

Have more questions? Submit a request


  • 1


    We're on the Enterprise edition and quite happy with however Zendesk works, but I cannot understand why Light Agents cannot edit or change the properties in a ticket... whether or not they are the requester. There is nothing wrong with this and because of this limitation, we are bound to pay for an extra license each year just so internal people can assign the tickets back to the support team.

    We have 6 people that are licensed (role of Staff) to reply back to the customers and the remaining 10 employees have a role of Light Agents. We escalate the ticket to these 10 employees (individually of course) through a custom field called "2nd Assignee" and then through views etc they can see the escalated tickets to them.

    Because of this Light Agent limitation, they need to log in with a licensed account so that they can change the "2nd Assignee" back to the support person that owns the ticket... which to avoid wasting time, they always log in with the licensed account instead of their own account.

    I have also tried to create a custom role which is identical to the Light Agent role, with the exception that I have checked the box on "Can edit ticket properties", but when I try to change the role of a Light Agent to this new custom Role, I get a notification that I need to buy more licenses :|

  • 0

    Hi Jacqui, 

    1) By 'Click to Chat,' it sounds like you're asking about Zendesk Chat. There are three main components to operating Zendesk Chat. You need to enabled it in Channels > Chat, which I see you've done. You also need to add a Feedback Tab that offers end-users the option to chat, which can be done at Settings > Feedback tab. I didn't see a Feedback tab on your Help Center, so I'm not sure that you've taken that step. Finally, when everything is set up, your Agents will need to click the chat icon from the agent interface and set themselves to 'online.'

    2) An email address is required to establish an end-user profile in Zendesk, given that email notifications are how we alert end-users to ticket updates. If you've used a dummy email address and later receive an accurate email address for the end-user, you can change what's on file by pulling up the end-user profile, clicking 'add contact' and adding the second email address, then using the pulldown menu to the right of that second email address to make it primary. Once it's the primary address, you can use the same pulldown menu corresponding to the dummy email address to 'remove' it.

  • 0

    So if we don't have the Enterprise edition there is no way for an Agent to have the ability to edit organization details such as a custom field for the end-user room numbers in that organization?

    I don't want to have to enable administrative privileges for my agent role so that they will then be able to do the tedious job of filling in all of the room numbers for our users.

  • 0

    @Pierre - thanks for pointing that out! Obviously, I completely missed it.

  • 0

    Correct me if I am wrong, but I do not believe Light Agents who ARE requesters can make public comments. Is that true?

  • 0

    Hi, Molly - If you have just one group your light agents should see all tickets, since there won't be any tickets that aren't assigned to this group. I just set up a ticket so we can take a look and see what might be going wrong in this case. Thanks!

  • 0

    @Sean O'Hara, You are correct. Light Agent comments are private, even on tickets where they are the requester.

  • 0

    We just moved from ZD+ to Enterprise, and yesterday I switched all our legacy agent rolls to "staff", and one "team lead".

    Here are some roll-based problems we had:

    1. Staff lost the ability to see all tickets. I got contacted by our team lead that some agents could no longer see some tickets. Now, I understand that 'staff' get defaulted to "Can see all tickets within this agent's group" and I can fix it if I want, but I recommend that you alert your customers converting "agents" to "staff" that this is going to happen.
    2. Loss of "assume identity" functionality - all my staff (inc'l team lead) lost the ability to assume identity. I consider this to be a pretty fundamental troubleshooting tool, but you limit access to it to Admins only. I now have to make our team lead back into an admin, just so he can get this feature. You should make this a configurable feature in the "People" section of roll editing and configuration, and the 'team lead' roll should default to it. I've make a mockup of that here:

    Thanks for listening

  • 0

    I do agree with Sean that if the recipient is also the submitter that perhaps they should be able to post a public comment. I could not think of a scenario where I would not want this to happen but that does not mean that there isn't one. I think the key is to remember that an Agent can be an end-user but a light agent cannot be.

    However I think there is a workaround -- use liquid markup.

    Take a look at these two links:

    You could tag the original ticket when created in this scenario and use that tag to send a notification email when one is not normally due. You can use liquid markup to show all comments (or just the last one) no matter whether it is public or not.

    Hope this helps.


  • 0

    Is there any way to read an Agent's "custom-role" from the API?  I know we can set this, as documented here: - but I am not sure how to read the role assigned to the agent.

  • 0

    Yeah I mean it just makes sense to allow a requester of any ticket to be able to or default to, public comments.

    I totally understand the need to limit light agent functions!


    Honestly if it were "any requester can only make public comments" that would make sense to me. Obviously there are probably other use cases where a company would want them to be able to make both if requester, but for us at least, that isn't necessary.

    Cheers Adam for making me feel less crazy ;-)

  • 0

    What permissions should 'light agents' have in the forums?  I'm not seeing any ability to do anything with a light agent in the forum when I assume one of our assigned users that that role.

  • 0


    On item 1... noted. I'll see if we can make that clearer. 

    On item 2... If you select any of the three edit options for the People permission, your agents can assume end-users. "End-user editing rights enable the agent to verify and assume end-users." Is that not working for you? 

  • 0

    Anyone know of a feature request on this board for that? because it seems silly that my light agents cannot ask a question (file ticket) and others CC'd on the ticket cannot see their conversations.

    Use case: my company's President files a ticket, it's his ticket, where he is asking a question/reporting an issue. But it's private. We CC a group of team members who need to be able to hold discourse and provide feedback/input but they aren't agents.


    So when he comments originally, the ticket shows up for the other users as essentially a title with no content, and subsequent comments he makes have to be parroted by my team just to keep the ball rolling. Super inefficient.

  • 0

    Ah, that is a good one.  We currently do not have any plans to enable moderation permissions for light agents.  However, we have been asked this question more and more since launching the Enterprise plan.  Hope this helps.

  • 0


    You'll be able to do that via the API very soon. I'll post here as soon as it's been deployed. 

  • 0

    I've long been respectful of ZD's need to limit functionality on the light agent roll for obvious (to me at least if not others) business reasons.  However, Sean's request here is reasonable and logical, and I believe is just asking ZD to treat a light agent as an enduser if/when that light agent is the ticket requestor.




  • 0

    Thanks again Pierre.

    Would be great to see such an ability for light agents :)


  • 0

    Our client is on the Enterprise Plan by the way...

  • 0


    We have a problem where a lot of our users got assigned in the Help Center role as "Mangers" and now we have to manually, go to each user and change it back to "Viewer" is there a way to do this in a bulk and change ALL the users to "Viewers" because only 15 people in total should have the "Manger" role. Or any other way to get this done faster? Please help! 

  • 0

    @TJ,  Light agents cannot create topics in forums which are public (open to end-users) unless end-users can also create topics in there.  However, they can access forums which are private (only open to agent and not to end-users).  On each private forum, you can enable any agent to create topics.

  • 0

    By default Light Agents have the ability to update their own account password via the Profile/Actions/Change Password function.  As we are using Remote Authentication/SSO we have switched off the ability for users to update their own passwords.  I have attempted to update the light agent role to restrict this agent type from updating their own password with no success.  Is there a way to switch the ability off for agents to edit their passwords when using SSO?

  • 0

    Hey Juan,

    I think this may help you out. If not you can submit a support ticket and we can dig a little deeper.

    If you go to your admin panel and scroll to Manage > People > Roles > Edit  you will see this 



    Then follow these steps Manage > People > Agents and use the check boxes to bulk assign to a certain role

    Good Luck!!!

  • 0

    Thanks for explaining Pierre.

    Any chance that a light agent might someday be able to do things like the 'moderator' actions in the forums?

  • 0

    Hi Anton - I have the same issue as described by Adam at Lytro in Item 2. The  "End-user editing rights enable the agent to verify and assume end-users." only works for end-users - we would like for Team Leaders to be able to assume **Agents **without having to make them Admins. Will this be fixed?

  • 0

    Guys, the fix for the #1 issue above (Light agents will appear in the "Assignee" drop-down on a ticket page) is currently in QA and will go out on Aug. 18 (instead of Aug. 11).

  • 0

    Same point as Mathias above - giving non-admins the ability to assume agents would be great!

  • 0

    Thanks for the information Pierre. What was the intended purpose of a Light Agent? They seem more like collaborators than agents per se.

    Right now I'm on a Plus+ account and successfully using Zendesk as an internal ticketing system for jobs assigned to my design department. I would love to have our other departments use Zendesk as my department does, but if I have to add everyone as an Agent (about 20 employees total), it's going to cost us an additional $24K per year!

    Could Light Agents help me in this situation so we're not breaking the bank?

  • 0

    We really need the ability to allow light agents to post articles in restricted forums.   There are lots of staff that should be able to write for the knowledge base but don`t really need access to tickets.

  • 0

    @Johnny...  there are other differences that are more subtle.  For instance, light agents are able to make private comments on tickets within their group.  Also, they can see all ticket properties such as status, custom fields, comment thread, events/notification log.  Furthermore, light agents can access internal content on the forums.  Actually, besides the fact that they cannot be assigned to a ticket, a light agent's permission is similar to a group-restricted agent on any of Plus/Regular/Stater.

Powered by Zendesk