Sunshine custom objects allow you to create objects records based on a blueprint for an object type in Zendesk. You can control access to your custom objects by defining roles-based access control policies. You can define role-based access control policies for your custom objects as you create them, or by editing existing objects.
These policies define the permissions of agents and end users for object records and relationship records. The permissions include the ability to create, read, update, or delete object records and relationship records. Administrators always have full permissions.
This topic provides examples of role-based access control policies and shows you how to set permissions in Admin Center.
This article contains the following sections:
Related articles
Examples of setting permissions
For example your developer wants to build a Zendesk app for your agents to manage rental properties from within Zendesk. You want to make sure that your agents can update and read existing records, but you don't want them to be able to delete or add new records. In this case you'd set up these agent permissions:
| Permission | Enabled |
|---|---|
| Create | No |
| Read | Yes |
| Update | Yes |
| Delete | No |
Another example is that you want to integrate information about the rental properties into your Help Center. In this case you'd want to make sure that end users can read information about the rental properties, but that they can't create, update or delete the records. You would set these end user permissions:
| Permission | Enabled |
|---|---|
| Create | No |
| Read | Yes |
| Update | No |
| Delete | No |
Setting roles and permissions for objects
When creating an object you can set permissions once you have saved the object schema. Once you've saved the object schema you can see a set of default permissions in the Permissions tab. The default permissions for an object provide full permissions (create, read, update, or delete) to agents, and no permission to end users.
To set the roles and permissions for a custom object
- In Admin Center, click the Objects and rules icon (
) in the sidebar, then select Custom objects > Objects. - Click Add object type or select an existing object to edit.
- Click the Permissions tab.
- Select the Agents or End users role to define permissions.
- In the Agents or End users panel, select the permissions you want enabled for agents or end users.
Choices are: Create, Read, Update, and Delete.
- Click Save.
You receive a message that the object is saved, and can see the updated permissions in the table.
5 Comments
Hi there,
one question regarding allowing end users to access custom objects...
How is it handled that end-users can only access their "own" data?
Is the object-relation between custom object and user taken into account here?
I.e. we want to enable an end user to change his "preferred_car":
Custom object: "preferred_car"
Permission-Agent: CRUD
Permission-EndUser: read+update only
Relation 1to1 (zen:User -> "preferred car")
Thanks a lot
Hi Robert Cwicinski! What I think you're asking is how/if we are allowing end users to update their records and only their records. If that is correct, you did identify the steps that you need to take...you first create the relationship schema (with the source/target being `zen:user`), then modify the permissions for RU. Since each object created with that relationship must be tied to a user, there will always have to be someone associated with that particular record.
If I misunderstood or you need any further clarification, drop me a line here!
Who are you people and why are you taking over my life!
Zendesk is controlling my email what in the heck and who in the heck are you people! Who is my admin? What organization! Help!
Zendesk makes software that companies use to give their customers a way to contact them. Can you let us know what emails you're receiving from us? If you're on one of our email lists, we'll be happy to remove you. It may also be that you're receiving emails from the support team of one of our customers.
Please sign in to leave a comment.