On Enterprise plans, you can define your own agent roles and assign agents to those roles. This allows you to define agent roles that suit your own organizational structure and workflow.
Admins and agents in custom roles with permission can create and assign custom roles. However, agents can't modify their own role assignments or permissions or manage admin roles.
This article contains the following topics:
Related articles
Creating custom agent roles
You can create your own agent roles or base a new role on a native role that is predefined for you. You can either edit or clone most existing non-admin roles, or create a new role from scratch. You can create a maximum of 197 custom roles for your account. Each of your custom roles must have a unique name that isn’t too similar to the names of existing roles, such as Admin or Administrator.
- In Admin Center, click People in the sidebar, then select Team > Roles.
- Click Create role. Alternatively, you can copy an existing role for your new role. Hover over the row of the role you want to clone, then click the options icon () and select Clone.
- Enter a unique Name and Description for the role.
The name must not be too similar to the name of existing roles, such as Admin or Administrator.
- Define and create the agent role as described in Permissions that agents with custom roles can have.
- When you've finished defining the new role, click Save.
Permissions that agents with custom roles can have
When creating custom agent roles, you choose from an extensive list of permissions that define what agents can do.
Permissions | Description |
---|---|
Tickets |
You can define an agent's access to tickets, the types of comments they can make, and their editing permissions. An agent may access tickets that aren't suspended in one of the following ways:
Notwithstanding ticket access restrictions, cc'ing an agent (including a Light Agent) on any ticket lets the agent receive email notifications of all public and private updates to the ticket. An agent may assign tickets to brands in the following ways:
An agent may assign tickets to groups in the following ways:
An agent may manage suspended tickets in one
of the following ways:
Interacting with tickets:
Agents can add ticket comments in one of the following ways:
Additional ticket settings:
|
Custom objects | You can define an agent's access to each custom object in your
account. By default, agents don't have access to custom objects. They
can be granted any combination of the following permissions for each
custom object.
Permission to View is automatically selected if you select any other type of permission for an object. |
People |
You can define an agent's access to users and user profiles. An agent may view and edit individual end user profiles in one of the following ways:
Permissions to edit end users enables the agent to verify end users. Only admins can change an end user's role. Searching for end users:
Managing team member assignment to roles:
Managing custom agent roles:
Viewing and managing customer lists with the Customer List add-on (for accounts created prior to September 9, 2020):
Managing groups:
Managing organizations:
Other user-related permissions:
|
Channels |
Depending on the channels and admin permissions that have been
enabled for your account, agents may also be allowed to do any of
the following:
|
Agent workflow |
The Agent workflow section includes access and editing permissions for views, macros, and dynamic content. Views are predefined conditions for a collection of tickets. Agents may access views in one of the following ways:
Additional views settings:
Macros apply predefined actions to a ticket. Agents may do the following with macros:
Additional agent workflow settings:
|
Business rules |
You can decide if agents can manage business rules.
|
Security and privacy |
You can give agents security and privacy permissions when using the Advanced Data Privacy and Protection add-on. Manage deletion schedules permissions include:
|
Help center (if enabled) |
You can give agents help center permissions.
When this option is selected, agents in this role have Guide admin permissions. When this option is not selected, agents in this role have Guide viewer permissions. For more information, see Understanding Guide roles. When this setting is not selected, it does not necessarily mean that agents can't add and edit articles and posts. Permission to add and edit articles is determined by user management permissions set on each article (see Setting agent editing and publishing permissions on articles). Permission to add and edit posts is set at the topic level and applies to all posts in the topic (see Allowing agents to add or edit posts in community topics). |
Analytics (if Explore is enabled) |
If Explore is enabled, you can configure the level of access that agents have to analytics in Explore, Support, and Talk.
Explore permissions
For additional details, see Giving users access to Explore.
Reports permissions (in Support):
View Talk dashboard
|
Permissions that agents with custom roles can't have
There are some permissions that are available to admins that you can't assign to agents with custom roles. For example:
- Create or edit other agent or admin profiles
- Install apps
- Change a user's role
- Create custom agent roles
- Bulk import orgs or users
- Delete call recordings from tickets
- Assume other agents
- Edit subscriptions (including trials)
- Generate and manage API tokens
For more information about agent and admin permissions, see Understanding Zendesk Support user roles.
Assigning agents to custom roles
You can assign agents to a custom role from the role's settings or from the agent's profile.
To add agents to a custom role
- In Admin Center, click People in the sidebar, then select Team > Roles.
- On the role you want to add agents to, click the options icon () and select Edit.
A detailed view of the custom role's settings is displayed. A list of team members in this role is visible in a panel on the right.
- Click the Actions menu, then Assign role.
The Assign role window is displayed.
- In the Select team members field, select a team member from the list or
search for a team member’s name and select it from the search results.
To add additional team members, search again and select another team member.
To remove an agent from the Select team members field, click the x next to their name.
- Click Assign role.
An updated list of agents in the role is displayed on the role settings page.
50 comments
john_weng 翁維澤
Hi I'm using Professional now, but is interested in Enterprise plan.
About Analytics (if Explore is enabled)
May I know what's the different between "Explore permissions" and "Reports tool in Support"?
1
Josh
Thank you for reaching out to us.
Explore Permission means features available for Zendesk Explore (if available). While Reports tool in Support is just a basic overview.
Zendesk Explore is the latest reporting tool we have where in you can create custom reports and check default reports for your account.
1
Clayful
Hi! How can I set up a role that provides access to the chat product?
I set up the role to have these permissions but the chat box (below) remains unchecked. I need to provision accounts to new agents in bulk (through Rippling) and need to be able to provide access to the Chat product as a default.
Thanks!
0
DJ Buenavista Jr.
Thank you for reaching out to Zendesk Support.
In regards to your concern, you can create custom roles for Zendesk Chat from the Chat dashboard itself, and go into Settings > Roles. It's separate from the custom role that you have created for Support, Guide, and Talk.
Kindly check the screenshot above on where you can access the following. Make sure that you are in the Zendesk Chat page/product. You can go there by clicking the Zendesk product icon from the upper right and then selecting Chat. You will be redirected to the Chat dashboard/page, and from there go to Settings, and you will be able to see the Roles option.
Thank you and have a wonderful day ahead!
Kind regards,
0
Allen Lai | Head of CX at Otter.ai
I'd like to create a custom role similar to a Light Agent, where they won't use up a license. Which permissions do not constitute an agent and therefore will not use up a license? Thanks!
4
Vitor Leepkaln
Hi @...,
I have the same question as Maria, and would love to get your input.
We're also looking to automate the user creation process and currently chat comes disabled for all new Support users and we'd like to change that. Is my understanding that needs to be setup from the Chat custom roles side rather than the Support side? Similarly to Maria's, our users are coming with Explore and Guide enabled by default, but Chat doesn't.
Thank you!
0
Darenne
Hi Allen Lai | Head of CX at Otter.ai,
We understand that you wish to create a custom role similar to a Light agent. However, the Light Agent role is a special role that cannot be replicated or cloned. This is why when you created a custom role, it treats it as a full agent unlike a light agent. Unfortunately, this is hardcoded in the system and we are unable to create another role type similar to Light Agents.
0
Marvin Fuerst
Hello,
I would like to restrict agents from adding tags manually but still have macros apply tags. Is there any configuration that would let us implement this?
Thank you!
4
Диана Зубок
Hi team,
I have the same question as Marvin and would love to get your input.
0
William Grote
Since you cant create a custom role or clone Light Agent role, is there anyway to have certain light agent 'groups' belong to other groups, to make management of ticket visibility easier, rather than setting access one person / one group, at a time?
0
Dane
Hi Marvin Fuerst and Диана Зубок,
This is a note from Enabling and disabling ticket tags.
As it turns out, it's only possible via API.
Hi William,
Upon checking, a support ticket has already been created for this concern. Based on the recommendation, nesting group is not yet available in Zendesk. You can still check our Marketplace for any apps with the similar capability.
0
Jay Fallon
Hello,
I am interested in an option where we can give macro view access to our agents. To my knowledge this is not an option without enabling them to create/edit/publish macros. The problem I am trying to solve is to have a way for the agents to search existing macros and view the copy within them. Currently, we house a separate libarary in Confluence to address this. Any assistance would be great.
Thanks!
10
Brett Bowser
I'm afraid there's no way to accomplish what you're looking for without giving agents the ability to create/edit/publish macros.
I would recommend creating a feedback post in our Feedback - Ticketing System (Support) for our Product Managers to review.
Thanks for taking the time to share this with us!
0
Chin Sin
Hi Zendesk team,
Is there a way to create a service account? This service account is used only for API calls and cannot be used to login.
Regards,
Chin Sin
0
Jupete Manitas
Natively, there is no service account for API purposes. In Zendesk, you must be a certified user (agent/admin) when using the API and the best practice would be to create a one agent seat or service seat. For example, your use case is for integration, for each integration, we would then recommend generating an individual Token or OAuth per the requirements of the App/Integration.
More details are described here for your reference: How can I authenticate API requests?
Thank you!
0
James Ratcliffe
Hi,
I don't see these two permissions on my account:
I do see Manage user fields and Manage organization fields. Is this normal?
Thanks,
James
0
Gabriel Manlapig
I can confirm that the permissions to manage group or organizations, including assigning users to organizations is baked in the "Can add or modify groups & organizations" permission setting:
I do understand how the documentation can be confusing so let me take that up with our relevant internal teams here so they can look further into it. Thanks.
0
Rayella Bergman
Hello, is there a way to give access to the Apps and integrations menu? More granularly, I would like to grant API access.
0
Christine
Depending on the channels that have been enabled for your account, agents may also be allowed to do any of the following:
Manage channels and extensions: Manage channels including email, social messaging apps, and other modes of communication. Extensions include targets, webhooks, and integrations.
You can enable this permission under Channels > Manage channels and permissions.
Just note that custom roles don't have permissions to the following: Install apps, as outlined in our article: Permissions that agents with custom roles can't have.
0
Rayella Bergman
I do have this enabled but it still doesn't appear to grant API access. How can I enable that?
0
Christine
Verified users can make API requests, this would depend on what type of update they're trying to make (depending on the permissions on their roles) but basically, if they need to update the ticket, user, etc. they should be able to do so as long as they're authenticated users. See How can I authenticate API requests?
If you are referring to the API page in the Admin Center, only the account owner and Zendesk admins have access to this page. Although it is not something you can enable/allow in custom role permissions, users can still make requests via API.
0
Rayella Bergman
Thank you!
0
Steven Aranaga
If I clone the Light Agent role and make no changes to the permissions, then assign someone to the role, it consumes a full agent license. Why is that?
I have employees that I want light agents and can see all tickets, then I have partners that will be light agents but should only see orgs they are a part of.
I can't do that if restricted to the one role.
1
Michelle Kettleborough
Is there any way to delete a role? We have some that have become redundant over the years.
0
Gabriel Manlapig
Yes, this is actually expected since all cloned roles will be considered custom-roles. Only system-created "Light Agent" roles will allow you to create and add users without taking one of your agent seats. Any user within a custom-role would require an agent seat.
I hope this answers your question. Thank you!
0
Darren Taylor
Is there any way to give an agent read-only access to another group's tickets?
1
Gabriel Manlapig
I'm afraid, there is no option for you to have full access to one group, but only viewing access to another group. Once you are in a group, you will have access to the tickets and be able to modify it.
The only role that has viewing permission for tickets is Light Agents. But, they can add internal notes which in your case would not be useful due to the fact that you want these specific agents to only have read-only access to another group's tickets.
I can imagine, that this is not the answer that you have been looking for, therefore I would recommend you to leave Feedback in our Community. Our Teams are frequently looking through the posts in order to get ideas on future additions to the Software. The more a votes a post gets, the higher the chance that the feature will be added in the future.
0
Darren Taylor
Thanks Gabriel.
Light agent would work, but I don't think we have access to it on our Enterprise plan.
0
Rajeswara Rao Devavarapu
Hello All,
Can we create ReadOnly custom role in Zendesk. So that users who are assigned to this role can only have the read access to all the modules.
Thanks,
Rajesh
0
Mike Lenehan
Hello Zendesk,
I'm not seeing a way to enable custom role which includes ability to add tags to Organization. Can only Admins do this?
0