On Enterprise plans, you can define your own agent roles and assign agents to those roles. This allows you to define agent roles that suit your own organizational structure and workflow.
Admins and agents in custom roles with permission can create and assign custom roles. However, agents can't modify their own role assignments or permissions.
This article contains the following topics:
Creating custom agent roles
You can create your own agent roles or base a new role on a native role that is predefined for you. You can either edit or clone most existing roles, or create a new role from scratch. You can create a maximum of 197 custom roles for your account. Each of your custom roles must have a unique name that isn’t too similar to the names of existing roles, such as Admin or Administrator.
- In Admin Center, click People in the sidebar, then select Team > Roles.
- Click Create role.
Alternatively, you can copy an existing role for your new role. Hover over the row of the role you want to clone, then click the options icon () and select Clone.
- Enter a unique Name and Description for the role.
The name must not be too similar to the name of existing roles, such as Admin or Administrator.
- Define and create the agent role as described in Permissions that agents with custom roles can have.
- When you've finished defining the new role, click Save.
Permissions that agents with custom roles can have
When creating custom agent roles, you choose from an extensive list of permissions that define what agents can do.
You can define an agent's access to tickets, the types of comments they can make, and their editing permissions.
An agent may access tickets in one of the following ways:
Notwithstanding ticket access restrictions, cc'ing an agent (including a Light Agent) on any ticket lets the agent receive email notifications of all public and private updates to the ticket.
Interacting with tickets:
Agents can add ticket comments in one of the following ways:
Additional ticket settings:
You can define an agent's access to users and user profiles.
An agent may view and edit end user profiles in one of the following ways:
Permissions to edit end users enables the agent to verify end users. Only admins can change a user's role.
Viewing and managing customer lists with the Customer List add-on:
Other user-related permissions:
Depending on the channels and admin permissions that have been enabled for your account, agents may also be allowed to do any of the following:
The Agent workflow section includes access and editing permissions for views, reports, macros, and dynamic content.
Views are predefined conditions for a collection of tickets. Agents may access views in one of the following ways:
Macros apply predefined actions to a ticket. Agents may do the following with Macros:
Additional agent workflow settings:
You can decide if agents can manage business rules.
|Help center (if enabled)||
You can give agents help center permissions.
When this option is selected, agents in this role have Guide admin permissions. When this option is not selected, agents in this role have Guide viewer permissions. For more information, see Understanding Guide roles.
When this setting is not selected, it does not necessarily mean that agents can't add and edit articles and posts. Permission to add and edit articles is determined by user management permissions set on each article (see Setting agent editing and publishing permissions on articles). Permission to add and edit posts is set at the topic level and applies to all posts in the topic (see Allowing agents to add or edit posts in community topics).
|Analytics (if Explore is enabled)||
If Explore is enabled, you can configure the level of access that agents have to analytics by defining what agents can do with the Explore reports.
Explore permissions include:
Permissions for the Reports tool in Support include:
Additional Analytics settings include:
View Talk dashboard: View details about calls on the Talk dashboard.For more details, see Giving agents access to Explore.
Permissions that agents with custom roles can't have
There are some permissions that are available to admins that you can't assign to agents with custom roles. For example:
- Create or edit other agent or admin profiles
- Install apps
- Change a user's role
- Create custom agent roles
- Bulk import orgs or users
- Delete call recordings from tickets
- Assume other agents
- Edit subscriptions (including trials)
- Generate and manage API tokens
For more information about agent and admin permissions, see Understanding Zendesk Support user roles.
Assigning agents to custom roles
You can assign agents to a custom role from the role's settings or from the agent's profile.
To add agents to a custom role
- In Admin Center, click People in the sidebar, then select Team > Roles.
- On the role you want to add agents to, click the options icon () and select Edit.
A detailed view of the custom role's settings is displayed. A list of team members in this role is visible in a panel on the right.
- Click the Actions menu, then Assign role.
The Assign role window is displayed.
- In the Select team members field, select a team member from the list or
search for a team member’s name and select it from the search results.
To add additional team members, search again and select another team member.
To remove an agent from the Select team members field, click the x next to their name.
- Click Assign role.
An updated list of agents in the role is displayed on the role settings page.
Hi I'm using Professional now, but is interested in Enterprise plan.
About Analytics (if Explore is enabled)
May I know what's the different between "Explore permissions" and "Reports tool in Support"?
Thank you for reaching out to us.
Explore Permission means features available for Zendesk Explore (if available). While Reports tool in Support is just a basic overview.
Zendesk Explore is the latest reporting tool we have where in you can create custom reports and check default reports for your account.
Hi! How can I set up a role that provides access to the chat product?
I set up the role to have these permissions but the chat box (below) remains unchecked. I need to provision accounts to new agents in bulk (through Rippling) and need to be able to provide access to the Chat product as a default.
Thank you for reaching out to Zendesk Support.
In regards to your concern, you can create custom roles for Zendesk Chat from the Chat dashboard itself, and go into Settings > Roles. It's separate from the custom role that you have created for Support, Guide, and Talk.
Kindly check the screenshot above on where you can access the following. Make sure that you are in the Zendesk Chat page/product. You can go there by clicking the Zendesk product icon from the upper right and then selecting Chat. You will be redirected to the Chat dashboard/page, and from there go to Settings, and you will be able to see the Roles option.
Thank you and have a wonderful day ahead!
I'd like to create a custom role similar to a Light Agent, where they won't use up a license. Which permissions do not constitute an agent and therefore will not use up a license? Thanks!
I have the same question as Maria, and would love to get your input.
We're also looking to automate the user creation process and currently chat comes disabled for all new Support users and we'd like to change that. Is my understanding that needs to be setup from the Chat custom roles side rather than the Support side? Similarly to Maria's, our users are coming with Explore and Guide enabled by default, but Chat doesn't.
Hi Allen Lai | Head of CX, Otter.ai,
We understand that you wish to create a custom role similar to a Light agent. However, the Light Agent role is a special role that cannot be replicated or cloned. This is why when you created a custom role, it treats it as a full agent unlike a light agent. Unfortunately, this is hardcoded in the system and we are unable to create another role type similar to Light Agents.
I would like to restrict agents from adding tags manually but still have macros apply tags. Is there any configuration that would let us implement this?
I have the same question as Marvin and would love to get your input.
Since you cant create a custom role or clone Light Agent role, is there anyway to have certain light agent 'groups' belong to other groups, to make management of ticket visibility easier, rather than setting access one person / one group, at a time?
Hi Marvin Fuerst and Диана Зубок,
This is a note from Enabling and disabling ticket tags.
As it turns out, it's only possible via API.
Upon checking, a support ticket has already been created for this concern. Based on the recommendation, nesting group is not yet available in Zendesk. You can still check our Marketplace for any apps with the similar capability.
I am interested in an option where we can give macro view access to our agents. To my knowledge this is not an option without enabling them to create/edit/publish macros. The problem I am trying to solve is to have a way for the agents to search existing macros and view the copy within them. Currently, we house a separate libarary in Confluence to address this. Any assistance would be great.
I'm afraid there's no way to accomplish what you're looking for without giving agents the ability to create/edit/publish macros.
I would recommend creating a feedback post in our Feedback - Ticketing System (Support) for our Product Managers to review.
Thanks for taking the time to share this with us!
Hi Zendesk team,
Is there a way to create a service account? This service account is used only for API calls and cannot be used to login.
Natively, there is no service account for API purposes. In Zendesk, you must be a certified user (agent/admin) when using the API and the best practice would be to create a one agent seat or service seat. For example, your use case is for integration, for each integration, we would then recommend generating an individual Token or OAuth per the requirements of the App/Integration.
More details are described here for your reference: How can I authenticate API requests?
I don't see these two permissions on my account:
I do see Manage user fields and Manage organization fields. Is this normal?
I can confirm that the permissions to manage group or organizations, including assigning users to organizations is baked in the "Can add or modify groups & organizations" permission setting:
I do understand how the documentation can be confusing so let me take that up with our relevant internal teams here so they can look further into it. Thanks.
Hello, is there a way to give access to the Apps and integrations menu? More granularly, I would like to grant API access.
Depending on the channels that have been enabled for your account, agents may also be allowed to do any of the following:
Manage channels and extensions: Manage channels including email, social messaging apps, and other modes of communication. Extensions include targets, webhooks, and integrations.
You can enable this permission under Channels > Manage channels and permissions.
Just note that custom roles don't have permissions to the following: Install apps, as outlined in our article: Permissions that agents with custom roles can't have.
I do have this enabled but it still doesn't appear to grant API access. How can I enable that?
Verified users can make API requests, this would depend on what type of update they're trying to make (depending on the permissions on their roles) but basically, if they need to update the ticket, user, etc. they should be able to do so as long as they're authenticated users. See How can I authenticate API requests?
If you are referring to the API page in the Admin Center, only the account owner and Zendesk admins have access to this page. Although it is not something you can enable/allow in custom role permissions, users can still make requests via API.
If I clone the Light Agent role and make no changes to the permissions, then assign someone to the role, it consumes a full agent license. Why is that?
I have employees that I want light agents and can see all tickets, then I have partners that will be light agents but should only see orgs they are a part of.
I can't do that if restricted to the one role.
Is there any way to delete a role? We have some that have become redundant over the years.
Yes, this is actually expected since all cloned roles will be considered custom-roles. Only system-created "Light Agent" roles will allow you to create and add users without taking one of your agent seats. Any user within a custom-role would require an agent seat.
I hope this answers your question. Thank you!
Is there any way to give an agent read-only access to another group's tickets?
I'm afraid, there is no option for you to have full access to one group, but only viewing access to another group. Once you are in a group, you will have access to the tickets and be able to modify it.
The only role that has viewing permission for tickets is Light Agents. But, they can add internal notes which in your case would not be useful due to the fact that you want these specific agents to only have read-only access to another group's tickets.
I can imagine, that this is not the answer that you have been looking for, therefore I would recommend you to leave Feedback in our Community. Our Teams are frequently looking through the posts in order to get ideas on future additions to the Software. The more a votes a post gets, the higher the chance that the feature will be added in the future.
Light agent would work, but I don't think we have access to it on our Enterprise plan.
Can we create ReadOnly custom role in Zendesk. So that users who are assigned to this role can only have the read access to all the modules.
I'm not seeing a way to enable custom role which includes ability to add tags to Organization. Can only Admins do this?
Please sign in to leave a comment.