Zendesk Support defines a number of user roles that are key to managing the people who generate support requests, those who resolve them, and the tickets themselves.
Users and people are essentially equivalent terms; it's the broadest definition for all people who use your Zendesk. There are six primary components to managing your users: customers, team members, roles, organizations, groups, and tags. Each of these components are managed from dedicated pages. In documentation that refers generally to all users, you'll usually only see the word users rather than all of the different user roles.
Each user's role is defined when they are added, although you may change a user's role as needed. When users sign in, they are only shown the parts of Zendesk Support that they are allowed to see and use.
This article contains the following sections:
End users, or customers
End users are also sometimes referred to as customers. These are the people who generate support requests from any of the available support channels. End users don't have access to any of the administrator and agent features of Zendesk Support. They can only submit and track tickets and communicate with agents publicly, which means that their ticket comments can never be private.
How end users interact with your Zendesk Support depends first on the support channels you've made available to them and then by how you've defined public access. You can provide either open or closed support. Open support in Zendesk means that anyone can submit tickets. Closed support in Zendesk means the opposite. For example, you might use closed support for an internal support operation within a corporation.
In a closed Zendesk, you add the end users. In an open Zendesk, you can either add users yourself or end users can add themselves by submitting tickets. If end users can add themselves, you can either require them to register or not. In a closed Zendesk, all end users must be registered.
You can also control if and how your end users access your help center. This is the end user's view and includes the Submit Request page, the Knowledge Base, the Community (if available), and a view of their tickets. For more information on how end users can access Zendesk Support, see Configuring end-user access and sign-in.
However, if your end users aren't registered, they don't have access to that view of tickets (they must be signed in). For these end users, all communication with the support team is via email. For more information, see Setting up to provide email-only support.
You also have the option of adding your end users to an organization, which is a collection of users (both end users and team members) that can be used in many ways throughout your ticket workflow. For more information, see About organizations and groups.
Agents, administrators, account owner (team members)
The people who resolve support requests, you, play different roles in setting up and managing your ticket workflow. Agents, admins, and the account owner are all team members.
- May be added to more than one group (must be added to at least one)
- Add, edit, and delete end-user profiles. Agents cannot create or edit other agent or
administrator profiles, and may not have permission to edit all properties in an end-
user's profile.Note: Agents can only edit end users if they have access to all tickets (see About agent privileges and ticket access). Agents in custom roles can edit end users depending on their custom role settings.
- Add public or private comments or both to tickets
- Create and edit their own macros
- Create and edit their own views
- Can view reports. Only agents with access to all tickets in your Zendesk account will be able to view reports.
- Moderate and manage articles in the help center
- Access tickets in one of the following ways:
- All tickets in your Zendesk account
- Only tickets assigned to the group or groups to which they belong. Restricting an agent's permissions prevents them from making certain edits to users, including adding notes to user profiles.
- Only tickets received from the organization to which they belong
- Only tickets that they are assigned to
Admins can add new agents either manually one at a time or as a bulk import operation (you can set the user role in the CSV data file used in a bulk import). Agents can be promoted to the administrator role by an administrator.
Agents can be restricted to tickets within their organizations and groups. All agents must belong to at least one group. Agents and end users can both belong to organizations. Agents with restricted ticket access (that is, access set to anything other than All tickets) can't create or edit end users.
Notwithstanding ticket access restrictions, CC'ing an agent on any ticket lets the agent receive email notifications of all public and private updates to the ticket. For example, suppose an agent is only allowed to see tickets in the L2 group. After the agent is CC'ed on a ticket in the L3 group, the agent gets email notifications of all public or private updates to the ticket even though she's not authorized to see L3 tickets.
- Access all tickets (not just the tickets they are assigned to)
- Access, create, and edit business rules (automations, macros, SLA service targets, triggers, views)
- Access and edit targets
- Install and configure apps
- Create reports
- Edit all reports
- Access and manage settings (account, security, channels, ticket fields, and so on)
- Add, manage, and delete end users, agents, and admins
- Promote agents to the admin role
- Create groups and organizations
- Assume an end user's identity
- Create custom agent roles (Enterprise plan only)
- Access and manage Talk settings
Administrators are responsible for designing and implementing the ticket workflow. They add customers, agents, and other administrators; define the business rules (automations, triggers, views, etc.); and customize and extend Zendesk Support. Where an agent's primary function is to interact with customers and resolve support requests, administrators may do that as well as set up and manage the workflow.
Administrators can do all of the actions that agents can do.
- Subscription changes
- Billing and payment management
- Account changes
Only the account owner can update their account owner profile. Other admins cannot do this. For a full list of unique permissions associated with the account owner, see Understanding account owner permissions.
User references in business rules
Business rules need to refer to some types of users in more abstract ways to define conditions and actions; therefore, you'll see references to requester, submitter, assignee, current user, and non-restricted agent.
Requester refers to the person who made the support request. Requester is used in macros, views, automations, triggers, and reports to refer to the person who generated the support request.
The ticket submitter is either the user who submitted the request or the agent that opened the ticket on behalf of the requester.
Assignee is the agent assigned to a ticket. Assignee is used in macros, views, automations, triggers, and reports to refer to or set the assigned agent.
In triggers, (current user) is the last person who updated the ticket. The (current user) changes each time someone different updates the ticket. The update can be made by any agent or end user with access to the ticket.
In views, (current user) is the agent who is currently viewing that view. This enables one view to show relevant tickets to each agent, without having to create a specific view for each individual agent (see Creating views to manage ticket workflow).
A non-restricted agent is an agent who has access to all tickets. In other words, they have not been restricted to only the group or groups to which they belong, the organization they belong to, or to the tickets they have been assigned to. The ability to refer to these agents may be useful when creating triggers.
I wanted to bring up the discussion on the amount of time this takes to update in your instance. What is the average timeframe this update takes on an account that didn't have this enabled? I started my update on 3/21 and even now on 3/24 it still hasn't finished. It would be nice to know the window we would be looking at for update time in rolling this out.
Hi Megan! I can see that you reached out via a ticket for this issue and the problem appears to be resolved.
Customer Advocate/ San Francisco
In explore what is difference between assignee role "agent" and requester role "agent" ? Which would be the accurate count to track licenses?
Why would there be inconsistencies between the agents in both?
Assignee is the agent or end-user currently assigned to a ticket. Assignee is used in macros, views, automation, triggers, and reports to refer to or set the assigned agent.
A requester is the person who made the support request. The term is used in macros, views, automation, triggers, and reports to refer to the person who generated the support request.
In Explore, when you say Assignee role is Agent - the ticket is assigned to an agent, while Requester role is Agent - the ticket is created by an agent but it may or may not be assigned to an agent, it could be assigned to a group or unassigned.
When you say you are tracking licenses, are you pertaining to your agent seats? if yes, I suggest that you use assignee role agent.
All the best!
What is the difference between end-user role and Contributor?
Contributors are Chat agents who have limited privileges in integrated Chat-Support accounts; for instance, Contributors can view some tickets, but cannot respond or otherwise interact with them. Contributors do not occupy an agent seat in Support unless they are manually upgraded to an agent role.
End users (often referred to as customers) are people who generate support requests from any of the available support channels (help center, email, voice, messaging, and so on.). End users do not have access to any of the admin and agent features of Zendesk. They can only submit and track tickets and communicate with agents publicly (meaning their comments can never be private).
The Admin role really needs splitting.
Most companies have IT Support departments that are responsible for granting user access and general managing of permissions. We don't want them to be working on business rules.
Besides that, charging full agent price for users that don't use any Zendesk functionality is ridiculous. I want my IT Support team to do the above user admin but it would cost us £360 a month just to do that and grant them way more power than they need.
Having a single owner is also very bad practice. It leads to either shared credentials or having a single point of failure.
Can you upvote and add your use case to this product feedback thread? Billing admin / Owner as light agent
When I create an Explore report, I see Anonymous user, end user and staff member when using the "Views user role" field. What is anonymous?
Thanks for the question, Mary Paez. An anonymous user is anybody who visits your help center without signing in.
We are in the middle of integration and came across a huge hiccup where our integrators has not given us answers yet.
we have set an email address for support. what is happening now is that agent and light agent emails to our support email address are not captured in zendesk. can anyone tell me why this is happening?
Hi Anelive Saguban,
There are a couple of reasons that we need to check that may have caused this. So, to better assist you - I've created a ticket on your behalf. Please watch out for my email so we can investigate this further. Speak soon!
Adding a comment here as per advice from Support.
It is pretty vital that agents can add a user, I can't see any logic why they would need access to 'all tickets' to be able to do that. Particularly when access to tickets 'in agents groups' is a common config and the particular platform I am working on is built on that basis specifically due to legal restrictions around data.
This article was updated in Nov 22 and I have seen on another article here where people have advised their agents who could only access tickets in groups were able to add end users but no more. That was back in April, the platform I have just launched with restricted ticket access has been in the works since before then. Another user has queried if this rule has always been the case but did not get an answer.
Edited to add: we have also found that agents not having access to 'all tickets' on Suite Professional means they cannot assign tickets to groups they are not a part of e.g. Team Leaders, Management for escalation process. Again, what I would have thought is basic functionality.
Information / thoughts on this would be appreciated, as well as confirmation on when it changed.
Please sign in to leave a comment.