Question
What is the difference between ticket permissions set at the organization level and the user level?
Answer
There are organization access settings in the user profile and in the organization itself. These permissions are separate to allow for more specific control over how visible an organization's tickets are, and how individual users can access tickets. If the settings conflict, the more permissive setting overrides the less permissive setting.
The table below goes over all the possible combinations of permissions.
Organization | ||||
---|---|---|---|---|
Can view own tickets only | Can view all org tickets but not add comments | Can view all org tickets and add comments | ||
User | Can view and edit own tickets only | User can view and edit own tickets. | User can view and edit own tickets and can view tickets from their org. | User can view and edit own tickets and view and add comments to all org tickets. |
Can view tickets from user's org | User can view and edit own tickets and can view tickets from their org. | User can view and edit own tickets and can view tickets from their org. | User can view and edit own tickets and view and add comments to all org tickets. |
Because these permission sets are treated differently in Zendesk, they must be specified when creating each user and organization. When bulk importing users through a CSV file, specify each user's permission within the file by including a "restriction" column in the file. When creating users through the API, establish this restriction by setting the ticket_restriction
attribute.
For more information on setting user and organization permissions, see the articles: Creating organizations and Adding end users.
27 comments
Camille DORE
Hello,
We have the feeling that an extra choice has been added on the organization part in order to define wether the authorized user can consult + not send comment / consult + send a comment.
We believe it was not the case previously.
We have a strong feeling that today, the users that had the authorization to access the tickets of all the org don't have anymore the possibility to comment the tickets, because their authorization are by default "access + no comment possible".
Could you confirm me if this option is new / if anything change on this side recently ?
Thanks a lot,
0
Blanca
Hi Camille,
Thank you for reaching out. It is possible that an end-user has access to tickets only. I want to share with you a visual representation of the difference between ticket access at the organization and user-level: What is the difference between ticket access at the organization level and user level?. The changes in access can be available on your current subscription.
To manage the role of your end-users, here's a helpful article for further reading: Creating, managing, and using organizations
I hope these articles clarify your question.
Cheers,
Blanca | Customer Advocate
Chat with our live support!
https://support.zendesk.com/hc/en-us
0
Zack Test
Just putting a feature request out there, would love to be able to set Specific user access. As in, have a end user that can View and Edit their own tickets AND Org tickets and having end users that can View and Edit their own tickets AND only view Org tickets in the same Org.
9
Emil Susort
+1 for Zachary's feature request.
0
Whitney Votaw
We work in healthcare and have larger organizations who want only a select group of users to be able to add comments to any tickets within their org.
To elaborate, most end-users should only be able to see their own tickets, but some end-users should have the ability to see all organization tickets and add comments.
Is this possible?
8
Afabio Junior
Thank you for reaching out.
According to the table below, at the moment there is no configuration available to let just some end-users have the ability to see all organization tickets and add comments, this is due to the fact that the more permissive setting overrides the less permissive setting.
In order to allow end-users to add comments in tickets from their organization, you would need to select the option: "Can view all org tickets and add comments" for your organization, since this is the most permissive setting for an organization; even if you had the majority of your end-users set as "Can view and edit own ticket", every end-user from that organization would still be able to view all org tickets and add comments.
For visibility by our product team, and to allow others to add their support via votes and comments, would you mind creating a post in our Feedback on Support, sharing your feedback and ideas is very important to us.
Cheers,
0
Dana Barker
I would have expected the above grid to have a difference in permissions for the far right column depending on the user setting. It would make more sense if the org was set to 'view all org tickets and add comments' and the user was set to 'view and edit own tickets only' to have the same permissions as those outlined in yellow and the users who are set to view tickets from their org to have the permissions outlined in green.
It defeats the purpose of having the different options if they provide the same level of access to the users.
8
Raphaël Péguet - Officers.fr
Hi Zendesk Team,
A link or the info about if it possible or not to switch the default rights for the user between:
- able to see organization tickets
- not able
Would be much appreciated :-)
Best regards,
0
Dane
For reference please check Creating Organizations.
0
Rawan Dawairi
Hi,
is it possible to add a checkbox in which customers can lock access to the ticket from other users in the same organization. Do we have a workaround to change the permission so specific users can view tickets in the same organization. Right now, access permission is set to all users or none and I do not see any access on the tickets level it's either organization or user access level?
0
Gab Guinto
I'm afraid this is currently not possible with the native options available in Zendesk Support. You may be able to display a checkbox in the email notification via html, by editing the email template, but the user's feedback/answer won't be automatically sent back to Zendesk.
If you have time, I would suggest that you create a new post in the General Product Feedback topic in our community to engage with other users who have similar needs and discuss possible workarounds. Conversations with a high level of engagement ultimately get flagged for product managers to review when they go through roadmap planning.
1
Michael Cardamone
Enterprise companies are moving towards customized user experiences. This means custom integrations into their existing SAAS Admin panels so Admins/Users do not have to jump into different environments.
Are there plans for Organization & Users settings API calls that would function on existing users?
This would open the door for us to build custom digital experiences where I could allow my customer Admins to control these settings for their users submitting support tickets from my products admin panel. This may also open up the need for a new end user role or setting, "Organizational-admin"
From an Enterprise perspective, I also concur with the statement Whitney Votaw made.
1
Johan Billow
Yes Dana Barker and more are writing, this function must have a "design bug", as the expected way of setting access should be on end user level or role level.
Scenarios:
Access and edit access to own tickets.
Access to org. tickets.
Edit access to org. tickets
Couldn't be more simple than that?
Easy to understand also and the table above would become unnecessary.
1
Seneca Spurling
I'm having trouble with this, too.
I've got users at an Organization who are managers overseeing things, and they would like to have the ability to view all tickets from the organization AND add comments to those tickets (and add themselves as a CC if desired). This seems like a very common use case. Most users at an organization should have access to only their own tickets, but a small number of users should have either read-only or read-write(add comments is sufficient) access to all org tickets. The current configuration options don't appear to enable this. If I want to give the two users at this customer 'admin' access to all their company's tickets with the ability to add comments to any of them, then I have to give that access to ALL users?
1
Richard Nikula
Our customers have a need, as I am sure others do as well, to have some end users that are read only and should not make comments. However, they want the remainder of their end users to be able to provide comments in their tickets and for their organization. If we do not allow comments at the organization level (column 2) than no one can comment except the owner which does not meet their needs. As such, we must allow comments (column 3). But this allows anyone and there is no one that has read only. Ideally, there should be a user override to allow comments for their org without allowing everybody, The customers would even prefer these people could not even open tickets, simply review them, but restricting comments would be a big step forward.
0
Joyce
When enabling the permission Can view all org tickets and add comments, this setting will affect all users within the organization. I'm afraid that there's no option to indicate who should only have the "add comments" permission within the organization.
I encourage both of you to create a new post in the General Product Feedback topic in our community to engage with other users who have similar needs and discuss possible workarounds. Conversations with a high level of engagement ultimately get flagged for product managers to review when they go through roadmap planning.
1
Sam
What is the point of having end user settings displaying "can view own tickets only" if the more permissive organization-wide setting overrides? In my view, if there is a mismatch like this, it should be clearly called out rather than displaying "can view own tickets only" at the end user profile level, when this isn't actually the case. If the user belongs to multiple orgs, there could be a flag that uses color and bullets by org if you hover over it to indicate which ones are mismatched with the end user level settings...In my experience the least permissive access takes precedence.
1
Joyce
That is a great suggestion that we can pass along to our Dev team. If you have time, please also write us product feedback here.
1
Joshua Wilkinson
Is it possible to limit this so only certain users' tickets from an organisation can be visible?
We don't want everyone's tickets in a single organisation to be visible, as this will likely cause more panic or confusion than needed. We want a select group of people in an organisation to only see each other's tickets.
Is this achievable?
1
Audrey Ann Cipriano
Hi Joshua Wilkinson, welcome to our Community!
As the more permissive setting win, this is possible by setting the Organization access setting to "Can view and edit own tickets" and then setting those select group of people's access permission to "Can view tickets' from user's org".
You may do this by going to each of those specific users' profile.
Hope this helps!
0
Richard Nikula
Unfortunately, the above comment only works when no one in the org can view and update. The problem is that there has to be some people with this right and as soon as one is needed (column 3), this row in the column no longer allows you to restrict anyone.
0
Joshua Wilkinson
Thanks Audrey Ann Cipriano, but does this stop other people's tickets from being visible?
I understand you can have only certain people have the ability to view tickets from their org, but what I'm trying to do is allow only certain people to view tickets from other certain people from their org, not view EVERY ticket from that org.
Hope I've made that clearer!
1
Seneca Spurling
Josh We have several customers who need this, and for them we've had to set them up with separate Organizations for each group. I don't like this at all, but it's the only way to achieve it. We have a small number of customers for whom it works better since there's a bunch of information in custom fields that differs between their different groups so it makes more sense to have them in separate Orgs but generally this is an unfortunate thing to have to do, as it forces us to have to have multiple Orgs that are all in support of a single 'Customer' account and that adds to the complexity of managing everything. One of the most significant downsides is that you can no longer associate a domain with the Org, so whenever you are contacted by someone new at that domain, you have to begin by establishing which group they are part of so that you can get them associated with the correct Org. This is not a great end user experience, but fortunately it's not something we have a high volume of. Usually our customers have a small set of users who contact us. But some of them prefer to have more users contacting us directly and when those require separate Orgs, it's really annoying!
If we could create "teams" within Orgs and assign users to teams and associate permissions with teams, that would address most of this.
0
Jupete Manitas
Thanks for writing in! Seneca is correct, right now your use case which will allow only 'certain people' or users to view tickets from other 'certain' people from within their organization, not view EVERY ticket from that organization is not yet supported. Hence, this is for product feedback request.
We encourage you to create a new post in the General Product Feedback topic in our community to engage with other users who have similar needs and discuss possible workarounds. Conversations with a high level of engagement ultimately get flagged for product managers to review when they go through roadmap planning. We truly value customer feedback and your voice and votes in the forums help influence future Zendesk functionality.
Also, if you like, we can refer you to our Services team. They can build custom applications and other tools for your Zendesk when native functionality is not meeting your needs. Thank you and have a great day!
0
Joshua Wilkinson
Hey Seneca Spurling, thanks for confirming!
I did think that might be the only way we can do it, which isn't ideal for us either!
0
Bruno Cruz
Hello, are there any future plans on including an access level that allows individuals users to add comments on all org tickets?
Seems like this discussion started on 2022 but I don't see any mention of this being included (rather a strange choice honestly).
Also left this feedback on the corresponding Feature Request post here.
0
Shawna James
0