Question
What is the difference between ticket permissions set at the organization level and the end-user level?
Answer
You set organization ticket access in two places: the end-user profile and the organization. Support evaluates these separately to control visibility of organization tickets. If the settings conflict, the more permissive one overrides the less permissive one.
For example, if an end user belongs to an organization that grants broader access than the user's profile, the user can view that organization's tickets.
In Support, set these in:
- Any organization > Users field
- Any end-user profile > Access field
The table below shows the possible permission combinations. In this table, red means no ticket access, yellow means some access, and green means the most access.
| Organization | ||||
| Can view own tickets only | Can view all organization tickets but not add comments | Can view all organization tickets and add comments | ||
| End user | Can view and edit own tickets only | User can view and edit their own tickets. | User can view and edit their own tickets and view tickets from their organization. | User can view and edit their own tickets and view and add comments to all organization tickets. |
| Can view tickets from user's organization | User can view and edit their own tickets and view tickets from their organization. | User can view and edit their own tickets and view tickets from their organization. | User can view and edit their own tickets and view and add comments to all organization tickets. | |
Because Support treats these permissions separately, specify them when you create each end user and organization. When you import users in bulk with a comma-separated values (CSV) file, include a restriction column to set each end user's permission. When you create users through the application programming interface (API), set the ticket_restriction attribute.
For more information on user and organization permissions, see Creating organizations and Adding end users.