Question
What is the difference between ticket permissions set at the organization level and the user level?
Answer
There are organization access settings in the user profile and in the organization itself. These permissions are separate to allow for more specific control over how visible an organization's tickets are, and how individual users can access tickets. If the settings conflict, the more permissive setting overrides the less permissive setting.
The table below goes over all the possible combinations of permissions.
| Organization | ||||
|---|---|---|---|---|
| Can view own tickets only | Can view all org tickets but not add comments | Can view all org tickets and add comments | ||
| User | Can view and edit own tickets only | User can view and edit own tickets. | User can view and edit own tickets and can view tickets from their org. | User can view and edit own tickets and view and add comments to all org tickets. |
| Can view tickets from user's org | User can view and edit own tickets and can view tickets from their org. | User can view and edit own tickets and can view tickets from their org. | User can view and edit own tickets and view and add comments to all org tickets. | |
Because these permission sets are treated differently in Zendesk, they must be specified when creating each user and organization. When bulk importing users through a CSV file, specify each user's permission within the file by including a "restriction" column in the file. When creating users through the API, establish this restriction by setting the ticket_restriction attribute.
For more information on setting user and organization permissions, see the articles: Creating organizations and Adding end users.