On Enterprise plans, admins can designate a group as private. This means that agents outside the group generally can’t access tickets assigned to it, although agents may be granted permission to view private tickets. While an agent outside the group can assign a public ticket to a private group or a member of a private group, the ticket is made private as a result. Additionally, an agent working on a private ticket is prevented from @mentioning or opening side conversations with team members outside the private group.
This article contains the following sections:
To learn how to set up private groups, see Creating private ticket groups and granting agents access.
Essential facts for private ticket groups
We've distilled some essential facts for you about private ticket groups. To learn how to set one up a private group or convert a public group to private, see Creating private ticket groups and granting agents access.
-
When creating a group, you have the option to designate the group as private. It cannot be converted to public.
-
You can convert an existing public group to private, but it can’t be converted back to public.
-
Tickets in private groups have a private tag with a lock icon (
) as part of the ticket status tag and a lock icon next to the assigned group's name. In views, the lock icon appears next to the ticket status for each private ticket in the list.
- Access to tickets, including tickets in private groups, is set at the role level. Among native agent roles, Admins and Team Leaders can see tickets in private groups by default. Custom roles can be configured to have access to tickets in private groups. See Granting agents access to tickets in private groups.
-
A private ticket can’t be viewed or searched for by agents who don’t have access to it.
-
If a ticket is reassigned from a public group to a private one, CCs and followers are kept on the ticket and continue to be able to see it.
-
If a ticket is reassigned from a private group to a public one, the ticket becomes visible to public groups.
-
Tickets in private groups are still included in reports run for all tickets.
- Tickets that aren't assigned to a group are treated as if they're in a public group.
- Admins can configure the visibility of internal comments on tickets an agent requested, regardless of the tickets group assignment. If you restrict agents in your account from seeing internal notes and agent-only fields, they will only be able to access tickets they've requested as an end user.
Limitations of private ticket groups
-
The status of a group as private or public isn't available as a trigger or automation condition. (Group | is / is not | Private / Public)
-
Macros can’t yet be made available to all private groups similar to the way they can be made available to all agent groups.
-
When a side conversation ticket is assigned to a private group, it is visible to members who don't belong to the group.
49 comments
Scott D
Can private groups and tickets be viewed in Explore if you don't have access to the private groups?
4
Alina Wright
Question: Can private groups and tickets be viewed in Explore if you don't have access to the private groups?
Answer: For now, yes. However we are working to get Explore to respect ticket privacy.
3
Scott D
I have a use case where we had two groups of agents (I'll call them groups A and B) that needed to be combined into a new group (I'll call them group C). I removed users from groups A and B and added those users into group C. I then replaced/updated/added the new combined group C to all views, triggers, automations, user segments, macros, reports etc. that pertained to groups A and B.
I was told for historical reporting purposes to not delete the old groups (groups A and B). I would like to be able to remove the old A and B groups from being visible in the assignee dropdown on new tickets. I would like to have tickets part of the older A and B groups visible for all agents to search for in the agent workspace and view in Explore. Would private groups be able to solve for this use case long term? What other options might there be for this particular use case?
1
Alina Wright
Just to make sure I'm reading this right.
You want agents part of Group C to be able to search for old tickets in A&B and report on old tickets in A&B, but not have A&B show up in the assignee drop down?
Private groups would not solve for this. Even if a member is not part of a private group, they could assign tickets to the group they are not a member of. Members who are not part of a private group, would not be able to search for those tickets.
0
Scott D
Yes that's correct. Thank you.
0
Jason Littrell
Agents with the "Requested by end users in their organizations" ticket access can still view private group tickets linked to their organizations. Is this an issue that needs to be fixed or a limitation of the private group functionality?
1
Alina Wright
Jason Littrell - it's a limitation, "requested by end users in their organizations" ticket access is different from "within groups and private groups" ticket access. The organization ends up using the permission for end_user_profile to determine ticket access.
0
Hampus Nygren
Is it possible to limit access for people to set a group as private ?
Since it's not possible to revert a private group it would be of high value to be able to limit the access to e.g. Admins.
0
Oli
I think the word "access" on the role settings page in Admin Center is throwing me off, so I want to make sure I clearly understand this part:
IF
[✔️] Tickets within their groups and all public groups AND
[✔️] Assign tickets to any group (Can assign tickets to groups they don't belong to, including private groups),
THEN an agent who is in public group A and private group B can view tickets assigned to public group C, can assign tickets to private group D, but cannot view or search for tickets assigned to private group D. Is this accurate?
If I want a role to be able to view, search for, and assign tickets to any public group but not any private groups, then they should be set up as follows:
[✔️] Tickets within their groups and all public groups AND
[ ] Assign tickets to any group (Can assign tickets to groups they don't belong to, including private groups)
Is this also accurate?
0
Alina Wright
Hampus Nygren
Question: Is it possible to limit access for people to set a group as private ?
Answer: Not at this time, but this is valuable feedback.
Oli
Scenario:
IF
[✔️] Tickets within their groups and all public groups AND
[✔️] Assign tickets to any group (Can assign tickets to groups they don't belong to, including private groups),
THEN an agent who is in public group A and private group B can view tickets assigned to public group C, can assign tickets to private group D, but cannot view or search for tickets assigned to private group D. Is this accurate?
Answer: Correct!
Scenario: If I want a role to be able to view, search for, and assign tickets to any public group but not any private groups, then they should be set up as follows:
[✔️] Tickets within their groups and all public groups AND
[ ] Assign tickets to any group (Can assign tickets to groups they don't belong to, including private groups)
Answer: Correct!
1
Bobby Koch
is this a new feature?
0
Oli
Bobby Koch
Yes - here's the announcement page: https://support.zendesk.com/hc/en-us/articles/4474311837082-Announcing-private-ticket-groups
3
Hampus Nygren
Hi,
When adjusting a role "Tickets they can access" to "Within their groups and all public groups" to enable this, the role cannot access suspended tickets. This causes a bit of problems.
Could we have a separate permission added for the suspended tickets?
2
Alina Wright
Hampus Nygren
Question: Could we have a separate permission added for the suspended tickets?
Answer: Eventually, yes! We're working on some other big ticket items like separating out ticket delete and redact right now, but we'd like to get there soon.
cc; Luiz Carlos Silva
2
mfg
Scott D - you can use the Assignment Control app to handle that - https://www.zendesk.com/marketplace/apps/support/223590/assignment-control/
0
Bibi Ru Aubeeluck
Hi,
Is there a way to prevent a certain assignee/ assignee groups from assigning to a private group.
Thanks
0
Alina Wright
Bibi Ru Aubeeluck
Question: Is there a way to prevent a certain assignee/ assignee groups from assigning to a private group.
Answer: Not at this time. I have logged it as feedback for future product iterations.
0
Joel Hellman
I'm not sure we have any use for this feature, but maybe it adds something I don't know.
I want to see if I understand this correctly. If we are an enterprise with dozen of departments, we don't effectively have any "public" groups. Some agents have ticket membership in lots of groups and the "Within their groups" permission. Many agents might have membership in some groups, but no group is public, because e.g. finance should not access customer tickets, and agents should not access finance tickets.
Given the situation above, would setting all ticket groups as "Private" have any benefit for us? I mean, they are effectively private already, but any benefit in toggling that "Private" checkbox?
Or should we just keep them as-is (which I guess is "public") - ?
1
mfg
Joel Hellman - for us the value lies with the agents that have the access outside-their-groups permission - this creates a way to prevent them from seeing some tickets. This is helpful for us to cut down on agent workspace bloat (views, macros, etc), while maintaining their ability to access tickets they have reassigned outside their groups, but still needing explicit access granted for other groups' tickets.
0
Gab Guinto
With a setup similar to yours, where agents are already restricted to tickets under their own groups, private groups may not be as userful. But for use cases similar to what @mfg described, this would allow keeping some groups/tickets from being accessed by all agents without the need to restricting ticket access at the role level for all agents.
0
Joel Hellman
Thanks for your responses! I gather from your response our company don't have any use for private groups.
Private Groups are just for customers that have some groups that are "completely public" for a common set of Zendesk agents (only one set, though), to ease administration a bit.
0
Tim Grimshaw
Love this 'Private group' feature - it's exactly what we need... but... I fell into the trap of not seeing that it actually adjusts access to the Suspended Tickets view (it removes access), when you change the standard role permissions to see tickets "Within their groups and all public groups", instead of "All, including those in private groups".
Sadly that made it a bit of a blocker for us to be able to use private groups at all, so I'm keeping my hopes up for this feature request:
https://support.zendesk.com/hc/en-us/community/posts/4805924826138-Private-Groups-Support-Access-to-Suspended-Tickets-view-?page=1
Might also be worth mentioning this limitation under the 'limitations' section, just so that other people don't fall into the same trap?
0
Jupete Manitas
1
Alina Wright
Tim Grimshaw (cc Jupete Manitas), we are fixing this limitation by end of Q2 (so give us about 3 months!). Will post an announcement when it's ready to go and released. Thank you SO much for your feedback, this is what helps drive our priorities.
2
Jupete Manitas
Thank you for the update, Alina!
0
Sam
How do internal comments work for tickets in private groups?
i.e. say i am a zendesk light agent (an agent who is NOT in the ticket assignee private group) and i request a ticket for a form that assigns to a private group.
Can I see the internal comments being made to my ticket if I am not part of the agent group, but am the ticket requester?
0
Arianne Batiles
Hi Sam,
If a light agent is the requester of the ticket, he/she would still be able to view the internal note in the email because of the role even if the ticket is assigned to the private group the light agent is not part of.
0
Sam
Thanks Arianne Batiles-- is there a reason for this? Doesn't that defeat the purpose of the private agent group?
0
Arianne Batiles
0
Viktor Hristovski
Arianne Batiles
i have a ticket in a private group with a group of end users CC'd on it. But they cant see it in their support center, where they should see tickets they're CC'd on? Is this also a limitation?
p.s since i am an admin, i assumed the end user who submitted this ticket and i cant even see it on their profile...
0