English (US)
  1. Zendesk help
  2. Zendesk updates
  3. Announcements

Announcing permissions change to editing organization memberships

Alina Wright
  • Edited
Zendesk Product Manager
Announced on Rollout starts Rollout ends
July 27, 2022 July 27, 2022 July 27, 2022

We’ve implemented a change to the way agents can manage organization membership. Previously, any agent other than a light agent could edit organization membership for end users, agents, and admins. 

Moving forward, only admins can edit organization membership for end users, agents, or admins. Agents can only edit organization membership for end users.

Why did Zendesk make this change?

This change was made to address a security vulnerability and resolve a discrepancy in our documentation resulting from this unintended role permission behavior.

How will this affect me?

This change affects all Zendesk Suite and Support customers with agents who edit organization membership for other agents and admins.

What do I need to do?

No action is required. Agents who need to edit organization membership for other agents can be upgraded to admins. You’re also welcome to complete this form to request exclusion from this change until we release a new permission to allow agents to modify agent organization membership.

Return to top

6 Comments

  • tiff king

    The form to opt out is currently gated.

    1
  • Rafael Santos

    Alina Wright, +1 on Tiffany King's message.

    Likely restricted to your Google Workspace.

    Settings > Responses > Requires Sign In > Restrict to Zendesk and its trusted organizations.

    1
  • Kelsey Davis

    I would like to opt out as well but can't access that link

    1
  • Alina Wright
    Zendesk Product Manager

    Hi all - apologies about that. Please try to access it again, should be fixed.

    1
  • Dan Cooper
    Community Moderator

    Will this be considered as an option for custom agent roles instead of being admin only?  I feel like there are a lot of permissions that should actually be the responsibility of a support lead, and not an admin.

    Gating permissions behind admin only, makes it more likely that users are granted too much access in order to use to a specific feature when the permissions could have been gated to specific team members responsible for the work via a custom role. 

    0
  • Alina Wright
    Zendesk Product Manager

    Dan Cooper

    Question: 

    Will this be considered as an option for custom agent roles instead of being admin only?  I feel like there are a lot of permissions that should actually be the responsibility of a support lead, and not an admin.

    Gating permissions behind admin only, makes it more likely that users are granted too much access in order to use to a specific feature when the permissions could have been gated to specific team members responsible for the work via a custom role. 

    Answer: 

    Yes, absolutely. We have 3 goals as the roles and permissions team right now (2022).

    1. Break down the admin role and allow 'admin only' permissions to be available in custom roles. (Exactly what you've outlined!)

    2. Create granular permissions to allow our enterprise customers to scale. 

    3. Bring all the permissions from across the Suite into one place for easy admin management.

     

     

    0

Please sign in to leave a comment.

Related articles

Powered by Zendesk