What's my plan?
Suite Team, Growth, Professional, Enterprise, or Enterprise Plus
Support Enterprise
Location: Admin Center > Objects and rules > Custom objects > Objects

When creating custom objects, you also need to understand how agents and customers (also called end users) can access the object and its records. On Enterprise plans, this is defined on the Roles page in Admin Center. On all other plans, access is pre-defined for each system role except customer.

This article contains the following topics:
  • About object permissions
  • Configuring object list and search permissions for agents
  • Reviewing system role permissions for agents
  • Defining Enterprise custom role permissions for agents
  • Defining end-user permissions for custom objects
  • Viewing a custom object's permissions

About object permissions

It's important to understand just how object permissions are used and enforced. Specifically:
  • Object permissions determine access to that object's records.
  • Object permissions are enforced in lookup relationship fields in the Agent Workspace. Lookup relationship fields will appear blank to agents without permission to view the target custom object.
  • Object permissions aren't checked or enforced by placeholders. Agents with permissions to manage macros and triggers may inadvertently access information about custom objects this way.
  • Object permissions aren't captured in reporting.
  • Don't make a custom object's records visible to customers if its records contains sensitive data. While filtering can help limit visibility of a custom object's records to only those pertaining to the current user, no such filtering and restricted visibility exists for API requests. It is possible that an end user could access custom object records unrelated to themselves using the Custom Objects API.

Configuring object list and search permissions for agents

In addition to defining role-based access to to a custom object's records, you can also control the visibility of individual custom objects and their records to agents within the Custom object records page in the Agent Workspace. The object list and search permission doesn't affect the accessibility of the custom object records within lookup relationship fields; rather, it only determines the content within the Custom object records page. The default value is All agents and admins.

To change the list and search permission for a custom object
  1. In Admin Center, click Objects and rules in the sidebar, then select Custom objects > Objects.
  2. Click the name of the custom object for which you want to view the permissions, then click the Permissions tab.
  3. Under Object list and search, select either All agents and admins or Only admins.

  4. Click Save.

Reviewing system role permissions for agents

On Team, Growth, and Professional plans, agent access to custom objects is pre-defined for all agent roles. On Enterprise plans, agent access to custom objects for system roles is pre-defined, but configurable for all custom roles.
  View Edit Add Delete
Admin Yes Yes Yes Yes
Agent Yes Yes Yes Yes
Light Agent Yes No No No
Contributor Yes No No No

Defining Enterprise custom role permissions for agents

On Enterprise plans, access to each custom object is managed like any other custom role-based permissions. However, the permissions can be managed directly from the object as well as on the Roles page.

When a new custom object is created, agents don't have access to it until permissions are added by an admin or agent in a custom role with permission to manage roles.

Custom object permissions are predefined for system roles and can't be changed. For example, light agent and contributor roles have view-only permissions for all custom objects on all plans.

To manage agent permissions to access a single custom object
  1. In Admin Center, click Objects and rules in the sidebar, then select Custom objects > Objects.
  2. Click the name of the custom object for which you want to view the permissions, then click the Permissions tab.
  3. Click the name of the custom role you want to grant access to your objects.
  4. In the panel on the right, select the permissions you want the role to have for the custom object you're editing. You can choose from: View, Edit, Add, and Delete.

  5. Click Save.
To manage a custom role's access to all custom objects
  1. In Admin Center, click People in the sidebar, then select Team > Roles.

    Alternatively, from within a custom object's Permission tab, you can click Manage roles to open the Roles page.

  2. Click the name of the role for which you want to manage access to your objects.
  3. Under Custom objects, select the permissions you want the role to have for each object: View, Edit, Add, and Delete.

  4. Click Save.

Defining end-user permissions for custom objects

Customer permissions to view and interact with custom object records are configured at the object level.

You can further restrict access to records related to the end user with filters in the user interface. However, these filters don't restrict access to records through the Custom Objects API. Use caution when granting end users permission to view custom object records.

To manage customer permissions to access a custom object's records
  1. In Admin Center, click Objects and rules in the sidebar, then select Custom objects > Objects.
  2. Click the name of the custom object for which you want to view the permissions, then click the Permissions tab.
  3. In the table, click Customer.
  4. In the panel on the right, select the permissions you want the role to have for the custom object you're editing. You can choose from: View, Edit, Add, and Delete.
  5. Click Save.

Viewing a custom object's permissions

When viewing a custom object, you can see a summary of the permissions by role on the Permissions tab.

To view a custom object's permissions
  1. In Admin Center, click Objects and rules in the sidebar, then select Custom objects > Objects.
  2. Click the name of the custom object for which you want to view the permissions, then click the Permissions tab.

Powered by Zendesk