Recent searches


No recent searches

Release notes through 2024-03-08



image avatar

Nova Dawn

Zendesk Documentation Team

Edited Mar 14, 2024


0

7

7 comments

image avatar

Jacob the Moderator

Zendesk LuminaryCommunity Moderator

@...

  • Admins can no longer assume the role of another admin user.

What is the justification for this change?
We pay for a dedicated system user (admin) for various integrations to work independently of any particular admin, not being able to assume this system user will be more time-consuming and difficult.

2


image avatar

Sydney Neubauer

Zendesk Luminary

I second what Jacob is saying. With the new Team Members permission coming, they also cannot manage Admins. How are admins supposed to change their own permissions? If you only have 1 admin and they need to be offboarded?

3


image avatar

Nova Dawn

Zendesk Documentation Team

Thank you for your comments Jacob and Sydney - @... could you bring some light to this conversation regarding the decision around this change?

2


image avatar

James Hanley

Zendesk Product Manager

Hey Jacob the Moderator and Sydney Neubauer thanks for your question and my apologies for not replying sooner.

The decision to remove the ability to assume into another admin was made in order to improve the access controls in the product, within the context of the feature’s utilization. The security of our customer’s data is our priority and this change was motivated to strengthen our access controls and remove a legacy feature that offered a loophole to elevate ones own permissions.

If you require logging into an “integrations admin” which is being used to integrate with Zendesk's APIs or integrations, I would recommend using your standard Zendesk authentication method. I appreciate this may slow down some administrative actions, but ultimately this will be a more robust and secure authentication approach.

I hope this helps clarify.

Thanks,
James

-1


image avatar

Jacob the Moderator

Zendesk LuminaryCommunity Moderator

James Hanley  Thanks for the explanation! However, I don't see the issue this change is a fix for.

You say: 

a legacy feature that offered a loophole to elevate ones own permissions.

You would need to be an admin to assume another user, so how can you elevate your own permissions when you're already an admin? Unless I'm mistaken about this👆 I don't see any issue, all this does is force admins to handle multiple logins which is arguably less secure.

0


image avatar

James Hanley

Zendesk Product Manager

Hey Jacob the Moderator, this is a very good question.

There loophole applied when a user was an Admin in Support but not in other products.

0


image avatar

Jacob the Moderator

Zendesk LuminaryCommunity Moderator

Thanks for clarifying this James Hanley! I wasn't sure you saw my comment since at-mentions and follower notifications seem to have been broken for a while after the new theme update. 

When any admin creates a new admin user, every admin in the account is notified about the details of who created the user and the user email - this approach is superior in that it creates the desired awareness of a potential issue without sacrificing assumption capabilities.

0


Please sign in to leave a comment.