Announced on Rollout starts Rollout ends
September 22, 2025 September 22, 2025 October 6, 2025

Zendesk is pleased to announce the availability of record-level permissions for custom objects.

This announcement includes the following topics:

  • What is changing?
  • Why is Zendesk making this change?
  • What do I need to do?

What is changing?

Until now, permissions have been defined at the object level, meaning each role either had access to all of an object's records or none of them. Now, admins can define granular access rules for each custom role's ability to create, read, update, and delete custom object records. Rules are defined for each action individually, so a single custom role could have different access rules applied to their permissions to create an object's records and update an object's record. 

Record-level permissions make it possible for admins to protect sensitive information in custom objects and ensure it is surfaced to only the agents and end users who need to access it. For example, you might use access rules to configure the following use cases:

  • Assign an access rule to the end user's View permission: 
    Order > Customer | matches | (current user)
    Surface the signed-in customer's orders, contracts, accounts, etc. in the help center while ensuring that they can't see another customer's data, even through APIs.
  • Assign an access rule to level-1 agent's Edit permission: 
    Return > Status | is not | Approved
    Selective control for your agents to manage the business data in your custom objects under specific circumstances. For example, preventing more junior agents from modifying data, such as a return, after it's been approved by a more senior team member.
  • Assign an access rule to end user's Create and Edit permissions: 
    MyProduct > Customer | matches | (current user)
    Allows customers to create or edit custom object records related to them in a secure manner. For example, a user can register a product they purchase in their own name, but not for another user.

Access rules for custom object record permissions are available on Suite Team plans and above and Support Enterprise plans. On all of those plans, you can apply access rule permissions for customers. On Enterprise plans and above, you can also apply access rules to custom roles.

Why is Zendesk making this change?

Zendesk understands that companies want to bring their unique business data into Zendesk custom objects, while keeping it secure and available to the appropriate end users and agents. Access rules make that possible. Additionally, agent leaders also need the ability to control which data agent roles can view and edit.

Record-level permissions make it possible for admins to control who sees and edits their business data, reducing the risk of data exposure and increasing data integrity.

What do I need to do?

Access rules are available to Zendesk Suite Team plans and above and Zendesk Support Enterprise plans and above. To leverage record-level permissions, update your custom objects to add and apply access rules. See Refining custom object record permissions with access rules.

You may also want to consider the following:

  • Switch away from using dynamic filtering within your lookup relationship fields to control which data is surfaced to end users, and instead implement access rule-based permissions for end users.
  • Work with agent managers and team leads to determine the appropriate access-rule based permissions for agents in custom roles.

If you have feedback or questions related to this announcement, visit our community forum where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk Customer Support.

Powered by Zendesk