Restricting tickets visibility to BrandPlanned
The solution presented in Multibrand: Restricting agents to specific brands (Enterprise), as commented by Mjaman, 'falls short of what we really need,' and mostly because brands are attributed to tickets, instead of agents.
The challenge here is visibility: if I don't want agents who work in Brand A to see Brand B's tickets (regardless of Group and/or Organization), there's no way I can set it up.
Brand visibility settings would need to be present in both Users and Roles: users could belong to one more brands, and their role would allow us to set ticket visibility based on brands.
- User belongs to Brand 1. Role would allow user to access all tickets within their brands (in this case, Brand 1).
- User belongs to Brand 1, 2, 3. Role would allow user to access all tickets within their brands (in this case, Brands 1, 2, and 3).
- User belongs to Brand 1, 2, 3. Role would allow user to access all tickets within their organizations (e.g. an organization with customers from those three brands, which included the agent, they'd be able to see only their).
This would probably mean more versatile permissions within a Role... In other words, why a single choice (drop-down) option, instead of multi-select?
- Role 1. Agents have access to all tickets within their Brand(s).
- Role 2. Agents have access to all tickets within their Brand(s) and their Group(s).
- Role 3. Agents have access to all tickets within their Brand(s) and their Organization(s).
- Role 4. Agents have access to all tickets within their Group(s) and Organization(s).
Thanks in advance for any input/feedback!
Hi everyone, have some good news for you. This is something we're planning on starting on this year. If you have a strong opinion on how you'd like to see this function, keep an eye out on this post for a calendly link to help us test some prototypes. Thanks!
I'm glad to see my company's not the only one who needs this function!
Our Zendesk instance contains a CITD brand and an HR brand, and agents associated with one brand should not have access to the other brand's tickets (due to confidential content).
We cannot create a separate instance for the other brand because it is difficult to manage our agent license count for two separate brands (unless Zendesk allows free transferring of licenses between instances?).
This is because the number of agents we have per brand changes quite often, and we cannot estimate how many licenses are needed per brand. (It'd be a waste to have too many excess instance-specific licenses, considering their price.)
Currently, we are using the workaround of:
- Restricting agent access to groups; and
- Adding the agents to ALL groups associated with their brand.
However, this workaround is highly inefficient because:
- Agents receive notification emails for tickets they are not currently in charge of (because they're added to the other groups); and
- It is quite challenging to assign a ticket to a specific person under a specific group because the agent's name appears under so many groups.
Take note that our CITD brand alone has over 50 Zendesk groups, and we have many other brands aside from that one that have a lot of groups.
I hope this suggestion gets approved and then implemented soon!
Basically, here is my suggested function:
In role settings, under "What kind of tickets can this agent access?", there should be this option:
All within this agent's brand(s)
When that option is chosen, there should be a new setting asking which brands to associate the role with.
I think this mechanic can be similar to ticket forms:
Then, agents under that role can only access a ticket if it's assigned under the associated brand.
(Of course, not counting tickets they're CC'ed to or a requester of.)
I completely agree. This needs to happen! I need all agents to have access to all brands except for just one brand. That one brand needs to be private for only a select group of folks.
+1, required - we need an ability to assign brand visibility to agents
The problem I have is that we require agents to not be able to create tickets for certain brands but still be able to view all tickets within one brand.
+1 for this feature. We have over 5 brands each with a dedicated support team that really have no interaction with tickets relating to other brands. Another related consideration for this is for suspended tickets to be available to each brand, having to grant access to all tickets to be able to manage suspend tickets is not good.
I am adding my up vote to this - and commenting because it's that important to me - because I really love that Multibrands is an option but a little disappointed with permissions as a whole.... We would like more granular control over who has access to what. In my opinion, we should have the ability to:
1. Restrict Agents to access and edit TICKETS only in their given brand(s) via role
2. Restrict as in #1 above but extend read-only access to TICKETS in other brands
3. Ability to have Read Only FIELDS in Tickets, Users and Organizations
4. Ability to restrict TICKETS- both hide a given ticket altogether
5. Ability to hide certain FIELDS on a ticket based on role
As Zendesk scales, these kinds of requirements will be necessary as more and more companies leverage Zendesk outside of the "usual" ITIL usage by additional departments and for different processes.
Bottom line: Since Zendesk's collection of product offerings are expanding, the permission structure needs to grow with it!
Please and thank you :)
Hey Zendesk Support Product Owner,
What are the plans to implement this?
Is this even on a roadmap?
Still important to me and my team! Restricting one of our brands to be accessible by only one group would make life much better for us. Thanks.
Following - as this would be helpful for us too.
Agreed! +1 for me.
We have a large use case with many "brands".... but most agents are tasked with one brand or the other.
Would be excellent to be able to restrict user to brand(s) - multi select.
Adding a +1 here as well. The current solutions laid out here aren't scalable and leave a lot of room for error. Within the "roles" functionality we should be able to identify which brands those roles belong to.
Agreed! + 1
Highly needed, especially with the Invoice Team using Zendesk !
Please, make it happen quickly !!
Agreed, this is needed!
We have QA agents that need access to some tickets and don't want to give them the permission to view all tickets as it's not appropriate for them to have this access.
Any movement on this please?
+1 definitely needed if you're going to support multiple brands.
+1 Please plan and implement as it will be a very useful user restriction option for multibrand instances with brands being dedicated to separate licenses and/or jurisdictions.
Would also like to see light agents restricted to Brand and Forms. This would truly provide an enterprise solution for those who require it.
+1 definitely needed. Please add this feature asap.
Hey all - thank you so much for your detailed feedback on the separation of brands and ticket visibility.
As we grow in the enterprise space, we're hearing this feedback more frequently. While this is not on the current 9 month roadmap, it is something we're starting to prioritize and discover. We're exploring all the technical implications of such a big change and the necessary requirements. If you've commented on this thread and would like to add additional nuance to your request or update anything, this is a good time to influence how this might work in the future. Beyond tickets, what other elements should be restricted by brand?
"Beyond tickets, what other elements should be restricted by brand?"
- Forms : Really important!
- Having admins per brands (Guide, different Chat, different Gather, etc...)
I want to add, as we are about to move our HR Team into our main instance from their own do to work overlap and reporting needs, there is another issue that has no resolution:
If a non-HR Team Agent in Zendesk sends in a ticket to HR Support in this new joint instance environment, because they are on the ticket as the requester, they have access to the ticket. But, worse, as an Agent in Zendesk, they can see the private notes that are being entered by the HR team. This is a big issue, especially in Employee relations situations.
- Agent A is in Brand for IT- Cannot see HR Brand tickets
- Agent A sends a ticket in for a personal issue to HR support
Issue: As a requester, Agent A can see this new ticket in Zendesk by looking at their requested tickets, including all HR Agent private notes on tickets, even though the ticket is not in their Brand.
There should be a way to restrict agent access further inside Brand to allow for end-user experience for Agents in Zendesk when sending support requests to other teams.
It could be an additional field under the Role settings:
Restricting their access as a requester, removing the ability to see private notes out of Brand unless added as a follower or cc'd.
+1 to separate ticket access by brand
For compliance and regulatory reasons it is a necessity to be able to separate access to tickets by brand for each separate company managed in one Zendesk instance. Admins should be able to set agent access to tickets based on role for one, multiple, or all brands.
Waiting! as this is a must have feature for Multi-brand setup.
+1 Any update?
Any update on this? It was talked in 2018 and we are in 2022.
Hi François, the most recent update is from last October, in Alina Wright's official comment here.
Though we don't yet have a solution in place for this, we are still working towards this goal. We have so many permissions related improvements to make that prioritizing between them is difficult work. This is not something we can promise on any kind of time frame, but it is without a doubt something we plan to deliver.
This will be quite an important feature if and when it rolls out.
another upvote here! This is what we're missing and desperately need.
Please sign in to leave a comment.