We currently have about 12 admin roles in our Zendesk instance, and it's sometimes not possible to know what permissions users in those roles will have. An example that came up today was that we weren't sure which roles would allow a user to change the groups for another user. This makes it difficult to answer security questions like 'what permissions does this user have' or 'who has access to this feature/field'.
While it would be great to show all the permissions a role has on the role page, that may not be realistic at this time. One solution that we've seen implemented elsewhere is to allow impersonation of an admin so that someone can see what the lower level admin has access to. This also helps when providing internal support to users as you can see what they see.
Typically this comes with a few provisos - usually the admin you're impersonating can't have more permissions than you have (this could also be limited so that only those with the full 'Administrator' role can impersonate), and if the admin makes any changes to records those changes would be associated with the impersonator not the person being impersonated.
Please sign in to leave a comment.