Group Access Levels¶
When assigning an agent to a group, Zammad gives you fine-grained control over what actions that agent can perform within it:

Use the group access table to grant per-group privileges.¶
Within each group, the different access levels allow an agent to…
- READ
…view tickets
- CREATE
…create new tickets
- CHANGE
…modify existing tickets
- OVERVIEW
…see ticket overviews (but not ticket details)
- FULL
…all of the above and be assigned / receive notifications for tickets
Note
🔔 Full group access also enables notifications for that group’s tickets.
Setting Access Levels¶
There are two ways to define an agent’s per-group access levels:
Directly, in the Edit User dialog
Simply set your access levels right on the target user.¶
Implicitly, by editing a user’s roles
First, set your access levels on a role…¶
…then, add that role to the target user.¶
Note
⚖️ We recommend choosing one or the other; things can get confusing if you use both at the same time.
So which one is right for you? Whichever one is less work. If you’re trying to assign multiple agents to the same group with the same access levels, create a role for them to share—that’s what roles are for!
Examples¶
- “The Standard Issue”
-
When a system only has one group, this is the default access level assigned to all agents. Unless you have special needs in mind, this is the way to go.
- “The Supervisor”
-
Agents with all permissions except for “full” cannot be assigned tickets. Otherwise, their privileges are identical to agents with “full” access. Great for letting other people do the real work.
- “The Meddler”
-
Agents with “read”, “change”, and “overview” access can do everything except create tickets or be assigned to them. Great for getting involved in other people’s business.
- “The Intern”
-
Agents with only “create” access can do just that, and nothing else—once they hit Save, they’ll never see that ticket again. Great for taking phone calls for someone more important than you.