Group Permissions

When assigning an agent to a group, Zammad gives you fine-grained control over what actions that agent can perform within it:

The group permission setting in the Edit User dialog

Use the group permission table to grant per-group privileges.

Within each group, the different permissions allow an agent to…

READ

…view tickets

CREATE

…create new tickets

CHANGE

…modify existing tickets

OVERVIEW

…see ticket overviews (but not ticket details)

FULL

…all of the above and be assigned / receive notifications for tickets

Note

🔔 Full group access also enables notifications for that group’s tickets.

Setting Permissions

There are two ways to define an agent’s per-group permission levels:

  1. Directly, in the Edit User dialog in the table of group permissions:

    Screenshot showing the group assignment to a user in the user edit dialog.

    Simply set your permission levels right on the target user.

  2. Implicitly, by editing a user role

    First, head over to Roles to set up the permissions you want to assign. Example:

    Group permissions table in edit role dialog

    Then you are good to go to assign the role to a user in the user edit dialog. Example:

    Screenshot shows the role assignment in the user edit dialog

Attention

Make sure to click on the ➕ Add button after assigning the last group. Otherwise, your last selection will not be saved.

Note

⚖️ We recommend choosing one or the other; things can get confusing if you use both at the same time.

So which one is right for you? Whichever one is less work. If you’re trying to assign multiple agents to the same group with the same permissions, create a role for them to share—that’s what roles are for!

🤔 Can’t see the group permission table?

Please make sure that you have selected the ticket.agent permission for the user or role.

Examples

“The Standard Issue”
The group permission table, checked "Full"

When a system only has one group, this is the default permission level assigned to all agents. Unless you have special needs in mind, this is the way to go.

“The Supervisor”
The group permission table, checked "Read", "Create", "Change", and "Overview

Agents with all permissions except for “full” cannot be assigned tickets. Otherwise, their privileges are identical to agents with “full” access. Great for letting other people do the real work.

“The Meddler”
The group permission table, checked "Read", "Change", and "Overview

Agents with “read”, “change”, and “overview” access can do everything except create tickets or be assigned to them. Great for getting involved in other people’s business.

“The Intern”
The group permission table, checked "Create"

Agents with only “create” permission can do just that, and nothing else—once they hit Save, they’ll never see that ticket again. Great for taking phone calls for someone more important than you.