Admin Permissions

Note

📁 Permissions are namespaced, which is sort of like having files inside of folders.

The permissions listed on this page all belong to the admin namespace. You can select them individually, or you can just select admin to enable the whole bunch.

Admin permissions in the New Role dialog

Admin permissions are shown at the top of the New Role dialog…

Screenshot showing admin settings within Zammad.

…and give users access to the pages of the Admin Panel.

x

admin.api

System > API

admin.branding

Settings > Branding

admin.calendar

Manage > Calendars (required for SLAs)

admin.channel_chat

Channels > Chat

Hint

🤓 Trying to grant access to send messages in live chats?

Use chat.agent instead.

admin.channel_email

Channels > Email

admin.channel_facebook

Channels > Facebook

Hint

🤓 Trying to grant access to view/update tickets from Facebook?

That’s in Group Access Levels.

admin.channel_formular

Channels > Form

admin.channel_google

Channels > Google

admin.channel_microsoft365

Channels > Microsoft 365

admin.channel_sms

Channels > SMS

admin.channel_telegram

Channels > Telegram

Hint

🤓 Trying to grant access to view/update tickets from Telegram?

That’s in Group Access Levels.

admin.channel_twitter

Channels > Twitter

Hint

🤓 Trying to grant access to view/update tickets from Twitter?

That’s in Group Access Levels.

admin.channel_web

Channels > Web

admin.core_workflows

System > Core Workflows

admin.data_privacy

System > Data Privacy

Danger

🔥 This permission allows users to permanently delete data on the system. Proceed with caution!

admin.group

Manage > Groups

admin.integration

System > Integrations

admin.knowledge_base

Manage > Knowledge Base

Hint

🤓 Trying to grant access to read/edit knowledge base articles?

Use knowledge_base.reader and knowledge_base.editor instead, and double-check the answer’s visibility.

admin.macro

Manage > Macros

Note

In some cases, macros may also require admin.tag.

admin.maintenance

System > Maintenance

admin.monitoring

System > Monitoring

admin.object

System > Objects

admin.organization

Manage > Organizations

Note

Agents can access existing organizations from the search bar, even without this permission. They can even edit an organization’s name, domain, and notes!

admin.overview

Manage > Overviews

admin.package

System > Packages

admin.report_profile

Manage > Report Profiles

Hint

🤓 Trying to grant access to view reports?

Use report instead.

admin.role

Manage > Roles. 🧐

admin.scheduler

Manage > Scheduler for automation on tickets

admin.security

Settings > Security settings of Zammad This also covers third party authentications.

admin.session

System > Sessions

admin.setting_system

Settings > System of Zammad

admin.sla

Manage > SLAs

admin.tag

Manage > Tags

admin.template

Manage > Templates

admin.text_module

Manage > Text Modules

admin.ticket

Settings > Tickets (does not grant access to Composer Settings)

admin.time_accounting

Manage > Time Accounting

Hint

This permission may be useful for accounting personnel if they need to be able to export timekeeping records.

admin.translation

System > Translations (also enables inline translation)

admin.trigger

Manage > Triggers

admin.user

Manage > Users

Note

🤔 I thought agents could already manage user accounts?

Agents can create and edit customers, but they can’t:

  • modify anyone’s permissions (roles or groups)

  • modify anyone’s passwords

  • edit other agent’s accounts

Danger

🏴‍☠️ This permission allows users to hijack other user sessions.

To learn more, see Taking over a user’s session.