Permissions¶

Find a short description about the permissions in Zammad below. Be aware that some of the features require activation and configuration before they are usable. Even though the permissions are grouped by common use cases, you can mix them as you like. Just make sure to maintain an overview of your permissions.

Agent¶

Permission	Access To	Note
`chat.agent`	Customer chat	Requires configuration of chat channel.
`cti.agent`	Caller log	Requires configuration of CTI integration.
`ticket.agent`	This is the main permission for agents to access overviews and tickets	When this permission is granted and more than one group exists, the group permissions table appears to configure the group access levels.

Admin¶

Please be aware that these permissions only grant access to the settings/configuration in Zammad. If you want to grant agents access to tickets, check the section above and learn more about group permissions.

Permission	Access To	Note
`admin.ai_agent`	AI > AI Agents
`admin.ai_assistance_text_tools`	AI > Writing Assistant
`admin.ai_assistance_ticket_summary`	AI > Ticket Summary
`admin.ai_provider`	AI > Provider
`admin.api`	System > API
`admin.branding`	Settings > Branding
`admin.calendar`	Manage > Calendars	Required for SLAs.
`admin.channel_chat`	Channels > Chat	Configuration of chat channel. Access for agents: `chat.agent`.
`admin.channel_email`	Channels > Email
`admin.channel_facebook`	Channels > Facebook
`admin.channel_formular`	Channels > Form
`admin.channel_google`	Channels > Google
`admin.channel_microsoft_graph`	Channels > Microsoft 365 Graph Email
`admin.channel_microsoft365`	Channels > Microsoft 365 IMAP Email
`admin.channel_sms`	Channels > SMS
`admin.channel_telegram`	Channels > Telegram
`admin.channel_web`	Channels > Web
`admin.channel_whatsapp`	Channels > Whatsapp
`admin.checklist`	Manage > Checklist
`admin.core_workflows`	System > Core Workflows
`admin.data_privacy`	System > Data Privacy	Be careful, this allows users to permanently delete data on the system.
`admin.group`	Manage > Groups
`admin.integration`	System > Integrations
`admin.knowledge_base`	Manage > Knowledge Base	Configure knowledge base. For viewing or creating articles, `knowledge_base.reader` or `knowledge_base.editor` are required.
`admin.macro`	Manage > Macros	In some cases, macros may also require `admin.tag`.
`admin.maintenance`	System > Maintenance
`admin.monitoring`	System > Monitoring
`admin.object`	System > Objects
`admin.organization`	Manage > Organizations	Agents can access existing organizations from the search bar, even without this permission. They can even edit an organization’s name, domain, and notes!
`admin.overview`	Manage > Overviews
`admin.package`	System > Packages
`admin.public_links`	Manage > Public Links
`admin.report_profile`	Manage > Report Profiles	Access to view reports: `report`
`admin.role`	Manage > Roles
`admin.scheduler`	Manage > Scheduler
`admin.security`	Settings > Security	This also includes third party authentications.
`admin.session`	System > Sessions
`admin.sla`	Manage > SLAs
`admin.system`	Settings > System
`admin.system_report`	System > System Report
`admin.tag`	Manage > Tags
`admin.template`	Manage > Templates
`admin.text_module`	Manage > Text Modules
`admin.ticket`	Settings > Tickets	Ticket settings. To access tickets as agents, `ticket.agent` is required.
`admin.ticket_auto_assignment`	Settings > Ticket > Auto Assignment
`admin.ticket_duplicate_detection`	Settings > Ticket > Duplicate Detection
`admin.ticket_priority`	System > Objects >Ticket Priority
`admin.ticket_state`	System > Objects >Ticket State
`admin.time_accounting`	Manage > Time Accounting	Also allows the export of accounted time records.
`admin.translation`	System > Translations	Also enables inline translation.
`admin.trigger`	Manage > Triggers
`admin.user`	Manage > Users	Agents can always create and edit customers, but they can’t modify permissions etc. Be aware that this permission allows users to hijack other user sessions.
`admin.webhook`	Manage > Webhook

User Preferences¶

Permission	Access To	Note
`user_preferences.access_token`	Generate API tokens to control Zammad via REST API (system documentation).	Generated tokens will never have more permissions than the user that generated them.
`user_preferences.appearance`	Appearance configuration	Users can switch between dark, light and automatic mode.
`user_preferences.avatar`	Avatar settings	Allows users to add a custom avatar image.
`user_preferences.calendar`	Configure the calendar feed
`user_preferences.device`	Manage device login sessions	Revoking this permission disables “Login detected from a new location” emails. To learn more, see System Notifications.
`user_preferences.language`	Configure the UI locale/language	Allows users to set their preferred language.
`user_preferences.linked_accounts`	Account linking	Manually link accounts after signing in with third-party authentication. Note: If automatic account linking fails, this is the only way users can utilize third-party logins.
`user_preferences.notifications`	Configuration of ticket notifications	Agents only receive ticket notifications for groups they have “full” access to. Customers can’t receive ticket notifications at all.
`user_preferences.out_of_office`	Designate a substitute for out-of-office hours	This does not grant that person the permissions / group access levels of the agent they’re replacing.
`user_preferences.overview_sorting`	Allow users to define their own overview order	Optional permission; disabled by default. The order your user chooses here cannot be overwritten by admins. Renaming or resorting overviews has no effect on custom orders.
`user_preferences.password`	Change account password	Make sure to revoke this permission for all your users when using a third-party identity server (like LDAP) as your only allowed authentication method.
`user_preferences.` `two_factor_authentication`	Allow users to setup and configure their two factor authentication	Two factor authentication has to be enabled that users can setup and configure it.

Misc¶

Permission	Access To	Note
`knowledge_base.editor`	Create and edit permission for knowledge base articles	The editor permission always includes the reader permission.
`knowledge_base.reader`	Read permission for internal (not published) knowledge base articles	Public articles are always visible. See here how to set up granular reader permissions for the knowledge base. Keep in mind that this may be dangerous, as reader permission provides access to internal answers!
`report`	Reporting (user docs)	Make sure to never grant this permission to your customers because it includes all ticket and user information across the entire system! Consider setting up a new role for your admins or supervisors and limit the access via Report Profiles first.
`ticket.customer`	Allows a user to be set as customer of a ticket	Without this permission, customers can’t see the My Ticket overview. But they can still log in and create new tickets.