Zendesk admin center roles and permissions: Complete guide for 2026

Stevia Putri
Written by

Stevia Putri

Last edited February 27, 2026

Expert Verified
Banner image for Zendesk admin center roles and permissions: Complete guide for 2026

Managing who can do what in your Zendesk instance is one of those tasks that seems simple until you actually need to set it up. The Admin Center gives you control over user access, but with multiple role types across different Zendesk products, it's easy to get lost in the details.

This guide breaks down everything you need to know about Zendesk admin center roles and permissions. We'll cover standard roles, custom roles, workspace permissions, and practical tips for setting up your team correctly the first time.

Zendesk landing page with customer service platform overview
Zendesk landing page with customer service platform overview

Understanding Zendesk's role hierarchy

Zendesk organizes users into a clear hierarchy based on what they need to accomplish. At the top level, there are three categories of users:

End users are your customers. They submit tickets, track their requests, and access your help center. They never see the admin side of Zendesk.

Team members are your internal staff. This includes agents who handle tickets, administrators who configure the system, and the account owner who manages billing and subscriptions.

Custom roles exist only on Enterprise plans. These let you create specialized permission sets that fall somewhere between standard agent and admin capabilities.

The key thing to remember: roles determine what users can see and do across Zendesk. An agent with restricted ticket access won't see tickets outside their assigned groups, even if they have the "agent" title. An admin can access everything by default, but you can limit this on Enterprise plans through custom roles.

Standard user roles in Zendesk Support

End users (customers)

End users are why you've got a help desk in the first place. They can submit tickets through any channel you've enabled (email, web form, messaging), track their ticket status, and access your help center content. Their comments on tickets are always public, which means agents and other end users can see them.

You have two main options for end user access:

  • Open support: Anyone can submit tickets, with or without registration
  • Closed support: Only registered end users can submit tickets

Most businesses start with open support for simplicity, then move to closed support as they grow or handle sensitive data.

Agents

Agents are the bulk of your support staff. They're assigned tickets, communicate with customers, and use Zendesk's tools to resolve issues. But not all agents have the same access.

Every agent must belong to at least one group, and their ticket access determines what they can see:

  • All tickets: Full visibility across your entire Zendesk instance
  • Group tickets only: Only tickets assigned to their groups
  • Organization tickets: Only tickets from end users in their organization
  • Assigned tickets only: Only tickets specifically assigned to them

Here's where it gets interesting. An agent with access to "all tickets" can assign tickets to any group and create or edit end user profiles. An agent with restricted access (anything other than "all tickets") has limited user management capabilities. This makes sense when you think about it: if an agent can only see their group's tickets, they shouldn't be able to edit profiles of users who might have tickets in other groups.

Agents can also create personal macros and views to speed up their work, and they can access reports if they have permission to view all tickets.

Administrators

Admins are agents with extra capabilities. They can do everything agents can do, plus:

  • Access all tickets regardless of assignment
  • Create and edit business rules (automations, macros, triggers, views)
  • Install and configure apps from the marketplace
  • Create and edit reports
  • Manage account settings, ticket fields, and channels
  • Add, manage, and delete any user (end users, agents, other admins)
  • Promote agents to admin status
  • Create groups and organizations
  • Assume an end user's identity (useful for troubleshooting)

On Enterprise plans, admins can also create custom agent roles to delegate specific permissions without giving full admin access.

Account owner

The account owner is a special type of administrator. There's only one per Zendesk account, and this person is typically whoever originally created the account. The account owner has unique permissions that even other admins don't have:

  • Managing subscription changes and billing
  • Payment management
  • Transferring account ownership to another admin

Only the account owner can update their own account owner profile. Other admins cannot modify account ownership settings.

Zendesk Guide and Knowledge roles

If you're using Zendesk Guide (the help center/knowledge base product), there's a separate permission system for content management. These roles work alongside your Support roles.

RoleWhat they can do
Anonymous userView public help center content without signing in
End userView content, comment on articles, vote, subscribe to sections
Knowledge viewerInternal staff with view-only access (same as end user)
Knowledge agentCan edit and publish articles where explicitly granted permission
Knowledge adminFull help center management: all articles, themes, settings

The important distinction here: being a "Knowledge agent" doesn't automatically let you edit all articles. Article-level permissions determine where Knowledge agents can actually make changes. A Support agent might have Knowledge agent privileges but only be able to edit articles in specific sections.

Knowledge admins, on the other hand, have full control. They can manage themes, configure help center settings, add or delete categories and sections, and edit any article.

Guide admin permissions for help center management
Guide admin permissions for help center management

Custom agent roles (Enterprise plans only)

Here's where Zendesk gets flexible. On Enterprise plans, you're not stuck with the standard agent/admin binary. You can create up to 197 custom roles with granular permissions.

System custom roles

Zendesk provides three predefined custom roles to get you started:

Advisor: Manages workflow and configuration but doesn't solve tickets. They can create automations, macros, triggers, and views. They can set up SLAs and channels. But they can only create tickets on behalf of end users and make private comments. This role works well for people who need to configure the system without handling customer conversations.

Staff: The standard ticket-solving agent. They handle tickets, create tickets for end users, edit tickets within their groups, view reports, and create personal views and macros. This is your frontline support role.

Team lead: Has more access than staff agents. They can read and edit all tickets (not just their group's), moderate forums, create tickets for end users, and manage end users, groups, and organizations. This role suits senior agents or supervisors who need broader visibility.

Creating custom roles

When you create a custom role, you choose from eight permission categories:

CategorySample permissions
TicketsAccess level, comment types, editing, merging, deletion
PeopleUser management, group management, organization management
ChannelsChannel management, social media, chat, phone
Agent workflowViews, macros, dynamic content, side conversations
Business rulesAutomations, triggers, SLAs, skills
Security & privacyDeletion schedules, audit logs, data masking
Help centerKnowledge management, article publishing
AnalyticsExplore access, report creation, data visibility

Each category has multiple specific permissions you can toggle on or off. For example, under Tickets, you might let an agent "edit ticket properties" but not "delete tickets" or "merge tickets."

There are some permissions you cannot assign to custom roles, even on Enterprise:

  • Creating or editing other agent or admin profiles
  • Installing apps
  • Changing a user's role
  • Bulk importing users or organizations
  • Deleting call recordings
  • Assuming other agents' identities
  • Editing subscriptions
  • Generating API tokens

These remain admin-only capabilities.

Zendesk Admin Center custom roles interface with permission summaries
Zendesk Admin Center custom roles interface with permission summaries

Managing roles in the Admin Center

Accessing role settings

To manage roles, open any Zendesk product and click the Zendesk Products icon (the grid/waffle icon) in the top bar. Select Admin Center, then navigate to People > Team > Roles. For detailed steps, see Zendesk's guide to managing roles.

The Roles page shows all your custom roles if you're on Enterprise. On lower-tier plans, you'll see the standard roles without the ability to create new ones.

Assigning roles to team members

You can assign roles in two ways:

From the role settings:

  1. Find the role you want to assign
  2. Click the options icon and select Edit
  3. Click Actions > Assign role
  4. Select team members from the list or search by name
  5. Click Assign role

From the agent's profile:

  1. Go to People > Team > Team members
  2. Click on the agent's name
  3. Edit their profile and change the role assignment

Agents cannot modify their own roles or permissions. They also cannot manage admin roles, even if they have permission to create and edit other custom roles.

Workspace permissions (Zendesk QA)

If you're using Zendesk QA (Quality Assurance) or Workforce Engagement Management, there's another layer of permissions: workspace roles. These apply within specific QA workspaces and can differ from the user's account-level role.

Workspace roleCapabilities
ManagerView all reviews, manage all workspace settings
LeadView everything, manage quizzes/assignments/groups/disputes/calibration
ReviewerView all reviews, perform peer reviews, cannot edit settings
AgentView own conversations, reply to feedback, view CSAT, self-reviews

A user might be an Admin at the account level but only a Reviewer in a specific workspace. Or they could be a standard Agent in Support but a Lead in QA. These workspace permissions are managed separately from your main Support roles.

Workspace roles for QA quality reviews with granular permission controls
Workspace roles for QA quality reviews with granular permission controls

Best practices for role management

Getting roles right from the start saves you headaches later. Here are some practical guidelines:

Start with the principle of least privilege. Give users the minimum access they need to do their job. It's easier to add permissions later than to clean up after an overly permissive setup.

Document your role structure. As you create custom roles, write down what each role is for and who should have it. This helps when onboarding new team members and prevents role creep over time.

Review roles quarterly. People change jobs, teams reorganize, and permissions accumulate. Set a calendar reminder to audit who has what access and whether it still makes sense.

Use groups alongside roles. Roles determine what users can do; groups determine which tickets they handle. A well-designed setup uses both: roles for permissions, groups for ticket routing.

Be careful with "all tickets" access. Only give this to people who genuinely need to see everything. It's a security risk and can overwhelm agents with irrelevant tickets.

Test custom roles before rolling them out. Create a test agent account with your new custom role and verify they can do what they need to do (and can't do what they shouldn't).

Enhancing Zendesk administration with eesel AI

Managing Zendesk roles and permissions is important, but it's just one piece of running an efficient support operation. Once your roles are configured, you might find yourself wanting to automate more of the routine work that fills your agents' days.

eesel AI instructions panel showing natural language configuration for setting up AI agent behavior and escalation rules.
eesel AI instructions panel showing natural language configuration for setting up AI agent behavior and escalation rules.

At eesel AI for Zendesk, we've built an AI teammate that works within your existing Zendesk setup, respecting the role structure you've carefully configured.

Our AI Agent for Zendesk can handle frontline support tickets autonomously, draft replies for human review, or triage and route tickets based on content. It integrates directly with your Zendesk instance and learns from your past tickets, help center articles, and macros.

The key thing: our AI works within your permission framework. It won't try to access tickets or perform actions that exceed the boundaries you have set for your team. You control what it can see and do, just like any other team member.

If you're spending too much time on repetitive ticket handling after getting your roles sorted, check out how eesel AI works with Zendesk. It might save your team hours every week.

Getting started with Zendesk roles

If you're setting up Zendesk for the first time, here's a quick checklist:

  1. Identify your account owner (usually whoever created the account)
  2. Add your admins (people who need to configure the system)
  3. Create groups for your team structure (Support, Sales, Tier 2, etc.)
  4. Add agents with appropriate ticket access levels
  5. Set up custom roles (if on Enterprise) for any specialized needs
  6. Configure Knowledge roles if using Guide
  7. Document everything so future you knows why you made these choices

Remember, you can always adjust roles as your team grows. The goal is to give people enough access to be effective without creating security risks or overwhelming them with irrelevant information.

For more on navigating the Admin Center itself, our guide on how to navigate Zendesk's admin center like a pro covers the interface in detail.

Frequently Asked Questions

What are the standard Zendesk admin center roles and permissions available on all plans?
All Zendesk plans include end user, agent, administrator, and account owner roles. End users submit tickets and access the help center. Agents handle tickets with configurable access levels. Administrators manage the system and can access all tickets. The account owner has unique billing and subscription permissions.
Can I create custom Zendesk admin center roles and permissions on lower-tier plans?
No, custom agent roles are only available on Suite Enterprise plans ($169 per agent per month billed annually). Team, Suite Team, and Suite Professional plans are limited to the standard predefined roles.
How do Zendesk admin center roles and permissions work with the Knowledge/Guide product?
Guide has its own role system that works alongside Support roles. Knowledge viewer has read-only access. Knowledge agent can edit articles where explicitly granted permission. Knowledge admin has full help center management. Support admins automatically have Knowledge admin privileges.
What's the difference between ticket access levels for agents in Zendesk admin center roles and permissions?
Agents can have access to all tickets, only tickets in their groups, only tickets from their organization, or only tickets assigned to them. All tickets access is required for assigning tickets to other groups and editing end user profiles. Restricted access limits what the agent can see and do.
How many custom roles can I create with Zendesk admin center roles and permissions on Enterprise?
You can create up to 197 custom agent roles on Enterprise plans. Each role must have a unique name and can be configured with granular permissions across eight categories: Tickets, People, Channels, Agent Workflow, Business Rules, Security & Privacy, Help Center, and Analytics.
Can agents change their own Zendesk admin center roles and permissions?
No, agents cannot modify their own role assignments or permissions. They also cannot manage admin roles, even if they have permission to create and edit other custom roles. Only administrators can change role assignments.
What permissions are reserved for administrators and cannot be assigned to custom Zendesk admin center roles and permissions?
Certain permissions remain admin-only: creating or editing other agent/admin profiles, installing apps, changing user roles, bulk importing users or organizations, deleting call recordings, assuming other agents' identities, editing subscriptions, and generating API tokens.

Share this article

Stevia Putri

Article by

Stevia Putri

Stevia Putri is a marketing generalist at eesel AI, where she helps turn powerful AI tools into stories that resonate. She’s driven by curiosity, clarity, and the human side of technology.

Related Posts

All posts →
Banner image for Zendesk Admin Center: The complete guide for 2026
Guides

Zendesk Admin Center: The complete guide for 2026

A complete walkthrough of the Zendesk Admin Center covering navigation, key sections, AI capabilities, and practical tips for administrators in 2026.

Stevia PutriStevia PutriMar 3, 2026
Banner image for Zendesk views permissions explained: Who sees what and how to configure access
Guides

Zendesk views permissions explained: Who sees what and how to configure access

A practical guide to understanding Zendesk view permissions, including who can see personal and shared views, how to configure access by role, and troubleshooting common visibility issues.

Stevia PutriStevia PutriFeb 25, 2026
Banner image for How to configure Zendesk support addresses: A complete 2026 guide
Guides

How to configure Zendesk support addresses: A complete 2026 guide

A practical guide to configuring Zendesk support addresses, covering both Zendesk-hosted and external email setups with troubleshooting tips.

Stevia PutriStevia PutriMar 2, 2026
Banner image for How to configure Zendesk account settings for ticket forms
Guides

How to configure Zendesk account settings for ticket forms

A practical guide for Zendesk administrators on configuring ticket forms through account settings, including creation, customization, and best practices.

Stevia PutriStevia PutriMar 2, 2026
Banner image for How to configure Zendesk account settings: A complete guide for admins
Guides

How to configure Zendesk account settings: A complete guide for admins

Master Zendesk account configuration with this comprehensive guide covering Admin Center navigation, user permissions, security settings, and channel setup.

Stevia PutriStevia PutriFeb 27, 2026
Banner image for Zendesk roles and permissions explained: A complete guide for 2026
Guides

Zendesk roles and permissions explained: A complete guide for 2026

A comprehensive guide to understanding Zendesk's role hierarchy, from end users to custom Enterprise roles, with practical tips for managing permissions effectively.

Stevia PutriStevia PutriMar 3, 2026
How to navigate Zendesk’s admin center like a pro
Guides

How to navigate Zendesk’s admin center like a pro

Learn how to navigate Zendesk’s Admin Center with confidence. From setting roles to streamlining channels and integrating smart AI tools like eesel, this guide helps you get the most out of your support setup.

Kenneth PanganKenneth PanganJun 10, 2025
Banner image for How to manage Zendesk Explore dashboard permissions
Guides

How to manage Zendesk Explore dashboard permissions

A step-by-step guide to managing Zendesk Explore dashboard permissions, from basic user access to advanced brand restrictions and external sharing security.

Stevia PutriStevia PutriFeb 26, 2026
Banner image for How to set up a Zendesk multi-language help center
Guides

How to set up a Zendesk multi-language help center

A practical guide to configuring Zendesk for multi-language support, from adding languages to managing translations with dynamic content.

Stevia PutriStevia PutriFeb 25, 2026

Ready to hire your AI teammate?

Set up in minutes. No credit card required.

Get started free