As organizations grow bigger, admins are tasked to define specific responsibilities and privileges for different roles whilst ensuring that they secure the company’s sensitive data. 

With Roles & Role-based Access Controls, admins can either associate a built-in role to an agent or define permissions from scratch using custom roles. They can further enforce fine-grained access control to data for every role so agents have access to only what they need to perform their jobs.

There are two kinds of roles within Freshservice:

  • Built-in Roles

  • Custom Roles

What are built-in roles? [Available on all plans]

They are default roles within Freshservice that help admins save the time and hassle of defining permissions and responsibilities pertaining to each role.

What are custom roles? [Available on all Plans]

Custom roles let you customize the role from scratch and lets you define the actions they can perform across various modules that best suits the requirements of your organization

How to create a custom role

  • Navigate to  Admin -> Roles and click on New Role. 

  • Enter a name and description for the role.

  • Select the appropriate privileges under Tickets, Problems, Changes, Releases, Assets, Announcements, Solutions, Reports and Administration.

  • Once you're done, click Save. 

1. Perform Operational Admin actions: This lets you manage agents and perform all actions within the service desk and allows you to modify specific configurations.
2. Play God with Super Admin controls:This lets you configure everything within the Admin tab in your service desk. 

Note:  You can determine whether admins need access to the account and billing information by checking the “Include Account Management” box.

How to associate a role & define access [Available on all plans]

  • If you’re adding a new agent, navigate to Admin -> Agents -> New Agent (or) click on Edit icon next to the Agent name for an existing agent.

  • Choose the groups you would want to add the agent as member/ observer and define what kind of notifications need to be enabled if they’re a member/observer.

Know more about how to Add Members and Observers

Note: The ability to add observers is only available in the Pro and Enterprise plan

  • Click on +Add Role to designate the role and select the access level they need for a particular role and click on Save.

What are the different access levels/scopes?

  • Across all groups in the Helpdesk:

For eg: Sarah whose an Admin can perform all actions pertaining to the role across all groups regardless of whether she’s a part of the group.

Note: This applies to all Admin/ Account admin roles

  • In all groups they’re a member of: 

For eg: Adam, who’s a Change Manager (Change management team, Incident team) can perform all actions pertaining to his role in groups where he has been added as a member. 

  • For items assigned to them: 

For eg: Tony, who’s an SD Agent, can perform all actions pertaining to his role only for items assigned specifically to him.

  • In the groups [Only available on the Pro and Enterprise plan]

For eg: Rachel, who’s a supervisor, can perform actions pertaining to her role only for the groups specified such as the facilities and operations team, and not for all the other groups that she’s a part of.