As organizations grow bigger, admins are tasked to define specific responsibilities and privileges for different roles ensuring that they secure the company’s sensitive data. 

With Roles & Role-based Access Controls, admins can either associate a built-in role to an agent or define permissions from scratch using custom roles. They can further enforce fine-grained access control to data for every role so agents have access to only what they need to perform their jobs.

There are two kinds of roles within Freshservice:

  • Built-in Roles

  • Custom Roles

What are built-in roles? [Available on all plans]

They are default roles within Freshservice that help admins save the time and hassle of defining permissions and responsibilities pertaining to each role.

What are custom roles? [Available on all Plans]

Custom roles let you customize the role from scratch and lets you define the actions they can perform across various modules that best suit the requirements of your organization

How to create a custom role

  • Navigate to  Admin -> Roles and click on New Role. 

  • There are two types of roles you can create Admin and Agent. 

  • Enter a name and description for the role.

  • For Agent roles select the appropriate privileges under Tickets, Problems, Changes, Releases, Assets, Announcements, Solutions, and Reports. 

  • For Admin roles select the appropriate Administration access

  • Select the appropriate privileges under Tickets, Problems, Changes, Releases, Assets, Announcements, Solutions, Reports and Administration.

  • Once you're done, click Save. 

1. Perform Operational Admin actions: This lets you manage agents and perform all actions within the service desk and allows you to modify specific configurations.
2. Play God with Super Admin controls: This lets you configure everything within the Admin tab in your service desk. 

Note:  You can determine whether admins need access to the account and billing information by checking the “Include Account Management” box.

How to associate a role & define access [Available on all plans]

  • If you’re adding a new agent, navigate to Admin -> Agents -> New Agent (or) click on the Edit icon next to the Agent name for an existing agent.

  • Under the Permission tab choose the groups you would want to add the agent as a member/ observer and define what kind of notifications need to be enabled if they’re a member/observer. 

Know more about how to Add Members and Observers

Note: The ability to add observers is only available in the Pro and Enterprise plan

  • Click on +Add Role to designate the role select the access level they need for a particular role and click on Save.

What are the different access levels/scopes?

Across all groups in the Helpdesk:

For eg: Sarah who is an Admin can perform all actions pertaining to the role across all groups regardless of whether she’s a part of the group.

Note: This applies to all Admin/ Account admin roles

In all groups they’re a member of: 

Example: Adam, who’s a Change Manager (Change management team, Incident team) can perform all actions pertaining to his role in groups where he has been added as a member. 

For items assigned to them: 

Example: Tony, who’s an SD Agent, can perform all actions pertaining to his role only for items assigned specifically to him.

In the groups [Only available on the Pro and Enterprise plan]

Example: Rachel, who’s a supervisor, can perform actions pertaining to her role only for the groups specified such as the facilities and operations team, and not for all the other groups that she’s a part of.