Note: Applicable only for accounts in which workspaces have been enabled, and have more than one workspaces created. 


There are two types of permissions that can be granted to agents: 

  1. Account-wide permissions: Only admin roles can be granted at the account-wide level. Users with account-wide admin permissions can access global settings and workspace-specific settings of all non-restricted workspaces
     

  2. Workspace permissions:
    These access levels can be granted in workspaces the user has been added to: 

    1. Across the workspace: Can be granted for admin or agent roles to perform the specified actions within the workspace 

    2. In Member and Observer groups in the workspace: Can be granted for agent roles to access data in groups the agent is explicitly added as a member/observer 

    3. In the groups: Can be granted for agent roles to access data only in specific groups within that workspace

    4. For items assigned to them in the workspace: Can be granted for agent roles to access only the items assigned to the agent 





In cases where the granted access levels are not valid, Freshservice automatically grants the next applicable access level or revokes those permissions. 


Permissions elevated to ‘Across the workspace’ when granted at any other access level: 

  1. Create Problems/Change/Release 

  2. Create and edit Assets

  3. View/create/edit/delete Purchase orders 

  4. Create/edit/delete Announcements 


Permissions elevated to ‘Account-wide’ when granted at any other access level: 

  1. View/work/manage Projects 

  2. View Solutions tab


Permissions elevated to ‘Account-wide’ when granted ‘Across the workspace’:  

  1. View Requesters/Departments 

  2. View/edit/manage User reports


Permissions applicable only ‘Account wide’ and are revoked when granted at any other access level: 

  1. View/Edit/Manage Virtual Agent reports 

  2. Create/Edit/Delete Departments 

  3. Configure asset management

  4. Edit/Delete Requesters 

  5. Assume requester identity 

  6. Configure Financial Management

  7. Play God with Super Admin controls

  8. Include Account Management


Granting an agent access to View/Edit/Manage reports in a particular workspace would automatically grant those permissions in all workspaces they are a part of. However, the data shown in the reports is restricted to the scope of their access within that workspace. 


For example: If Sam is a part of the HR and IT workspace and is granted access to ‘View ticket reports’ in the HR workspace, his permissions would be as below: 

  1. He can view ticket reports across HR and IT workspaces 

  2. In the reports he can access, he can only view the ticket data for the groups he has access to within the HR and IT workspace 


Click here to understand how to manage agents and grant permissions: 

1. Account admin guide 

2. Workspace admin guide