Are you worried about agents from different departments having access to confidential data from each other because multiple teams have started using Freshservice? 

With the Restricted Group feature, you can now restrict the visibility of such data. Tickets associated with a Restricted Group will not be visible to admins and agents outside the group, even if the user has the “across all groups in the helpdesk” access level.

To ensure changes to restricted groups are not only brought to the group leader’s notice but also executed upon approval, you can enable the group leader approval option in a restricted group. 

Note: You can control access to only tickets and data related to tickets using Restricted Groups. Access to Problems, Changes, Releases, Projects, etc., shall remain unaffected by this feature.

To create a restricted group:

  1. Access the admin settings using your account credentials. 
  2. Click groups under user management. By default, the agent groups will be listed. 
  3. Click the create new button at the top-right and select agent group
  4. Enter a group name
  5. Click add a description to provide a summary of the group's functions. 
  6. Select the business hours for the group by clicking the dropdown.
  7. Toggle enable Restricted Group 
  8. Select the radio button under the agents section to add agents as members or observers.
  9. Enter or select agents in the search field.
  10. Click the add button. The agents will get listed below the search bar under their respective member or observer modes. 
Note: Every Restricted Group must have at least one group leader. A group leader can be a group member or an observer. Any changes made to the group membership or group configurations will be notified to the group leader via email.

     11. To convert an agent to a group leader, click on the ellipsis symbol, then click on “Grant group leader 

          access”. This option is only visible once you have turned on the Restricted Group setting. 

  12. Click Save, and you’re done. A Restricted Group would look like the following in the agent group list:

Gain additional control over Restricted Groups with Group Leader Approval

Note: This feature will be enabled for new signups on Pro and Enterprise plans on 15-Nov-2021 and for existing customers on Forest, Pro, and Enterprise plans on 30-Nov-2021.

To gain more control over the changes made to a restricted group, you can enable the “Group Leader Approval” option.

Upon enabling this option, the following actions would require approval from the group leader. Additionally, these actions are tracked under Admin> Audit Logs.

  • Disabling group leader approvals for the group

  • Disabling restricted mode for the group

  • Deleting a restricted group

  • Adding new agents to the group

  • Making an agent a group leader

Whenever an admin performs the above actions on a restricted group, an approval request will be sent to that group's group leader.

Note: In the case of multiple group leaders, the approval notification will be sent to all the group leaders. The action performed by the first respondent will be executed, and the approval request sent to the other group leaders will be canceled.

Note: Approval delegation does not apply to Restricted Groups

Adding new agents to a group

Whenever you add an agent or an observer to the group, the agent will not become a part of the group unless a group leader approves this action, if approvals are enabled for the group. In the meantime, the agent will be marked as awaiting/pending approval. 

You can send a reminder email to the group leaders by clicking on the “send approval reminder” icon.

Making an agent a group leader

This action would require the same approval process as described above. 

In case the group has a single group leader, you cannot revoke their group leader status and grant the group leader access to another agent at the same time. You’ll first have to grant the group leader status to another agent and then revoke the access of the initial group leader.

Disabling restricted mode for the group

While this action would require approval from a group leader, doing so will allow the agents outside of the group who have “across all groups in the helpdesk” authorization to access the tickets assigned to the restricted group.

Disabling the group leader approval option for the group

This action, too, will require the group leader’s approval, post which changes to the group’s restricted status, or its members will not require approval.

Deleting restricted group

You can delete a restricted group by going to Admin> Agent Groups and clicking on the “delete” button. Once the group leader approves this action, all tickets assigned to this group will get unassigned and will be visible to all agents who have their access level set to "across all groups in their helpdesk."

Please Note:

Enabling restricted groups on an account also has the following effects:
  1. Agents and admins with access levels set to "across all groups in the helpdesk" cannot see tickets assigned to restricted groups.
  2. User permissions set to "can see all tickets from associated departments/companies" cannot see tickets assigned to restricted groups.
  3. Assuming the identities of agents who belong to restricted groups is not possible. 
  4. Public-facing ticket/approval pages of restricted group tickets will require authentication and can only be viewed by authorized users.