Roles & Permissions
Understanding the role hierarchy and what each role can do
Every team member is assigned a role that controls what they can see and do within the helpdesk. Roles follow a strict hierarchy — higher roles can do everything lower roles can, plus additional capabilities.
Roles
| Role | What they can do |
|---|---|
| Owner | Full control over the helpdesk. Manage billing, configure settings, invite and manage all team members. Only owners can promote another user to admin. |
| Admin | Manage helpdesk settings, departments, channels, and team members (supervisors, agents, and viewers). Handle tickets with full visibility across the organisation. |
| Supervisor | Oversee agents and their tickets. Can view all tickets in scope, reassign work, and manage agents — but cannot access Settings or manage other supervisors or admins. |
| Agent | The day-to-day support role. View and respond to tickets, manage contacts, use canned responses, and add internal notes. Cannot access settings or manage other users. |
| Viewer | Read-only access. Can view tickets and contact profiles but cannot reply, create tickets, or change anything. Useful for stakeholders who need visibility without participation. |
Role display names are customisable. Owners and admins can rename the Supervisor, Agent, and Viewer labels in Settings → Terminology to match the language your organisation uses.
Role Hierarchy
Roles are ordered: Owner > Admin > Supervisor > Agent > Viewer. A user can only manage team members at a lower level:
- Owners can manage all roles.
- Admins can manage supervisors, agents, and viewers.
- Supervisors can manage agents and viewers.
- Agents and Viewers cannot manage other users.
This prevents situations where someone could elevate their own access or modify a peer's permissions.
Visibility Scope
In addition to their role, each team member has a visibility scope that controls which tickets they can see:
| Scope | What they see |
|---|---|
| All | Every ticket across the helpdesk. |
| Department | Only tickets assigned to their department(s). |
| Assigned Only | Only tickets directly assigned to them. |
Owners and admins always see all tickets, regardless of their scope setting. Scope is most relevant for agents, where it lets you restrict visibility to just their area of responsibility.
Combining Role and Scope
Role and scope work together. For example:
- An agent with department scope can view and respond to tickets in their department, but cannot see tickets in other departments or access settings.
- An admin with all scope (the default) can manage settings, view every ticket, and manage agents across all departments.
This two-dimensional model keeps configuration simple while giving you the flexibility to match your team structure.
Watchers
In addition to being assigned a role, any team member can be added as a Watcher on individual tickets. Watchers receive the same email notifications as the assignee — new replies, status changes, escalations, and SLA alerts — without being responsible for the ticket themselves.
Watchers are managed per-ticket from the ticket detail panel. Any owner, admin, supervisor, or agent can be added as a watcher. Being a watcher is independent of role: an agent can watch a ticket owned by another agent, and a viewer cannot be added as a watcher.
Adding or removing a watcher is recorded in the ticket's activity log. See Messaging → Watchers for full details.