Agent administration


we are planning to use zammad. We would like to let internal organization units administrate themselves.
So one admin-light should be able to give groups and group-permissions to “his” agents.
What we do not want is this admin-light to give groups and group-permissions to groups, that do not belong to his organization unit. Is there a chance to achieve this?

Thank you and regards,


Hey @guidoesser,

are you planning on using zammad with local users only or do you have some kind of directory (f. e. Active Directory) which you’re going to integrate?


Hi @svnr-dvnkln,

thank you for answering! Intern we are using LDAP. So we plan to give all users the role customer.
Agents should be controlled by organizational unit admin. Giving roles through LDAP might not be flexible enough. Or in other words I am afraid our users do not know what they need yet.

External users will be there on top, but only customers, so no special permissions needed here.



Perhaps I have to add one more example. We are working with student assistents, so getting these in the right LDAP group just in time to get their user ready for work is often difficult.
We would prefer not to administrate their users from our IT department. So any suggestions how to seperate group administration?



While you can provide (preferebly via LDAP for simplicity) specific users to be administrators with reduced rights (so e.g. user & roles only), you cannot restrict those users to only touch specific users or groups of users.

The permissions always count for the complete menu point and can’t be restricted further.

Thank you for clarifying this question.

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.