How to Configure Freshservice Agent Roles and Permissions?

Quick Summary

Configuring agent roles and permissions in Freshservice allows IT teams to control exactly what each team member can see, do, and manage. This article walks you through the complete process — from understanding built-in roles to creating custom permission sets — so your service desk operates securely and efficiently.

Freshservice is a cloud-based IT Service Management (ITSM) platform developed by Freshworks. It helps IT teams manage incidents, service requests, assets, changes, and much more within a single, unified interface. To learn more about the platform, visit Freshservice ITSM Software.

One of the most critical — yet often overlooked — aspects of setting up Freshservice is properly defining who can access what. Agent roles and permissions determine the boundaries within which each team member operates. Without a clear configuration, you risk either granting too much access (creating security vulnerabilities) or too little (slowing down your support operations). This article reveals exactly how to configure Freshservice agent roles and permissions step by step.

---

What Are Agent Roles in Freshservice and Why Do They Matter?

In Freshservice, agent roles define the level of access and the set of actions available to each support team member. Think of a role as a permission template: instead of assigning individual permissions to every agent, you create a role and then assign that role to multiple agents at once. This approach saves time and reduces the chance of misconfiguration.

Freshservice ships with several built-in roles that cover the most common use cases. Furthermore, administrators can create custom roles to match unique organizational needs. Roles are scope-aware, meaning you can restrict an agent’s access to specific groups, ticket types, or business units.

What Built-In Roles Does Freshservice Provide?

Freshservice includes the following default roles out of the box:

Role Name	Primary Access Level	Typical Use Case
Administrator	Full access to all modules and settings	IT managers, system owners
Account Administrator	Full access including billing and account settings	IT directors, team leads with billing control
Agent	Ticket handling, basic asset view	First-line support staff
Observer	Read-only access to tickets and reports	Auditors, stakeholders
Supervisor	Manage agents and view reports, limited settings	Team leaders, shift supervisors

Understanding these built-in roles is the first step before you start creating custom configurations. Most organizations use Administrator and Agent roles as the foundation, then build specialized custom roles on top for departments like HR, Finance, or Facilities.

---

How Do You Access the Roles and Permissions Settings in Freshservice?

Navigating to the roles configuration area in Freshservice is straightforward. However, you need Administrator-level access to make changes. Follow these steps to reach the settings:

1. Log in to your Freshservice account as an Administrator.
2. Click the Admin icon (gear symbol) in the left sidebar.
3. Under the Agent Management section, select Roles.
4. Here you will see the list of all existing roles, both default and custom.

From this screen, you can view, edit, clone, or delete roles. Additionally, Freshservice displays how many agents currently use each role, which helps you understand the impact of any changes you plan to make.

---

How Do You Create a Custom Agent Role in Freshservice?

Creating a custom role in Freshservice gives your team precise control over what each agent group can access. This is especially useful for organizations with multiple departments sharing the same Freshservice instance but requiring different levels of access.

What Steps Should You Follow to Build a New Role?

To create a new custom role, navigate to Admin > Roles and click the New Role button in the top-right corner. Then proceed through the following configuration areas:

• Role Name and Description — Give the role a clear, descriptive name (e.g., “HR Service Desk Agent”) and add a short description so other admins understand its purpose.
• Module Permissions — Select which Freshservice modules this role can access, such as Tickets, Problems, Changes, Assets, or Reports.
• Ticket Permissions — Define actions like View, Create, Edit, Delete, and Assign for ticket records.
• Scope — Restrict the role to specific groups, departments, or the entire organization.
• Reporting Access — Decide whether agents with this role can view analytics dashboards or only their own ticket data.

Once you save the role, it immediately becomes available for assignment. Importantly, Freshservice applies changes in real time, so agents assigned to a role see updated permissions the next time they log in or refresh their session.

---

What Permissions Can You Configure for Each Agent Role?

Freshservice offers granular permission controls across multiple modules. Rather than a simple on/off switch, each module supports fine-grained actions. The table below summarizes the key permission categories available:

Module	Available Permissions	Notes
Tickets	View, Create, Edit, Delete, Assign, Merge, Close	Core for all support agents
Problems	View, Create, Edit, Close, Link to Incidents	Relevant for Problem Managers
Changes	View, Create, Edit, Approve, Close	Change Advisory Board members
Assets (CMDB)	View, Create, Edit, Delete, Audit	Asset Managers and IT Ops
Projects	View, Create, Manage Tasks, Close	Project Managers only
Reports & Analytics	View Reports, Export Data, Create Dashboards	Team Leads, Managers
Admin Settings	Manage Agents, Billing, Integrations, Automations	Administrator role only

Consequently, before assigning permissions, map out which teams use each module. For example, your change management team needs access to the Changes module but may not need visibility into asset details. Tailoring permissions this way reduces noise and helps agents focus on what matters most for their function.

---

How Do You Assign Roles to Agents in Freshservice?

After you create roles, the next step is assigning them to the right agents. Freshservice supports two methods for role assignment — individually per agent, or in bulk via agent groups.

How Do You Assign a Role to an Individual Agent?

To assign a role to a single agent, follow these steps:

• Go to Admin > Agents and click on the agent’s name.
• In the agent’s profile, locate the Roles section.
• Use the dropdown to select one or more roles to assign.
• Define the scope (e.g., specific groups or all groups).
• Click Save to apply changes.

Notably, Freshservice allows you to assign multiple roles to a single agent. When an agent holds multiple roles, Freshservice combines the permissions and grants the highest level of access across all assigned roles. Therefore, exercise caution when stacking roles to avoid unintentionally expanding privileges.

How Do You Use Agent Groups to Manage Permissions at Scale?

For larger teams, managing roles individually becomes impractical. Instead, use Freshservice Agent Groups to apply roles to entire teams simultaneously. Here is how this approach works:

• Create an Agent Group under Admin > Groups and add the relevant agents.
• Assign a default role to the group so all members inherit the same base permissions.
• Override individual agent permissions only where specific exceptions are necessary.

This group-based approach dramatically simplifies ongoing management. When a new agent joins a team, adding them to the right group automatically grants all the permissions they need without any additional configuration.

---

How Can You Restrict Agent Access Using Scope Settings?

Beyond module-level permissions, Freshservice provides scope controls that limit the data an agent can see and interact with. Scope settings add an additional layer of security, ensuring agents only access tickets and assets relevant to their team or department.

What Scope Options Are Available in Freshservice?

Freshservice offers three main scope levels when configuring a role:

Scope Level	What the Agent Can See	Best For
Global	All tickets, assets, and records across the organization	Administrators, senior IT staff
Group	Only tickets and records assigned to their specific group(s)	Tier 1 and Tier 2 support agents
Restricted	Only their own assigned tickets and records	Junior agents, contractors

Applying the principle of least privilege — giving agents the minimum access they need — is a security best practice that Freshservice makes easy to enforce through scope settings. As a result, even if an agent’s credentials are compromised, the exposure remains contained.

---

How Do You Audit and Review Agent Permissions in Freshservice?

Regularly auditing agent roles and permissions is just as important as the initial configuration. Over time, roles can accumulate unnecessary permissions as team structures change. Freshservice provides built-in tools to help you stay on top of this.

• Role Usage Report — From Admin > Roles, you can see how many agents are assigned to each role. Roles with zero agents may be candidates for deletion.
• Agent Activity Logs — Freshservice logs agent actions, helping you identify if any agent is performing actions outside their expected scope.
• Audit Log — Available under Admin > Audit Log, this feature tracks all administrative changes including role modifications, new agent additions, and permission updates.

Furthermore, many organizations conduct quarterly access reviews where administrators verify that every agent’s role still matches their current job function. Freshservice’s export features make it easy to pull agent-role mappings into a spreadsheet for review.

---

What Are the Best Practices for Managing Freshservice Roles and Permissions?

Successfully managing roles over the long term requires more than just initial setup. Here are the proven best practices that IT teams use to keep their Freshservice permissions clean and secure:

• Use descriptive role names — Name roles after the function they serve (e.g., “Change Manager”, “Asset Auditor”) rather than generic names like “Role 1”.
• Document every custom role — Maintain a wiki or internal document describing what each custom role does and why it was created.
• Avoid assigning the Administrator role broadly — Reserve full admin access for a small group of trusted IT managers.
• Review permissions after org changes — When departments merge or restructure, immediately audit and update related roles.
• Use role cloning for similar teams — Freshservice lets you clone an existing role as a starting point for a new one, saving configuration time.
• Test new roles with a sandbox agent — Before rolling out a new role to your whole team, assign it to a test account and verify the access level is correct.

---

What Should You Take Away About Freshservice Roles and Permissions?

Configuring agent roles and permissions in Freshservice is one of the most impactful things an IT administrator can do to build a secure, efficient service desk. By starting with the built-in roles, layering in custom roles for specialized teams, and applying scope restrictions to limit data exposure, you create a permission structure that scales as your organization grows.

Moreover, Freshservice makes the entire process manageable through its intuitive Admin interface, group-based assignment system, and audit logging tools. Rather than treating permissions as a one-time setup task, treat them as a living configuration that evolves alongside your team. Regular reviews, clear naming conventions, and the principle of least privilege will keep your Freshservice environment both functional and secure for the long term.

Ready to explore more of what Freshservice can do? Visit Freshservice ITSM Software to learn about the platform’s full capabilities.

---

Frequently Asked Questions

---