Role-Based Access Control
Role-Based Access Control, or RBAC, lets you give each person the level of access they need for their work. Start with broad roles, then use teams and ticket visibility to shape what people can see day to day.
How roles work in FyneDesk
Each workspace member has one role. That role grants a bundle of permissions, such as managing users, changing settings, working tickets, viewing reports, or reading audit logs.
Admins assign roles from Settings → Users. Role options are plan-aware, so a role that requires Pro or Business appears locked until the workspace is on the right plan.
Choosing the right role
Use the least powerful role that lets someone do their job. You can always raise access later, and keeping roles tight makes audits and offboarding cleaner.
- Use Owner sparingly. Keep ownership limited to the person or small group responsible for the account.
- Use Admin for trusted workspace operators. Admins can change settings and user access, so do not use Admin as the default support role.
- Use Support Manager for team leads. This keeps day-to-day support leadership separate from billing and security administration.
- Use Agent for normal ticket work. Agents can handle support without broad workspace control.
- Use Restricted Agent for narrower operational work. This is useful for contractors, BPO teams, seasonal staff, and probationary agents.
- Use Collaborator for internal experts. Give product, engineering, finance, or HR people a way to add private context without making them full agents.
- Use Auditor for read-only oversight. Auditors should be able to review activity without changing customer-facing records.
Plan availability
Every workspace includes the core Owner, Admin, and Agent roles. Pro adds more operational roles for growing support teams. Business adds read-only audit access and the strongest permission controls.
For full plan details, see Plans.
Assigning or changing a role
You need the right admin permission to invite users or change roles.
- 1 Go to Settings → Users in the FyneDesk app.
- 2 Invite a new person, or open the options for an existing user.
- 3 Choose the role that matches the work they should do.
- 4 Save the change. The updated access applies the next time the user loads the app.
Inviting Team Members covers the full invitation flow.
Use roles with teams and ticket visibility
Roles are only one layer of access. Teams and ticket visibility help you keep each agent focused on the right work.
- Teams group people by department, shift, specialty, or customer segment.
- Ticket visibility can limit agents to tickets assigned to them, their teams, or tags mapped to their teams.
- Roles decide whether those people can manage tickets, reports, settings, users, or audit views.
For scoped queues, see Team Ticket Visibility. For group setup, see Team Management.
Recommended setup patterns
Small support team
Use one Owner, one Admin, and Agents for everyone else. Add teams once people start handling different workstreams.
Growing support organization
Use Support Manager for team leads, Agent for regular support staff, Restricted Agent for external or limited-scope staff, and Collaborator for internal experts who only need to add context.
Compliance-heavy workspace
Use Business with Auditor access for reviewers, keep Admin access limited, turn on MFA requirements, and review inactive users regularly.
Access review checklist
- Confirm every Admin still needs administrative access.
- Check whether team leads can use Support Manager instead of Admin.
- Move external or temporary staff to Restricted Agent when possible.
- Use Collaborator for internal specialists who do not need to resolve tickets.
- Use Auditor for review-only access instead of sharing an Admin account.
- Deactivate users who no longer need access instead of leaving accounts active.
- Review team membership and ticket visibility rules after department changes.
Frequently asked questions
Can a user have more than one role?
No. A workspace member has one role at a time. Use teams and ticket visibility to shape scope within that role.
Can I create custom roles?
FyneDesk currently provides system roles designed around common support operations. If your organization needs a custom access model, contact us so we can understand the workflow.
Are customers controlled by these roles?
No. These roles are for workspace members. Customer and client portal access is separate from internal staff access.
What happens if I downgrade?
Roles that require a higher plan may become unavailable for new assignment. Review your Users page before changing plans so you know which access changes are needed.
Does RBAC replace asset permissions?
No. Workspace roles set broad access. Asset Permissions can add more detailed controls for asset workflows and asset management tasks.