Enhancement to Agent-/Team-Related Permissions and Corresponding API Changes

When it comes to data security, it is not just the personal information of customers that must be kept secure and confidential. Your agents' personal information is equally important too. The more personal information you collect, the higher the risk of the information getting exposed or falling into the wrong hands. Therefore, establishing robust data security measures to safeguard the agent information stored in your help desk is critical.

To that end, we are excited to introduce a more granular profile-based security setting for managing agents. We made this enhancement with GDPR compliance in mind. As a result, you can now control who can view Personally Identifiable Information (PII) of agents.

We will be modifying our APIs to support the enhancement as well. Here's the list of modifications:

The userAndGroups key will be deprecated from the response of the get profile API.
A new key called agents will be added to the response of the list profiles API. This key will contain five sub-permissions: viewAllFields , add , update , delete , and overview . For more information, refer to the following screenshot.
If the viewAllFields permission is enabled, the response of the get agent API will include all keys permissible.
If the viewAllFields permission is disabled, the response will contain only a handful of keys, namely: id , zuid , lastName , firstName , emailId , isConfirmed , status , photoUrl , and isLightAgent .
If the viewAllFields permission is disabled, the three child CRUD permissions--add, update, and delete--will also be disabled. However, you can disable individual child CRUD permissions as needed, i.e., you can disable the add or update or delete permission individually without affecting the others.
A new permission called Overview will be introduced. You can show or hide the support-related metrics of agents using this permission.
A new permission called team will be introduced. You can manage user access to view/edit team details using this permission.

We request you to try out the new permissions and then modify your API-based code, where needed. For access to these new permissions, send your portal name and the email ID of the portal admin to support@zohodesk.com .

The new enhancement will be made available for all users on the 15th of November, 2019.