vicket
Get started
Concepts / NÂș 02

Roles & permissions

Vicket uses role-based access control with four built-in roles: owner, admin, agent, viewer. Roles are assigned at the org level. Permissions are checked on every API call; the dashboard hides UI elements the caller can't use.

The role matrix

PermissionOwnerAdminAgentViewer
ticket:readXXXX
ticket:writeXXX
ticket:assignXXX
ticket:deleteXX
status:readXXXX
status:editXX
priority:editXX
article:readXXXX
article:writeXXX
article:publishXX
workflow:editXX
site:createXX
site:deleteX
member:inviteXX
member:role_setXX
apikey:rotateXX
billing:manageX
org:deleteX

Owner

Owner is the only role that can manage billing, delete the org, or change another owner. You cannot demote yourself: the API requires at least one owner per org at all times, and the only way to transfer ownership is to promote another member first.

Teams scope what agents see

Day-to-day visibility is not a role concern but a team one: tickets are visible by team, so an agent only sees the queues of the teams they belong to. Agencies give each client team its own agents; an internal org gives each product team its own queue. Manage both under Settings, Members and Settings, Teams.

Next