Roles & permissions
Vicket uses role-based access control with four built-in roles: owner, admin, agent, viewer. Roles are assigned at the org level. Permissions are checked on every API call; the dashboard hides UI elements the caller can't use.
The role matrix
| Permission | Owner | Admin | Agent | Viewer |
|---|---|---|---|---|
ticket:read | X | X | X | X |
ticket:write | X | X | X | |
ticket:assign | X | X | X | |
ticket:delete | X | X | ||
status:read | X | X | X | X |
status:edit | X | X | ||
priority:edit | X | X | ||
article:read | X | X | X | X |
article:write | X | X | X | |
article:publish | X | X | ||
workflow:edit | X | X | ||
site:create | X | X | ||
site:delete | X | |||
member:invite | X | X | ||
member:role_set | X | X | ||
apikey:rotate | X | X | ||
billing:manage | X | |||
org:delete | X |
Owner
Owner is the only role that can manage billing, delete the org, or change another owner. You cannot demote yourself: the API requires at least one owner per org at all times, and the only way to transfer ownership is to promote another member first.
Teams scope what agents see
Day-to-day visibility is not a role concern but a team one: tickets are visible by team, so an agent only sees the queues of the teams they belong to. Agencies give each client team its own agents; an internal org gives each product team its own queue. Manage both under Settings, Members and Settings, Teams.
Next
- Create per-site keys in api-keys.
- See the resource hierarchy in organizations-and-sites.