Skip to main content
Serval uses a two-level permission system: organization roles control what you can do across the entire org, while team roles control what you can do within specific teams.

Organization Roles

Every user has one organization-level role that applies across all of Serval.
RoleDescription
MemberStandard user. Can submit tickets, request access, and use Serval’s help desk features.
AdminFull administrative access. Can manage users, create teams, configure organization settings, and access all teams.
Most users should be Members. Reserve Admin for IT administrators who need to manage the platform.
To add a new user, navigate to “Settings” and select “Invite User” —> add their email addresses, choose to make them admin or not and optionally add them to a Serval team

Team Roles

Within each team, users are assigned a team-specific role that controls their capabilities for that team.
RoleDescription
AgentCan view and respond to tickets, use workflows, and view analytics for the team.
ViewerEverything an Agent can do, plus view-only access to workflows, guidance, knowledge, and assets.
ContributorEverything a Viewer can do, plus: write guidance and install installable workflows (cannot create custom workflows).
BuilderEverything a Contributor can do, plus: create and edit custom workflows, rules, access policies, and assets.
ManagerEverything a Builder can do, plus: configure integrations, manage team settings, and view audit logs.
A user can be a Manager in one team and an Agent in another. Team roles are independent.

Permission Summary

What Members Can Do

  • Submit tickets through Slack, email, or web portal
  • Request access to applications
  • View their own tickets and access requests
  • Use the catalog to browse access and catalog items

What Org Admins Can Additionally Do

  • Create and manage teams
  • Invite and deactivate users
  • Configure organization settings (SSO, branding, etc.)
  • Access all teams regardless of team membership
  • Manage API keys

What Team Agents Can Do

  • View all tickets for their team
  • Respond to and resolve tickets
  • Create internal notes
  • View team analytics
  • Run workflows

What Team Viewers Can Additionally Do

  • View workflows, guidance, and knowledge sources (read-only)
  • View assets and entities (read-only)
  • View access policies and rules (read-only)

What Team Contributors Can Additionally Do

  • Write and publish guidance
  • Install and configure installable workflows

What Team Builders Can Additionally Do

  • Create and edit custom workflows
  • Create and edit rules and campaigns
  • Edit knowledge sources
  • Create and edit access policies and approval procedures
  • Create and edit assets and entities

What Team Managers Can Additionally Do

  • Configure integrations and applications
  • Manage team settings
  • View audit logs
  • Archive tickets

Managing Permissions

Changing Organization Roles

  1. Go to SettingsPeople
  2. Find the user and click their name
  3. Select Member or Admin from the organization role dropdown
  4. Save changes

Changing Team Roles

  1. Go to SettingsTeams
  2. Select the team
  3. Find the user in the team members list
  4. Change their role to Agent, Viewer, Contributor, Builder, or Manager
  5. Save changes
Use your identity provider to automatically assign roles. Map directory groups to Serval roles in SettingsIntegrationsDirectory Sync.

Capabilities Toggle

Team managers can enable or disable specific Serval products per team using the capabilities toggle in team settings. This lets you control which features are available to a team — for example, you can disable Access Management for a team that only handles IT support tickets, or enable Workflows only for teams that need automation. Navigate to Team SettingsCapabilities to configure which products are active for each team.

Org Admin Quick Join

Organization admins can add themselves to any Serval team immediately when clicking a ticket link — without navigating to organization settings first. If an admin clicks a link to a ticket in a team they don’t belong to, they can join that team on the spot and access the ticket.

Common Questions

Yes. Organization role and team role are separate. An Org Admin could be an Agent on specific teams if they only need to handle tickets, not configure that team.
Users without team membership can still submit tickets and request access. They just can’t view team queues or use team-specific features.
Access approvers are configured per access policy, not by role. Both Agents and Managers can be designated as approvers.