Following the introduction of the “View audit logs” permission described in the this announcement, we have identified a concern regarding the effective scope of this permission. When the option is enabled for a team member, the interface also displays the “Manage settings” button, which allows users to modify the “Automatically delete PII” feature.
Issue Description
The “View audit logs” permission is expected to provide strictly read‑only access to audit information. However, the presence of the “Manage settings” control extends user capabilities beyond this intended scope, granting access to sensitive administrative actions. This results in an unintended elevation of privileges, as users who should only have visibility into audit data are able to change account‑level settings. Additionally, providing access to the “Automatically delete PII” option under a permission that is meant to be view‑only introduces unnecessary compliance and data‑governance risks. This situation also deviates from established least‑privilege principles, as a permission associated with viewing audit logs should not expose configuration mechanisms that have operational and regulatory implications.
Suggested Improvement
We recommend that Zendesk remove or hide the “Manage settings” button for users who are assigned only the “View audit logs” permission. This control, and the ability to enable “Automatically delete PII”, should be restricted exclusively to users with appropriate administrative rights. Ensuring that “View audit logs” remains strictly read‑only would provide clearer permission boundaries and prevent unintended access to sensitive settings.
Impact and Benefits
Implementing this refinement would strengthen account security, support compliance obligations, and reduce the risk of unauthorized or accidental changes to data‑retention configurations. It would also ensure greater clarity in how permissions are applied, resulting in a permission model that more accurately reflects industry standards and customer expectations.
Thank you for taking the time to provide us with your feedback. This has been logged for our PM team to review. For others who may be interested in this feature request, please add your support by upvoting this post and/or adding your use case to the comments below. Thank you again!