We just imported 150 new partner users through the bulk import tool in Zendesk Sell 2023, mapping each user to specific partner portal roles in our CSV file. The import completed successfully with no errors, and all users appear in the system with their assigned roles showing correctly in the user profile.
However, when these partners log into the portal, they’re getting access denied errors for sections they should have permissions to view. For example, users assigned the “Partner Manager” role can’t access opportunity pipelines, even though that role explicitly includes pipeline view permissions. The role field mapping in our CSV was:
Existing partner users with the same roles have no issues - it’s only affecting the bulk imported accounts. Is there a separate permissions sync step we need to run after bulk user import, or did we miss something in the role mapping configuration?
Don’t reimport - you’ll create duplicates. Instead, export your current users, update just the role column with correct identifiers, and use the “Update Existing Users” import mode. Make sure to include the user ID or email as the matching key so the system knows which records to update rather than create new ones. The bulk update should preserve all other user data while fixing the role assignments.
I’ve seen this with ZS 2023’s bulk import. The role field in the CSV needs to match the internal role identifier, not the display name. “partner_manager” might not be the correct identifier. Check Settings → Roles & Permissions → Partner Roles and look at the “Role ID” column. You might need to reimport with the correct role identifiers.
I’ll provide a comprehensive solution covering all three aspects of your bulk import permission issue.
Bulk User Import Role Mapping Problem:
The core issue is that your CSV used role display names (“partner_manager”) instead of internal role identifiers (“partner_mgr_role”). Zendesk Sell’s bulk import accepts the mapping but doesn’t validate role identifiers during import, which is why you received no errors. The system created user records with the role field populated with an invalid identifier, which the permission system interprets as “no role assigned”.
Keep the user_id column for matching existing records
Reimport with Update Mode:
Go to Settings → Data Import → Users
Select “Update Existing Users” mode
Choose “User ID” as the matching field (this prevents duplicates)
Map CSV columns: role → User Role, partner_org → Partner Organization
Review mapping and click “Import”
The system will update role assignments without creating new user records
Permissions Sync Requirements:
After correcting role identifiers, three sync processes must complete:
Role Permission Inheritance:
Go to Settings → Partner Portal → User Management
Select all newly updated users (use date filter: “Modified: Today”)
Click “Bulk Actions” → “Refresh Role Permissions”
This forces immediate inheritance of role-based access rules
Wait 2-3 minutes for background process to complete
Organization-Level Access Validation:
Navigate to Settings → Partner Organizations
For each organization in your import (e.g., “Acme Corp”):
Verify “Portal Access Level” is set correctly (typically “Standard” or “Premium”)
Check “Enabled Modules” includes all required sections (Opportunities, Pipelines, Reports)
Confirm “Access Tier” hasn’t expired
Organization settings override individual role permissions, so both must align
Session Cache Invalidation:
Partner portal caches permission sets in user sessions for performance. After fixing roles:
Go to Settings → Partner Portal → Active Sessions
Find sessions for affected users (filter by login date: September 11-13)
Select all and click “Terminate Sessions”
This forces users to reauthenticate, pulling fresh permission data
User Communication and Verification:
Notify affected users to:
Log out of partner portal completely
Clear browser cache and cookies for your Zendesk domain
Close all browser tabs/windows
Wait 5 minutes (allows session termination to propagate)
Log back in with existing credentials
Verification steps after users log back in:
Confirm they can access opportunity pipeline view
Test creating/editing records based on role permissions
Verify navigation menu shows all sections their role should access
Check that restricted areas properly show “Access Denied” (confirms permissions are working)
If specific users still experience access issues after these steps, check their individual user record for any user-level permission overrides that might conflict with role-based permissions. Go to the user profile → Permissions tab → ensure “Use Role Permissions” is enabled rather than custom permission sets.
Also worth noting that even after correcting the role IDs, bulk imported users in partner portal need their organization-level permissions validated. The role gives base permissions, but partner portal access is also governed by the partner organization’s access level. Check that the partner_org values in your CSV match existing partner organizations exactly, and that those organizations have the appropriate access tiers configured.
One more thing to check - after bulk import, partner portal sessions sometimes cache old permission sets. Even if you fix the role mapping, users might need to log out completely and clear their browser cache before logging back in. The portal caches role permissions client-side for performance, and it doesn’t always detect backend permission changes immediately.