This article describes the security settings you can configure to grant or restrict access to various other features in Autotask. It also documents the settings of the system security levels in your Autotask instance.
System security levels are not editable, but you can make copies and edit them to create custom security levels. Refer to:
Overview
You can customize user access levels for Resources/Users (HR), Surveys, Resource Visibility, Client Portal, Form Templates, QuickBooks (New) and miscellaneous other features.
Settings
Resources/Users (HR)
Can view Internal Cost section on New/Edit Resource page (requires Admin > Resources/Users (HR) permission)
About this setting
Select this check box to allow users to view internal cost data (that is, salary information) related to resources on the New/Edit Resource page.
NOTE Only users who have this permission themselves can enable this setting. This condition is true even if the user is making a copy of a security level that has the setting enabled.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Dashboard
Can add and edit Dashboard widgets/tabs
About this setting
Enabled by default for all security levels, this setting allows users to add new and edit existing widgets and add or copy dashboard tabs. Users can also offer widgets to other users and share tabs when the settings Can manage shared Dashboard tabs and Can offer Dashboard widgets to other Resources are enabled.
When disabled (check box cleared), users cannot add, edit (change settings), copy, or share Dashboard widgets, or add, copy, or share Dashboard tabs.
Users can move, delete, and refresh widgets and tabs published to them.
The check boxes for the two additional settings to share Dashboard tabs and offer widgets (listed directly below this setting) are cleared and disabled.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
manage Shared Dashboard Tabs
About this setting
When selected, the resource can share dashboard tabs with other users and access the Shared Dashboard Tabs page to publish, edit, and delete shared tabs. Selected by default for System Administrators. Refer to Managing shared tabs.
Disabled and not available when Can add and edit Dashboard widgets is disabled.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
offer Dashboard widgets to other Resources
About this setting
By default, this setting is active for all security levels, except when the check box Can add and edit Dashboard widgets is disabled.
When enabled, the user can offer a widget to another user. Refer to Offering widgets to other users.
Disabled and not available when Can add and edit Dashboard widgets is disabled.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Surveys (settings
do not apply to reports)
IMPORTANT Survey widgets on the dashboard will not display any data unless both settings are enabled.
Can view
Organization Survey Ratings and Contact Survey Ratings
About this setting
Select this check box to enable resources to see the Organization Survey Ratings and Contact Survey Ratings in the Organization and Contact tables and pages.
NOTE This setting does not apply to the Survey Summary Report, Survey Detail Report, or the Service Delivery Benchmarks Report. The Ratings columns will always be available in these reports.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can view
Resource Survey Ratings
About this setting
Select this check box to enable resources to see the Resource Survey Rating in resource tables and Detail views, as well as My Profile.
NOTE This setting does not apply to the Survey Summary Report, Survey Detail Report, or the Service Delivery Benchmarks Report. The Ratings columns will always be available in these reports.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Client Portal
Can add
and edit Client Portal Security Levels on New/Edit Contact page
About this setting
Select this check box to enable resources to add or edit Custom Client Portal security settings on the Client Portal tab of the New/Edit Contact page. Refer to Adding or editing Client Portal security levels.
By default, all System Administrators can add or edit Client Portal Custom Security Levels. To create a System Administrator security level without this permission, clear the check box.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can edit Client Portal User Settings on Contact Edit/Detail page
About this setting
Select this check box to enable resources to edit Client Portal settings on the Client Portal tab of the New/Edit Contact page. Refer to The Client Portal tab.
By default, all users with Can preview Client Portal permissions have this setting enabled.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can preview Client Portal
About this setting
Select this check box to enable resources to preview the Client Portal as the client contact from the Client Portal Client Detail page and the Client Portal accessory tab of the Contact page.
By default, all users with Admin > Client Portal & Taskfire permissions have this setting enabled.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can publish Client Portal Dashboards
About this setting
Select this check box to enable resources to publish Client Portal dashboards to selected organization categories, classification icons, market segments, clients managed by selected account managers, organizations, and Client Portal security levels.
By default, this setting is disabled for all security levels except Full Access. To create a System Administrator security level with this permission, select the check box.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
(Full Access only) |
|
API User |
Resource Visibility
Limit resource availability to (check all that apply):
Check this setting to limit which resources can be seen in lists throughout the application by users with this security level.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
The following options are disabled and unchecked for all security levels. To enable the settings, you must first select Limit resource availability to (check all that apply):
- Resources with a shared/common active Division > Line of Business
- Resources with a shared/common active Organization Type (based on Account Manager or Account Team)
- Resources with a shared/common Department
- Resources with a shared/common active Workgroup
Refer to Limiting resource visibility.
Form Templates
Can create/manage Form Templates for:
About this setting
Select an option to allow users to publish form templates to the resources indicated:
- Anyone in organization: This setting is the default for security levels with Admin level permissions.
- Self and Department: This setting is the default for resources without Admin level permissions. The user can publish for themselves and for resources in any selected department.
- Self (Personal): The user can publish for themselves only.
- Nobody (including self): The user cannot create or publish form templates and has no access to Form Templates or the My Form Templates pages.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
Self (Personal) |
|
Minimal Access |
Self (Personal) |
|
Time & Attendance |
Self (Personal) |
|
Team Member |
Self (Personal) |
|
Contractor |
Self (Personal) |
|
Private CRM |
Self (Personal) |
|
Sales |
Self (Personal) |
|
Service Desk User |
Self (Personal) |
|
Project Manager |
Self (Personal) |
|
Dashboard User |
Self (Personal) |
|
Manager |
Anyone in Organization (Organization) |
|
System Administrator, Full Access User |
Anyone in Organization (Organization) |
|
API User |
Anyone in Organization (Organization) |
Webhooks
Can create Webhooks
Webhooks can only be created by API Users. This setting is hidden for all other security levels, and for API User security levels, disabled by default.
IMPORTANT For security reasons, the ability to create webhooks is disabled by default for all security levels. Webhooks can send information from your Autotask instance to an external service. Autotask administrators should grant this permission selectively and sparingly, rather than assigning it by default to an entire group of security levels.
Maximum number of Webhooks
If Can create Webhooks is enabled, enter the number of webhooks this security level can create.
QuickBooks (New)
Can set Invoices | Expense Reports | Timesheets | Purchase Orders as Ready to Transfer
These settings enable users with this security level to set items as Ready to Transfer to the new web connector version of QuickBooks. Such transactions are transferred to QuickBooks the next time the respective web connector is run. They do not apply to the legacy desktop version or to QuickBooks Online.
The listed settings are enabled by default for the following system security levels:
| Security Level | ||||
|---|---|---|---|---|
|
|
Invoices |
Expense Reports |
Timesheets |
Purchase Orders |
|
Co-managed Help Desk |
|
|
|
|
|
Minimal Access |
|
|
|
|
|
Time & Attendance |
|
|
|
|
|
Team Member |
|
|
|
|
|
Contractor |
|
|
|
|
|
Private CRM |
|
|
|
|
|
Sales |
|
|
|
|
|
Service Desk User |
|
|
|
|
|
Project Manager |
|
|
|
|
|
Dashboard User |
|
|
|
|
|
Manager |
|
|
|
|
|
System Administrator, Full Access User |
|
|
|
|
|
API User |
|
|
|
|
Community Online
Can access Community Online
About this setting
When selected, resources can access the Datto Community.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Miscellaneous
Can
access News Feed
About this setting
When selected, resources can open and view the organization news feed.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
access public Team Walls
About this setting
When selected, resources can view public team walls.
When cleared, the resource cannot view public team walls but can still view private team walls to which they have been invited.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
access all private Team Walls
About this setting
When selected, resources can view all private team walls. This option is selected by default for all users that have access to Admin.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
access Co-Worker profile information
About this setting
When selected, resources can view their co-workers' profile information.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
access Global Notes Search
About this setting
When selected, resources can access the Global Notes Search feature to search for and view all ticket, task, project, time entry, contact, device, and CRM-related notes. When cleared, resources cannot access Global Notes Search.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
export Grid Data
About this setting
This check box enables the Export button on search results tables and dashboard widget drill-in grids. By default, it is enabled for all security levels with access to Admin and disabled for all others.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
access Executive Dashboard
About this setting
With this check box selected, resources will be able to access the Executive Dashboard via the link on 
> Home > Executive Dashboard.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can
access Billing Portal
About this setting
This function has been deprecated.
| Security Level | Permission |
|---|---|
|
|
|
|
|
|
|
|
Not
required to change password (password does not expire)
About this setting
API User (API-only) security levels only are exempted from the Password Expiration Requirement, and this box is selected by default. The check box is cleared and disabled for all other security levels.
When selected, passwords will not expire, and Autotask will not prompt the user to change their password. Doing so will ensure that integrations using the API will not suddenly stop working because the API user who created them forgot to update the password in time.
IMPORTANT To modify the standard API User (API-only) security level, you must copy the original security level and modify permissions to create one or more new security levels as needed. Refer to System Security Levels, API User (system) (API-only).
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can view internal cost data (excludes New/Edit Resource page)
About this setting
When selected (default setting), resources can see the internal cost data (burden cost) for project charges, material codes, tickets, contracts, and CRM, including quotes, opportunities, devices, sales orders, and inventory.
Clear the check box to prevent resources from seeing the internal cost data.
NOTE Any notification email that uses a notification template and contains internal cost data will not display the internal cost data if at least one recipient does not have permission to view internal cost data.
NOTE This permission does not affect Reports or LiveReports in 2018.2. Select specific report fields to exclude internal cost data in Reports and build LiveReports without internal cost data to work around this.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
Can view sensitive Charge data
About this setting
This setting allows an Administrator to hide sensitive data related to ticket charges, project charges, project task charges and contract charges from co-managing users. When the check box is cleared, the following fields will be masked on forms and hidden from lists and tables:
- Price
- Unit Price
- Extended Price
- Vendor
- Amount
- Gross Amount
- Amount (Internal) (if Multi-currency is enabled)
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission |
|---|---|
|
Co-managed Help Desk |
|
|
Minimal Access |
|
|
Time & Attendance |
|
|
Team Member |
|
|
Contractor |
|
|
Private CRM |
|
|
Sales |
|
|
Service Desk User |
|
|
Project Manager |
|
|
Dashboard User |
|
|
Manager |
|
|
System Administrator, Full Access User |
|
|
API User |
|
For all custom security levels, this check box will be selected when the feature is released.
Additional Resources
- Contract security settings
- CRM security settings
- Inventory security settings
- Project security settings
- Service Desk security settings
- Knowledge Base and Documents security settings
- Timesheet security settings
- Report security settings
- Admin security settings
- Other security settings
- Web Services API security settings
