Co-managed security levels

SECURITY  Security level with Admin permission to configure Resources/Users (HR). Refer to Admin security settings.

and

SECURITY  Security level with Admin permission to configure Service Desk (Tickets). Refer to Admin security settings.

NAVIGATION   > Admin > Features & Settings > Co-managed Help Desk > Co-managed Setup

NAVIGATION   > Admin > Features & Settings > Co-managed Help Desk > Co-managed Security Levels

and

IMPORTANT  As you configure individual object permissions, always keep in mind that this security level is intended for customer contacts or other external resources.

About the Co-managed Help Desk (system) security level

Autotask provides a dedicated system security level and license type for the co-managed help desk.

NOTE  Only users with this license type can be co-managing users.

Description

Use for

End client contacts who need to have comprehensive access to specific named organizations, plus the tasks and tickets to which they are directly assigned.

Co-managed security levels limit user access to only specific named organizations. They provide an alternative to making a customer IT person a Taskfire Administrator. They now have the power of a full Autotask license at their disposal, while at the same time the security concerns of the MSP are addressed. As always, the (system) security level cannot be modified, but it can be copied, and the copy can be edited.

IMPORTANT  It is possible to add Admin permissions to copies of Co-managed Help Desk security levels, but for obvious reasons, we advise against it!

Users with the Co-managed Help Desk (system) security level have access to:

  • The views and options defined by their security level. For a description of the Co-managed Help Desk (system) security settings, refer to Security settings and object permissions and its linked topics.
  • The organizations associated with their user account on the Co-managed Setup page. Refer to Co-managed setup.

Users with the Co-managed Help Desk (system) security level are automatically added to the account team of any associated organization (with Co-managed appended to their name), and cannot be removed.

Using Ticket Category Override to control viewing of fields

Optionally, you can create one or more special ticket categories for co-managing users that hide or show additional ticket fields, and assign them as a Ticket Category Override to the user.

  • Ticket categories determine the screen layout and data presentation on tickets, and also determine which fields are available to these resources in the column choosers on the Ticket Search page and ticket widget drill-in tables.

  • Users with Co-managed Help Desk permissions, unlike other security levels, are not able to select a different ticket category that would expose additional fields on their Profile page.

Ticket Category Override will trump the security level's Render as setting, and will be the ticket category that is always used for this resource.

Refer to Ticket Category Override.

IMPORTANT  Keep in mind that users assigned a ticket category override can pick values for fields that are specifically prohibited by the Ticket's Ticket Category.
Feature/section access Home, CRM, Service Desk, Timesheets, Outsource, Community, Help
Admin Access None
License type Co-managed Help Desk
Dashboard tabs All

You can use the system security level, or make one or more copies and modify them as needed. For information on copying and editing security levels, refer to Creating or editing a custom security level.

Recommendations for configuring co-managed security levels

Since the default Co-managed Help Desk (system) security level is not editable, we recommend that you create a copy (right click > Copy Security Level), review every setting to verify that the correct level of access is provided to co-managing users, and save this as your own global default co-managed security level. You can create additional co-managed security levels if needed. To avoid confusion, you may want to inactivate the Co-managed Help Desk (system) security level.

Here are our recommendations for each section:

Contracts should be set to No Permission, to avoid exposing billing information to the customer or to external resources.

Under Organization & Contact Access, only Customer & Cancellation is set to Mine.

Object Permissions should be set to:

  • If you use the Autotask RMA functions and want to allow the external user to request an RMA for devices, and under Feature Access, select Can request RMA. Otherwise, disable this option.
  • Dashboard Display should be set to Mine.
  • The remaining settings in this section should all be disabled.
  • Set Inventory to No Permission.
  • Consider enabling View All for Products and Product Notes.

Co-managing users can be part of a project by being assigned to a task, but typically do not require access to create or manage projects. For this, the following settings are a good starting point:

As for object permissions for charges and expenses, those are billable items, and co-managing users should for the most part be restricted from viewing them. If the co-managing user should have visibility to see what charges are associated with a project, then set the Charges - View setting to Mine.

The remaining settings should be configured as follows:

  • Render all Tasks as Task Category: If you have created a specific limited view for your co-managing users that you want to enforce for all tasks, you can select this category by selecting it here.
  • Other: If you check Can view time entry internal notes, internal notes, and internal attachments (on Task Detail screens), co-managing users will be able to view items that are flagged as Internal & Co-managing. You should disable Can view billing data in activity feed.

  • For tickets, ticket notes and service calls, the copied system settings under Object Permissions are ready to go. They allow them to view and work on tickets and service calls they are assigned to directly, or that are created for an organization they are the co-managing user for.
  • The settings for charges and expenses should be set to None. Typically the co-managing user at the customer would not create charges. If they should have visibility of charges, then best practice is to set the View option to Mine.
  • Unless the co-managing user will need to use multiple ticket categories, a good starting configuration is to enforce a specific ticket category under the Render all Tickets as Ticket Category (See Ticket/Task Categories).
  • If the co-managing user will have access to multiple ticket categories, you can use the Available Ticket Categories when Creating or Editing Tickets setting to limit which categories are going to be available.

The remaining options in the Service Desk section can stay largely the same, except for three settings that should be disabled:

  • Can modify Work Type on ticket time entries: work types impact billing and tax settings
  • Can view non-billable time entries
  • Can view billing data in activity feed

The copied system settings in this section will give co-managing users access to general knowledge base articles, plus documents and articles that are associated with the organization they are a co-managing user for. This is perfectly appropriate.

Retain the settings of the system security level.

Set Reports to No Permission.

We recommend that you create specific LiveReports and publish them to the individual co-managing users or, if you are using departments, the Co-managed department. We also recommend that LiveReport filters are predefined as much as possible, for example the organization they are a co-managing user for.

IMPORTANT  Set Admin to No Permission.

  • Set Other to No Permission and then re-enable Can add and edit Dashboard widget/tabs if desired.
  • If you set up departments for the co-managing users, you can limit the resource visibility to the department. This way, they can only see and pick resources from within that department.

Set Web Services API to No Permission.