System security levels
What are system security levels?
Autotask includes a set of system security levels that cannot be edited or deleted. On the Security Levels page, you can identify them by the (system) string appended to their names, and the check mark in the System column. If you click the Edit icon for a system security level, the configuration page will open so you can review the settings, but you will not be able to save any changes you make on any of the tabs.
How should system security levels be used?
System security levels are intended to serve as the starting point for creating custom security levels for your company. While they can be directly assigned to resources, we recommend that you make copies and have your Autotask Administrator create custom security levels based on system security levels by adding or removing access to a selected group of features. Refer to Creating or editing a custom security level and Best practice recommendations.
- For an overview, refer to System security level descriptions, below.
- For a detailed description of the default settings for each system security level, refer to Security settings and object permissions and its linked topics.
System security level descriptions
System Administrator (system)
| Description | |
|---|---|
|
Use for |
The Autotask champion or overall Autotask System Administrator. This security level provides the most comprehensive access to Autotask features and data. |
|
Feature/section access |
Home, CRM, Contracts, Projects, Service Desk, Timesheets, Inventory, Reports, Outsource, Community, Help |
|
Admin Access |
Full |
|
License type |
Administrator |
|
Dashboard tabs |
All |
Full Access (system)
| Description | |
|---|---|
|
Use for |
The Full Access security level was designed as a backup to your Autotask Administrator security level. We recommend that you do not assign it to resources. Full Access allows access to all basic System Administrator level security options; it does not automatically provide access to all optional features, for example, the Client Portal. |
|
Feature/section access |
Home, CRM, Contracts, Projects, Service Desk, Timesheets, Inventory, Reports, Outsource, Community, Help |
|
Admin Access |
All except optional features |
|
License type |
Administrator |
|
Dashboard tabs |
None |
API User (system) (API-only)
| Description | |
|---|---|
|
Use for |
Resources and integration partners who will work only on integrations via the Autotask Web Services API and will not need to access Autotask via the UI. API Users can access your Autotask data via the API only; there is no login to the Autotask UI. API Users can create but cannot be assigned to data, for example, a ticket or time entry. They only appear on ticket data selectors for the Created by field. They can be assigned as Timesheet Approvers. The API User (system) security level grants full access to all Autotask data, including internal costs, for the roles to which it belongs. If you need to grant API User access to an integration partner, but you prefer that they not have the ability to view your internal cost data, use the API User (system) Can't Read Costs (API-only) role. NOTE Access to the Autotask API is limited to API User security levels. IMPORTANT Refer to The API tracking identifier before you assign this security level. |
|
Feature/section access |
Home, CRM, Contracts, Projects, Service Desk, Timesheets, Inventory, Reports, Outsource, Community, Help |
|
Admin Access |
Full Access to modules and features (with the exception of LiveReports), along with System Administrator level permission to view Time Entries. If Proxy time entry is enabled for System Administrator, API User can add time entries. If Proxy permission is for Timesheet Approvers only, API User must be a timesheet approver for the resource. There is no LiveReports tab on the Edit API User Security Level page, and there are no LiveReports permissions under Reports. |
|
Other |
The API User (system) can be enabled for Webhooks. An API security level is enabled for this setting to be displayed, and version 1.6+ of the API must be used. For information about Webhooks, refer to the Webhooks section in Developer Help for SOAP API, REST API, ExecuteCommand API and Report Data Warehouse. |
|
License type |
API User There is no per seat charge for resources using the API User license type, and no limit to the number of resources to which it can be assigned. You can create up to 50 different security levels based on the API User license type. |
|
Dashboard tabs |
Not applicable. The user can access Autotask via the API only. Resources with API User credentials cannot log into the UI, so there is no access to dashboard tabs. |
API User (system) Can't Read Costs (API-only)
| Description | |
|---|---|
|
Use for |
Integration partners who should have the full functionality of an API User (system) (API-only) account but should not have the ability to view your internal cost data |
|
Feature/section access |
Same as API User (system) (API-only) but with the following exceptions:
|
|
Admin Access |
Same as API User (system) (API-only) but without access to internal cost features and information |
Manager (system)
| Description | |
|---|---|
|
Use for |
Resources who need to create contracts and manage the billing process |
|
Feature/section access |
Home, CRM, Contracts, Projects, Service Desk, Timesheets, Inventory, Reports, Outsource, Community, Help |
|
Admin Access |
Financial and billing-related features |
|
License type |
Executive |
|
Dashboard tabs |
All except Owner tab |
Project Manager (system)
| Description | |
|---|---|
|
Use for |
Resources who create and manage projects |
|
Feature/section access |
Home, CRM, Projects, Service Desk, Timesheets, Inventory, Outsource, Community, Help |
|
Admin Access |
None |
|
License type |
Professional |
|
Dashboard tabs |
All except Owner tab |
Service Desk User (system)
| Description | |
|---|---|
|
Use for |
Users who work with tickets, tasks, projects, service calls, or schedule customer-facing work |
|
Feature/section access |
Home, CRM, Projects, Service Desk, Timesheets, Inventory, Outsource, Community, Help |
|
Admin Access |
None |
|
License type |
Professional |
|
Dashboard tabs |
All except Owner tab |
Sales (system) and Private CRM (system)
| Description | |
|---|---|
|
Use for |
Salespeople who should only have access to data related to organizations and opportunities for which they are the account manager or opportunity owner |
|
Feature/section access |
Home, CRM, Projects, Service Desk, Timesheets, Inventory, Outsource, Community, Help |
|
Admin Access |
None |
|
License type |
Professional |
|
Dashboard tabs |
All except Owner tab |
Team Member (system)
| Description | |
|---|---|
|
Use for |
Technicians who work on tasks and tickets but do not manage projects or manage your help desk |
|
Feature/section access |
Home, CRM, Service Desk, Timesheets, Inventory, Outsource, Community, Help |
|
Admin Access |
None |
|
License type |
Team Member |
|
Dashboard tabs |
My Work |
Minimal Access (system)
| Description | |
|---|---|
|
Use for |
Users who work on tasks, tickets, and service calls they are assigned to as a resource. They can track time, expenses, and charges, and add notes and attachments. They can also use ticket-related tools such as Forward/Modify. All other permissions are set to None, including Ticket Search, access to organization Your Autotask instance may be configured to use one of the following terms instead: Account, Business Unit, Client Company, Customer, Site. information, and access to any standard reports. Assignments must be accessed from the My Work dashboard tab or the My |
|
Feature/section access |
Community, Help |
|
Admin Access |
None |
|
License type |
Team Member |
|
Dashboard tabs |
My Work |
Contractor (system)
| Description | |
|---|---|
|
Use for |
Resources who are not employees of your company, but contractors. Contractors are able to view tasks and tickets they were assigned and track their time on them, but they have no access to your Autotask instance. |
|
Feature/section access |
Home, Service Desk, Timesheets, Outsource, Community, Help |
|
Admin Access |
None |
|
License type |
Contractor |
|
Dashboard tabs |
My Work |
Co-managed Help Desk (system)
| Description | |
|---|---|
|
Use for |
End client contacts who need to have comprehensive access to specific named organizations, plus the tasks and tickets to which they are directly assigned. Co-managed security levels limit user access to only specific named organizations. They provide an alternative to making a customer IT person a Taskfire Administrator. They now have the power of a full Autotask license at their disposal, while at the same time the security concerns of the MSP are addressed. As always, the (system) security level cannot be modified, but it can be copied, and the copy can be edited. IMPORTANT It is possible to add Admin permissions to copies of Co-managed Help Desk security levels, but for obvious reasons, we advise against it! Users with the Co-managed Help Desk (system) security level have access to:
Users with the Co-managed Help Desk (system) security level are automatically added to the account team of any associated organization (with Co-managed appended to their name), and cannot be removed. Using Ticket Category Override to control viewing of fieldsOptionally, you can create one or more special ticket categories for co-managing users that hide or show additional ticket fields, and assign them as a Ticket Category Override to the user.
Ticket Category Override will trump the security level's Render as setting, and will be the ticket category that is always used for this resource. Refer to Ticket Category Override. IMPORTANT Keep in mind that users assigned a ticket category override can pick values for fields that are specifically prohibited by the Ticket's Ticket Category. |
| Feature/section access | Home, CRM, Service Desk, Timesheets, Outsource, Community, Help |
| Admin Access | None |
| License type | Co-managed Help Desk |
| Dashboard tabs | All |
Time and Attendance (system)
| Description | |
|---|---|
|
Use for |
Resources who only need to track regular time, not work on tasks or tickets |
|
Feature/section access |
Timesheets, Community, Help |
|
Admin Access |
None |
|
License type |
Time & Attendance Only |
|
Dashboard tabs |
None |
Dashboard User (system)
| Description | |
|---|---|
|
Use for |
Running dashboards in presentation mode without tying up a full license. Dashboard Users can log into Autotask and display, in presentation mode, dashboard tabs that have been shared to them. They can also access the Settings page to change user settings (homepage is set to Dashboard), refresh tabs, and drag and drop them to change display order. This security level cannot be edited, copied, or deleted, but it can be inactivated. Refer to Configuring a dashboard user account. |
|
Feature/section access |
Home, CRM, Directory, Contracts, Projects, Service Desk, Timesheets, Inventory, Reports, Outsource, Community, Help |
|
Admin Access |
None |
|
License type |
Dashboard User |
|
Dashboard tabs |
All tabs that have been shared to the Dashboard User. Dashboard widgets display all data available to a user with System Administrator level permission, but you cannot drill down to access additional details. If a resource's license is changed to Dashboard User from another security level, the user will see only the tabs assigned to the original security level. NOTE Dashboard users cannot display data for the Timesheet and Time Off widget entities. |
Feature/section access at a glance
| Minimal Access (system) |
Time and Attendance (system) |
Contractor (system) |
Co-managed Help Desk (system) |
Team Member (system) |
Service Desk User (system), |
Project Manager (system) | Manager (system) |
System Administrator (system) |
|
|---|---|---|---|---|---|---|---|---|---|
| Home | • | • | • | • | • | • | • | ||
| Community | • | • | • | • | • | • | • | • | • |
| Help | • | • | • | • | • | • | • | • | • |
| Timesheets | • | • | • | • | • | • | • | • | |
| CRM | • | • | • | • | • | • | |||
| Service Desk | • | • | • | • | • | • | • | • | |
| Projects | • | • | • | • | |||||
| Contracts | • | • | |||||||
| Inventory | • | • |
• | • | • | ||||
| Reports | Refer to Report security settings. | ||||||||
| Admin | Access to Admin features configured in the security level. | ||||||||
| Optional Modules | |||||||||
| Outsourcing | All access is assigned at the resource level: Admin > Resources/Users > Resources/Users > Add or Edit Resource > Security tab. Refer to Assigning outsourcing permissions. | ||||||||
Settings configured elsewhere
Outsourcing permissions
Outsourcing permissions are not determined by a user's security level. Instead, they are assigned to individual users at the resource level. Refer to Assigning outsourcing permissions.
Reports permissions
Report access is controlled by the security level:
- Reports users can run: Security level settings specify which Report categories users can access. For information on the report categories assigned to system security levels, refer to Report security settings.
- Data that will be displayed: Access to report data, that is, the information the resource can see and the ability to link to data outside the report is controlled by the object level permissions assigned to the resource's security level (for example, all, mine, or none).
EXAMPLE If a Contractor security level with access to the Service Desk report category has View Ticket permission set to Mine, resources see only report data related to tickets assigned to them.
Task and ticket menus
Security settings also determine the available options on task and ticket context menus and right-click menus. Options not available to your security level are either unavailable or not displayed at all. For a description of menu options, refer toTask menu and Searching and managing tickets.
