This article describes the security settings you can configure to grant or restrict access to contract management in Autotask. It also documents the settings of the system security levels in your Autotask instance.
System security levels are not editable, but you can make copies and edit them to create custom security levels. Refer to:
Overview
Contract permissions define your users' ability to manage contracts. Depending on their level of access, users might be able to set alternate internal costs for labor, modify service/bundle selections, view and generate invoices, access contracts, or manage charges.
Settings
 Object Permissions
Object Permissions
                                                About this setting
The settings in this section allow you to define View and Add permissions for contracts.
- View: This setting determines which contracts you can view.- All: This setting is the default for API, Admin and Manager security levels. You can see all contracts in the system.
- Organizations: This setting is the default for all other security levels with Full or Limited contract visibility. They have permission to view contracts for organizations they can view.
- None: This setting is the default for all security levels with no contract visibility. However, if the user’s Organization View permission is All/All/All, then their Contract: View permission will default to All.
 
- Add: Yes or No: You can either add contracts or not. This setting defaults to Yes for all security levels that have Contract Visibility of Full. For all other security levels this defaults to No.
The listed settings are enabled by default for the following system security levels:
| Security Level | View | Add | 
|---|---|---|
| Co-managed Help Desk | None | No | 
| Minimal Access | None | No | 
| Time & Attendance | None | No | 
| Team Member | None | No | 
| Contractor | None | No | 
| Private CRM | None | No | 
| Sales | None | No | 
| Service Desk User | None | No | 
| Project Manager | None | No | 
| Dashboard User | All | Yes | 
| Manager | All | Yes | 
| System Administrator, Full Access User | All | Yes | 
| API User | All | Yes | 
 Can
 modify contract Internal Costs
Can
 modify contract Internal Costs
                                                About this setting
Select this check box to enable resources assigned to this security level to set alternate internal costs for resources performing labor under specific roles for a contract. Internal costs apply to specified resource and role combinations. These costs are specific to a contract. They do not replace the resources' default internal costs outside of the contract. Refer to Internal Costs.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission | 
|---|---|
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
|   | |
|   | |
|   | 
 Can
 modify Service/Bundle on contract charges
Can
 modify Service/Bundle on contract charges
                                                About this setting
Select this check box to enable resources assigned to this security level to modify the Service/Bundle selection for contract charges. With this check box selected, the Service/Bundle field will appear on the New/Edit Contract Charge page to allow the user to select a different Service or Bundle from a drop-down menu.
NOTE Enable this permission to enable resources to add or modify services on an existing contract when completing an opportunity via the Won Opportunity Wizard.
The listed settings are enabled by default for the following system security levels:
 Can
 view Posted Billing Items Search
Can
 view Posted Billing Items Search
                                                About this setting
Select this check box to enable resources assigned to this security level to search all posted billing items on the Posted Billing Item Search (Un-post) page. Resources with Contracts & Un-Posting Admin privileges will be able to un-post items, all other users will be able to search posted billing items, but not un-post them.
The listed settings are enabled by default for the following system security levels:
 Can
 create invoices from Ticket and Won Quote Wizard
Can
 create invoices from Ticket and Won Quote Wizard
                                                About this setting
Select this check box to enable resources to generate invoices from tickets via the Invoice Now feature and from the Won Quote Wizard, which generates an invoice for billing items created from quoted items.
This option is enabled by default for resources that have access to contracts. The permission does not require resources to have access to Contracts. Permissions to Approve and Post are also not required.
The listed settings are enabled by default for the following system security levels:
 Can access Invoice History, (Invoice) Export Wizard and Payments
Can access Invoice History, (Invoice) Export Wizard and Payments
                                                About this setting
Select this check box to enable resources to view the Invoice History and Payments pages and use the Export Wizard for invoices. This option is enabled by default for resources that have access to Contracts.
The listed settings are enabled by default for the following system security levels:
 Can access Bulk Service Updater
Can access Bulk Service Updater
                                                About this setting
Select this check box to enable resources to view the Bulk Service Updater page and modify the cost and prices of one or more services that are part of multiple contracts.
The listed settings are enabled by default for the following system security levels:
 Contract Visibility
Contract Visibility
                                                About this setting
Contract Visibility options determine what level of detail you can see of contracts you have access to. Which contracts you can view is determined by the contract object permissions.
The following configurations are available:
- Full: Users can view and edit all areas in a contract. Select this setting for contract managers and administrators.
- Limited (Summary, Services, Notes), no Edit: Users have view-only permission for limited areas of contracts. They can view contract summary, services, and notes. They cannot edit the contract or access the contracts module, contracts search, or contracts widgets. Users cannot see labor charges or costs or additional contract charges or costs, except for those specific to the contract type, such as services, or block, retainer, or ticket purchases, or milestones.
NOTE Datto recommends this setting for technicians, account managers, project managers, and service desk managers who need to select the correct contract for a ticket or project. It is also useful for determining if the contract has enough blocks, retainers, ticket purchases or milestones to cover a ticket or project.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission | 
|---|---|
| Co-managed Help Desk | Limited (Summary, Services, Notes), no Edit | 
| Minimal Access | Limited (Summary, Services, Notes), no Edit | 
| Time & Attendance | Limited (Summary, Services, Notes), no Edit | 
| Team Member | Limited (Summary, Services, Notes), no Edit | 
| Contractor | Limited (Summary, Services, Notes), no Edit | 
| Private CRM | Limited (Summary, Services, Notes), no Edit | 
| Sales | Limited (Summary, Services, Notes), no Edit | 
| Service Desk User | Limited (Summary, Services, Notes), no Edit | 
| Project Manager | Limited (Summary, Services, Notes), no Edit | 
| Dashboard User | Full | 
| Manager | Full | 
| System Administrator, Full Access User | Full | 
| API User | Full | 
 Can
 Approve & Post
Can
 Approve & Post
                                                About this setting
These options determine which billing items appear  on the Approve & Post and Invoicing / Items to Invoice results tables for users with this security level. They enable workflows where either the Account Manager or the Project Lead is responsible for billing.
IMPORTANT Account Managers and Project Leads require a Manager security level that includes access to Contracts to use this workflow.
You can select from the following options:
- All: Users can approve and post or invoice all items they have permission to view.
- None: Users have no access to billing.
- Where I am Account Manager: Users can approve and post or invoice all items (time entries, charges, expenses, milestones, and subscriptions) for accounts where they are the account manager.
- Where I am Project Lead: Users can approve and post or invoice all items for projects where they are the project lead. 
The default setting for this feature is All.
NOTE When Line of Business is enabled, All means "All, as long as they are in my lines of business."
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission | 
|---|---|
| Co-managed Help Desk | None | 
| Minimal Access | None | 
| Time & Attendance | None | 
| Team Member | None | 
| Contractor | None | 
| Private CRM | None | 
| Sales | None | 
| Service Desk User | None | 
| Project Manager | None | 
| Dashboard User | All | 
| Manager | All | 
| System Administrator, Full Access User | All | 
| API User | All | 
 Can
 Invoice (Items to Invoice, Dashboard Drill-in Tables)
Can
 Invoice (Items to Invoice, Dashboard Drill-in Tables)
                                                About this setting
These options determine which billing items appear  on the Approve & Post and Invoicing / Items to Invoice results tables for users with this security level. They enable workflows where either the Account Manager or the Project Lead is responsible for billing.
IMPORTANT Account Managers and Project Leads require a Manager security level that includes access to Contracts to use this workflow.
You can select from the following options:
- All: Users can approve and post or invoice all items they have permission to view.
- None: Users have no access to billing.
- Where I am Account Manager: Users can approve and post or invoice all items (time entries, charges, expenses, milestones, and subscriptions) for accounts where they are the account manager.
- Where I am Project Lead: Users can approve and post or invoice all items for projects where they are the project lead. 
The default setting for this feature is All.
NOTE When Line of Business is enabled, All means "All, as long as they are in my lines of business."
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission | 
|---|---|
| Co-managed Help Desk | None | 
| Minimal Access | None | 
| Time & Attendance | None | 
| Team Member | None | 
| Contractor | None | 
| Private CRM | None | 
| Sales | None | 
| Service Desk User | None | 
| Project Manager | None | 
| Dashboard User | All | 
| Manager | All | 
| System Administrator, Full Access User | All | 
| API User | All | 
Additional Resources
- Contract security settings
- CRM security settings
- Inventory security settings
- Project security settings
- Service Desk security settings
- Knowledge Base and Documents security settings
- Timesheet security settings
- Report security settings
- Admin security settings
- Other security settings
- Web Services API security settings

 
                                                     
                                                    



