This article describes the security settings you can configure to grant or restrict access to projects in Autotask. It also documents the settings of the system security levels in your Autotask instance.
System security levels are not editable, but you can make copies and edit them to create custom security levels. Refer to:
Overview
Autotask enables to you define which user groups can add a new project or view projects. You can also control which groups can see the data contained within projects, reports, and search results. All permissions are by project type. Users with view authorization can also edit and delete where applicable.
Settings
 Permission Per Project Type
Permission Per Project Type
                                                About this setting
You can customize whether your users can view or add content to each project type. The following conditions apply to these permissions.
View Permissions
- All: Users can view any project or project data for projects of the specified type
- Mine: Users must have an association with a project of the specified type to view it. Only associated projects will appear in lists and search results. There are four ways a user can have an association with a project:- As a member of the project team (includes Team Lead)
- As the assigned lead for the department associated with the project
- As the account manager or opportunity owner associated with the project
- As Workgroup Lead of a workgroup with one or more group members who are members of the project team
 
IMPORTANT Users with Mine access can remove the association that grants their access. If they do so, they will lose access to the Project.
NOTE Users without access to projects can access projects with which they are associated via the Home menu.
- None: Users cannot view any projects or project data for projects of this type, even if they are associated with the project as team members, department leads, account managers, or opportunity owners.
Add Permissions
- Yes: User can add projects of this type
- No: Users cannot add projects of this type
The listed settings are enabled by default for the following system security levels:
| Security Level | ||
|---|---|---|
| Client & Internal and Proposals | View | Add | 
| Co-managed Help Desk | Mine | No | 
| Minimal Access | None | No | 
| Time & Attendance | None | No | 
| Team Member | None | No | 
| Contractor | None | No | 
| Private CRM | Mine | No | 
| Sales | Mine | Yes | 
| Service Desk User | Mine | Yes | 
| Project Manager | Mine | Yes | 
| Dashboard User | All | No | 
| Manager | All | Yes | 
| System Administrator, Full Access User | All | Yes | 
| API User | All | Yes | 
| Project Templates | View | Add | 
| Co-managed Help Desk | Mine | No | 
| Minimal Access | None | No | 
| Time & Attendance | None | No | 
| Team Member | None | No | 
| Contractor | None | No | 
| Private CRM | Mine | No | 
| Sales | Mine | No | 
| Service Desk User | Mine | Yes | 
| Project Manager | Mine | Yes | 
| Dashboard User | All | No | 
| Manager | All | Yes | 
| System Administrator, Full Access User | All | Yes | 
| API User | All | Yes | 
| API User | All | Yes | 
 Object Permissions
Object Permissions
                                                Users without access to Projects can still access tasks they are assigned to. To access project tasks, go to My > Tasks and Tickets. Refer to The My Workspace page. Additional permissions are granted through configuration of object permissions.
 Task Notes
Task Notes
                                                        About this setting
This setting controls the ability of your users to edit and delete Task Notes. You can granularly define the level of access you grant for each operation as described below.
Edit:
- All: This setting is the default for all security levels with access to Admin. You can edit all task notes to which you have access.
- Mine: This setting is the default for all security levels that do not have access to Admin. You can only edit task notes that you created.
- None: You cannot edit any task notes.
Delete:
- All: This setting is the default for all security levels with access to Admin. You can delete all task notes.
- Mine: This setting is the default for all security levels that do not have access to Admin. You can only delete task notes that you created.
- None: You cannot delete any task notes.
The listed settings are enabled by default for the following system security levels:
| Security Level | Edit | Delete | 
|---|---|---|
| Co-managed Help Desk | Mine | None | 
| Minimal Access | None | None | 
| Time & Attendance | None | None | 
| Team Member | Mine | None | 
| Contractor | None | None | 
| Private CRM | All | All | 
| Sales | All | All | 
| Service Desk User | All | All | 
| Project Manager | All | All | 
| Dashboard User | All | All | 
| Manager | All | All | 
| System Administrator, Full Access User | All | All | 
| API User | All | All | 
 Charges and Expenses
Charges and Expenses
                                                        About this setting
This setting controls the ability of your users to manage charges or expenses. You can granularly define the level of access you grant for each operation as described below.
- Add:
                                                                    - Yes: Users can add charges or expenses.
- No: Users cannot add charges or expenses.
 
- View, Edit or Delete:- All: Users can view, edit or delete charges or expenses on all items they have access to.
- Mine: Users can view, edit or delete charges or expenses they have added themselves.
- None: Users cannot view, edit or delete charges or expenses.
 
IMPORTANT For resource who have access to Approve & Post permissions, the View, Create, Edit, and Delete permissions will be overridden by the access to Approve & Post. This means that a resource who may not otherwise be allowed to edit a Charge or Expense would be able to do so via the Approve & Post permission.
The listed settings are enabled by default for the following system security levels:
| Security Level | ||||
|---|---|---|---|---|
| Charges & Expenses | View | Add | Edit | Delete | 
| Co-managed Help Desk | Mine | Yes | Mine | None | 
| Minimal Access | All | Yes | All | All | 
| Time & Attendance | All | Yes | All | All | 
| Team Member | All | Yes | All | All | 
| Contractor | All | Charges: No, Expenses: Yes | None | None | 
| Private CRM | All | Yes | All | All | 
| Sales | All | Yes | All | All | 
| Service Desk User | All | Yes | All | All | 
| Project Manager | All | Yes | All | All | 
| Dashboard User | All | Yes | All | All | 
| Manager | All | Yes | All | All | 
| System Administrator, Full Access User | All | Yes | All | All | 
| API User | All | Yes | All | All | 
 Render all Tasks as Task Category:
Render all Tasks as Task Category:
                                                About this setting
When you select a task category from this menu, all users assigned this security level will see all tasks (in New, Edit, and Detail mode) displayed using the selected task category, regardless of the task’s actual category. This lets you create a task category that shows limited task fields, and then select that category for an External Contractor security level to limit the contractors' access to data.
NOTE To allow this security level to see all tasks with the task's actual category, use the default setting, Task's Task Category.
The Render all Tasks as Task Category setting applies to New/Edit Task and Task pages only. Users may have access to task data via other features, for example, search tables and widgets.
It is not possible to delete a Task Category that is the Render as category for a security level.
The listed settings are enabled by default for the following system security levels:
| Security Level | Option | 
|---|---|
| Co-managed Help Desk | [Task's Task Category] | 
| Minimal Access | [Task's Task Category] | 
| Time & Attendance | [Task's Task Category] | 
| Team Member | [Task's Task Category] | 
| Contractor | [Task's Task Category] | 
| Private CRM | [Task's Task Category] | 
| Sales | [Task's Task Category] | 
| Service Desk User | [Task's Task Category] | 
| Project Manager | [Task's Task Category] | 
| Dashboard User | 
 | 
| Manager | [Task's Task Category] | 
| System Administrator, Full Access User | [Task's Task Category] | 
| API User | [Task's Task Category] | 
 Time Entry Permissions
Time Entry Permissions
                                                 Can modify Contract on task and issue time entries
Can modify Contract on task and issue time entries
                                                        About this setting
These permissions allow users to modify specific settings on project task forms, issue time entry forms, and project charges.
Select this check box to enable resources to change the contents of the Contract field on a task or issue time entry. The Contract field specifies what contract to associate the time entry with for billing purposes.
NOTE This permission is the default for the following standard security levels: System Administrator, Manager, Sales, and Service Desk User. You can edit default settings.
The listed settings are enabled by default for the following system security levels:
 Can modify Non-Billable setting on task and issue time entries
Can modify Non-Billable setting on task and issue time entries
                                                        About this setting
Select this check box to enable resources to change the Non-Billable/Billable status of the task or issue time entry.
The listed settings are enabled by default for the following system security levels:
 Can modify Show on Invoice setting on task and issue time entries
Can modify Show on Invoice setting on task and issue time entries
                                                        About this setting
Select this check box to enable resources to specify whether or not a non-billable item should appear on the invoice with the billable amount set to 0.
NOTE This permission is available on the time entry only when the task or issue time entry is Non-Billable.
The listed settings are enabled by default for the following system security levels:
 Can modify Work Type on task and issue time entries
Can modify Work Type on task and issue time entries
                                                        About this setting
Select this check box to enable resources to change the contents of the Work Type field on a task or issue time entry. The Work Type field specifies what work type to associate the time entry with for billing purposes.
NOTE This permission is the default for the standard System Administrator, Manager, Sales, and Service Desk User security levels. You can edit default settings.
The listed settings are enabled by default for the following system security levels:
 Can modify Service/Bundle on task/issue time entries and project charges
Can modify Service/Bundle on task/issue time entries and project charges
                                                        About this setting
Select this check box to enable resources assigned to this security level to modify the Service/Bundle selection for task and issue time entries and project charges. With this check box selected, the Service/Bundle field will appear on the New and Edit Task/Issue Time Entry pages and the New/Edit Project Charge page.
The listed settings are enabled by default for the following system security levels:
 Can enter time on
Can enter time on
                                                        About this setting
This menu enables to you specify the tasks on which a user can enter time. All Project View permissions also apply. The selected option determines what the user sees in the Show menu on the Enter Time page for project time.
NOTE These settings replace the previous settings to enable or disable the Show menu.
My Tasks
- This option limits time entry to tasks assigned to the user. The Show menu displays this option, and the menu is disabled.
My Tasks and Unassigned Department Tasks
- This option limits time entry to tasks assigned to the user and unassigned tasks from a department with which the user is associated. The Show menu includes two options: My Tasks or My Tasks and Unassigned Department Tasks.
My Tasks and Department Tasks
- This option limits time entry to tasks assigned to the user and tasks from a department with which the user is associated. The Show menu includes two options: My Tasks or My Tasks and Department Tasks.
All Tasks
- This option allows time entry on all tasks. The Show menu includes My Tasks, My Tasks and Department Tasks and All Tasks.
The listed settings are enabled by default for the following system security levels:
| Security Level | Permission | 
|---|---|
| Co-managed Help Desk | My Tasks | 
| Minimal Access | My Tasks | 
| Time & Attendance | My Tasks | 
| Team Member | My Tasks | 
| Contractor | My Tasks | 
| Private CRM | My Tasks & Department Tasks | 
| Sales | My Tasks & Department Tasks | 
| Service Desk User | My Tasks & Department Tasks | 
| Project Manager | My Tasks & Department Tasks | 
| Dashboard User | My Tasks | 
| Manager | All Tasks | 
| System Administrator, Full Access User | All Tasks | 
| API User | All Tasks | 
 Task Checklist Permissions
Task Checklist Permissions
                                                About this setting
All security levels allow users to:
- Add checklists from the checklist library to tasks or tickets they create or can edit.
- View and complete checklist items.
- Uncomplete checklist items they completed themselves.
You can assign the following permissions for task checklists. They are entirely independent of each other.
Can add/edit Library Checklists
Users with this permission have access to the Checklist Library. They can:
- Save checklists to the library from a task or form template.
- Create task checklists in the library and edit existing task library checklists.
NOTE  Users without Projects or Service Desk Admin permission can access the Checklist Library from  > Admin > Application-wide (Shared) Features.
 > Admin > Application-wide (Shared) Features. 
Can delete Library Checklists
- Users with this permission have access to the Checklist Library. They can delete task checklists from the Checklist Library.
NOTE  Users without Projects or Service Desk Admin permission can access the Checklist Library from  > Admin > Application-wide (Shared) Features.
 > Admin > Application-wide (Shared) Features. 
Can add/edit items
Users with this permission can add and edit checklists on tasks for which they have Edit permissions; specifically:
- Add items to a task checklist.
- Edit items in the checklist.
- Reorder and copy items within the checklist.
Can delete/uncomplete items
Users with this permission can:
- Uncomplete checklist items completed by anyone.
- Delete items from the checklist on a task.
NOTE Note that if the checklist entity is Task & Ticket, you must have delete permission for both task and ticket checklists.
The listed settings are enabled by default for the following system security levels:
 Other
Other 
                                                 Can view legacy Projects dashboard
Can view legacy Projects dashboard
                                                        About this setting
This option defaults to selected. When selected, users can view the legacy Projects dashboard ( > Projects > View > Dashboard page).
 > Projects > View > Dashboard page).
The listed settings are enabled by default for the following system security levels:
 Can view Task notes and attachments marked as "Internal Only" and "Internal & Co-managing"
Can view Task notes and attachments marked as "Internal Only" and "Internal & Co-managing"
                                                        About this setting
This setting (enabled by default) controls whether users see internal notes, internal attachments, and the internal portion of time entries on the Task page. If disabled, they will see placeholder text instead of user-entered content. Thumbnails for image attachments will not appear.
- On co-managing security levels, the setting is called Can view Task notes and attachments marked as "Internal & Co-managing"
- This setting has no impact on Project-level notes.
- The Global Notes Search page can show Task Notes and will respect this setting.
- Internal Notes will always be visible on the Approve & Post page.
NOTE All users can view their internal notes, attachments, and time entry internal notes, even with this setting disabled.
The listed settings are enabled by default for the following system security levels:
 Can view billing data in activity feed
Can view billing data in activity feed
                                                        About this setting
This check box toggles the display of the Show Billing Data check box on the Activity feed, to prevent the resource from seeing any billing data.
The listed settings are enabled by default for the following system security levels:
Additional Resources
- Contract security settings
- CRM security settings
- Inventory security settings
- Project security settings
- Service Desk security settings
- Knowledge Base and Documents security settings
- Timesheet security settings
- Report security settings
- Admin security settings
- Other security settings
- Web Services API security settings




 
                                                     
                                                    



