CRM security settings

This article describes the security settings you can configure to grant or restrict user access to Customer Relationship Management (CRM) data in Autotask. It also documents the settings of the system security levels in your Autotask instance.

System security levels are not editable, but you can make copies and edit them to create custom security levels. Refer to:

Overview

This section enables you to configure user permissions to access data for organizations and contacts by organization type, configure object permissions for all CRM entities, configure feature access and opportunity checklist and other permissions, and the dashboard for individual organizations. You can designate view, add, or edit permissions on a per-object basis.

Settings

Organization & Contact Access

About this setting

The following settings apply to the CRM category's Organization & Contact Access section of the Security Levels page shown in the below image.

NOTE Regardless of the settings you configure in this part of the application, be aware that LiveReports will always display at least the organization names. Access to other organization data is limited by the security level permissions of the logged-in user that runs or schedules the report.

The following options are available:

All: This setting is the default for all security levels with access to Admin. It allows access to all organizations of this type and associated contacts.
My Territories: This option includes all access allowed by Mine. It allows access to organizations of this type that are assigned to a territory with which the user is associated. It also allows access to the contacts of these organizations.
Mine: This setting is the default for all security levels that do not have access to Admin. It allows access to organization data for only those organizations for which user is the Account Manager or a member of the Account Team. It also allows access to contact data for only contacts associated with these organizations.
None: Users cannot access any organization data.

NOTE For the Co-managed Help Desk security level, Mine and None are the only available options.

The listed settings are enabled by default for the following system security levels:

Security Level	Customer & Cancelation	Vendors & Partners	Prospects, Leads & Dead
Co-managed Help Desk (system)	Mine	None	Mine
Minimal Access (system)	None	None	None
Time and Attendance (system)	None	None	None
Team Member (system)	All	None	None
Contractor (system)	None	None	None
Private CRM (system)	Mine	All	Mine
Sales (system)	All	All	All
Service Desk User (system)	All	All	All
Project Manager (system)	All	All	All
Dashboard User (system)	All	All	All
Manager (system)	All	All	All
System Administrator (system), Full Access (system)	All	All	All
API User (system) (API-only)	All	All	All

Object Permissions

About this setting

The following settings apply to the CRM category's Object Permissions section of the Security Levels page shown in the image below. CRM object permissions apply only to objects associated with organizations that the user has permission to access. Review Organization & Contact Access, above.

Organizations

View: Organization Type access permissions determine organization view permissions (Security Level).

Add:
- Yes: Users can add organizations of the type(s) they have permission to access.
- No: Users cannot add any organizations.
Edit or Delete:
- All: Users can complete the specified action on all organization types that they have permission to View.
- Mine: Users can complete the specified action on organizations that they have permission to view if they are the account manager or a member of the account team. If the security level permissions include My Territories access, the user can also complete the specified action for organizations assigned to territories to which the user is assigned.
- None: Users cannot complete the specified action on any organizations.

The listed settings are enabled by default for the following system security levels:

Security Level
Organizations	View	Add	Edit	Delete
Co-managed Help Desk	Refer to Organization & Contact Access	None	None	None
Minimal Access	Refer to Organization & Contact Access	None	None	None
Time & Attendance	Refer to Organization & Contact Access	None	None	None
Team Member	Refer to Organization & Contact Access	None	None	None
Contractor	Refer to Organization & Contact Access	None	None	None
Private CRM	Refer to Organization & Contact Access	Yes	Mine	None
Sales	Refer to Organization & Contact Access	Yes	Mine	None
Service Desk User	Refer to Organization & Contact Access	Yes	Yes	None
Project Manager	Refer to Organization & Contact Access	Yes	Yes	None
Dashboard User	Refer to Organization & Contact Access	None	None	None
Manager	Refer to Organization & Contact Access	Yes	Yes	None
System Administrator, Full Access User	Refer to Organization & Contact Access	Yes	Yes	Yes
API User	Refer to Organization & Contact Access	Yes	Yes	Yes

Contacts

This attribute determines the user's ability to add organization contacts. It does not restrict the user's ability to view or edit contacts that have an association with account types that their Organization & Contact view permissions allow them to see.

Yes: Users can add contacts.
No: Users cannot add any contacts

The listed settings are enabled by default for the following system security levels:

Security Level
Contacts	View	Add	Edit	Delete
Co-managed Help Desk		Yes
Minimal Access		No
Time & Attendance		No
Team Member		Yes
Contractor		No
Private CRM		Yes
Sales		Yes
Service Desk User		Yes
Project Manager		Yes
Dashboard User		Yes
Manager		Yes
System Administrator, Full Access User		Yes
API User		Yes

Opportunities & Quotes

Organization View permissions are determined by Organization Type access permissions (Security Level).

View, Edit, or Delete:

All: Users can complete the specified action on all opportunities and quotes associated with organizations that they have permission to View.
Mine: Users can complete the specified action on opportunities and quotes associated with organizations that they have permission to view if they are the account manager. If the security level permissions include My Territories access, the user can also complete the specified action for organizations assigned to territories to which the user is assigned.
None: Users cannot complete the specified action for opportunities and quotes associated with any organizations.

Add:

Yes: Users can add opportunities and quotes for organizations of the type(s) they have permission to access.
No: Users cannot add any opportunities or quotes to any organizations.

The listed settings are enabled by default for the following system security levels:

Security Level
Opportunities & Quotes	View	Add	Edit	Delete
Co-managed Help Desk	None	None	None	None
Minimal Access	None	None	None	None
Time & Attendance	None	None	None	None
Team Member	None	None	None	None
Contractor	None	None	None	None
Private CRM	Mine	Yes	Mine	None
Sales	All	Yes	Mine	None
Service Desk User	All	Yes	Mine	None
Project Manager	All	Yes	Mine	None
Dashboard User	All	None	None	None
Manager	All	Yes	All	All
System Administrator, Full Access User	All	Yes	All	All
API User	All	Yes	All	All

Sales Orders

View or Edit:

All: Users can complete the specified action on all sales orders associated with organization types that they have permission to View.
Mine: Users can complete the specified action on sales orders associated with the organization types that they have permission to view if they are the account manager for the organization or a member of the account team. If the security level permissions include My Territories access, users can also complete the specified action for organizations assigned to territories to which users are assigned.
None: Users cannot complete the specified action on sales orders for any organizations.

Add:

Not applicable. Sales orders are not manually added.

Delete:

All: Users can complete the specified action on all sales orders associated with organization types that they have permission to View.
Mine: Users can complete the specified action on sales orders associated with the organization types that they have permission to view if they are the account manager for the organization or a member of the account team. If the security level permissions include My Territories access, users can also complete the specified action for organizations assigned to territories to which users are assigned.
None: Users cannot complete the specified action on sales orders for any organizations.

The listed settings are enabled by default for the following system security levels:

Security Level
Sales Orders	View	Add	Edit	Delete
Co-managed Help Desk	None	not applicable	None	None
Minimal Access	None	not applicable	None	None
Time & Attendance	None	not applicable	None	None
Team Member	None	not applicable	None	None
Contractor	None	not applicable	None	None
Private CRM	Mine	not applicable	Mine	None
Sales	All	not applicable	Mine	None
Service Desk User	All	not applicable	All	None
Project Manager	All	not applicable	All	None
Dashboard User	All	not applicable	None	None
Manager	All	not applicable	All	All
System Administrator, Full Access User	All	not applicable	All	All
API User	All	not applicable	All	None

Devices & Subscriptions

View, Edit, or Delete:

All: Users can complete the specified action for any items associated with an organization type that they have permission to view.
None: Users cannot perform the specified action for any organization.

Add:

Yes: Users can add devices and subscriptions for organizations of the type(s) they have permission to access.
No: Users cannot add any devices or subscriptions.

The listed settings are enabled by default for the following system security levels:

Security Level
Devices & Subscriptions	View	Add	Edit	Delete
Co-managed Help Desk	All	Yes	All	None
Minimal Access	None	not applicable	None	None
Time & Attendance	None	not applicable	None	None
Team Member	None	not applicable	None	None
Contractor	None	not applicable	None	None
Private CRM	All	Yes	All	None
Sales	All	Yes	All	None
Service Desk User	All	Yes	All	None
Project Manager	All	Yes	All	None
Dashboard User	All	None	None	None
Manager	All	Yes	All	All
System Administrator, Full Access User	All	Yes	All	All
API User	All	Yes	All	All
Device Notes	View	Add	Edit	Delete
Co-managed Help Desk			Mine	None
Minimal Access			None	None
Time & Attendance			None	None
Team Member			None	None
Contractor			None	None
Private CRM			Mine	None
Sales			Mine	Mine
Service Desk User			Mine	Mine
Project Manager			Mine	Mine
Dashboard User			None	None
Manager			All	All
System Administrator, Full Access User			All	All
API User			All	All

To-dos

View:

If users cannot view any organization type, permission is None.
If permission is Yes, users can view to-dos for any organization that they can view. It is not possible to edit this field.

Add:

Yes: Users can add a to-do for any organization that users can view.
No: Users cannot add any to-dos.

Edit or Delete:

All: Users can complete the specified action on all to-dos associated with organizations that they can access.
Mine: Users can complete the specified action on to-dos assigned to them.
None: Users cannot complete the specified action on any to-dos.

The listed settings are enabled by default for the following system security levels:

Security Level
Notes, To-Dos	View	Add	Edit	Delete
Co-managed Help Desk	Yes	Yes	Mine	None
Minimal Access	No	No	None	None
Time & Attendance	No	None	None	None
Team Member	Yes	Yes	Mine	None
Contractor	No	No	None	None
Private CRM	Yes	Yes	Mine	None
Sales	Yes	Yes	Mine	Mine
Service Desk User	Yes	Yes	Mine	Mine
Project Manager	Yes	Yes	Mine	Mine
Dashboard User	Yes	None	None	None
Manager	Yes	Yes	All	All
System Administrator, Full Access User	Yes	Yes	All	All
API User	Yes	Yes	All	All

Attachments

CRM attachment security applies to attachments on organizations, opportunities, sales orders, and devices. Users must have permission to access the parent item to access the associated attachments.

View:

All: Users can view all attachments added to organizations, opportunities, sales orders, and devices that they can access.
None: Users cannot view any CRM attachments.

Add:

Yes: Users can add attachments to organizations, opportunities, sales orders, and devices that they can access.
No: Users cannot add CRM attachments.

Edit:

All: Users can edit any attachment added to organizations, opportunities, sales orders, and devices that they can access.
Mine: Users can only edit organization, opportunity, sales order, and device attachments that they added.
None: Users cannot edit any CRM attachments.

Delete:

All: Users can delete any attachment added to organizations, opportunities, sales orders, and devices that they can access.
Mine: Users can only delete organization, opportunity, sales order, and device attachments that they added.
None: Users cannot delete any CRM attachments.

The listed settings are enabled by default for the following system security levels:

Security Level
Attachments	View	Add	Edit	Delete
Co-managed Help Desk	None	Yes	None	None
Minimal Access	None	No	None	None
Time & Attendance	None	No	None	None
Team Member	None	Yes	None	None
Contractor	None	No	None	None
Private CRM	All	Yes	None	None
Sales	All	Yes	None	Mine
Service Desk User	All	Yes	None	Mine
Project Manager	All	Yes	None	None
Dashboard User	All	None	None	None
Manager	All	Yes	None	All
System Administrator, Full Access User	All	Yes	None	All
API User	All	Yes	None	All

Feature Access

The following settings apply to the CRM category's Feature Access section of the Security Levels page shown below.

Contact Group Manager

About this setting

This option enables you to configure user access to Contact Groups features and management pages. Users with these settings cleared have no access to Contact Group management. To learn more, refer to The Contact Group Manager.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Can access Export features in CRM section (requires CRM standard reports permission)

About this setting

Selecting this option will provide users with this security level AND Reports permission access to the CRM category and the Exports section on the > Reports > Report Categories > CRM tab. Refer to Report security settings to learn more.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Device Discovery Wizard

About this setting

This setting grants users access to the Device Discovery Wizard. Without this permission, users have no access to the feature. For more information, review our Launching the Device Discovery Wizard article.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Can Manage Quote Templates and Quote Email Messages Outside of Admin

About this setting

This setting empowers users to access and manage quote templates and quote email message templates. This setting does not affect users' ability to change templates assigned to quotes. That permission is controlled by users' Edit permission for the CRM objects Opportunities and Quotes.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Can Request RMA

About this setting

Select this option to allow users with this security level to initiate an RMA request from the Device page and Device tables.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Opportunity Checklist Permissions

About this setting

These permissions empower you to define the level of checklist management permissions to which your user groups have access. The following options are available.

NOTE Users without CRM Admin permission can access the Checklist Library from > Admin > Application-wide (Shared) Features.

Can add/edit Library Checklists

Users with this permission have access to the Checklist Library. They can do the following:

Save checklists to the library from an opportunity or form template
Create or edit opportunity checklists in the Checklist Library

Users with this permission have access to the Checklist Library. They can do the following:

Delete opportunity checklists from the Checklist Library

Can add/edit items

Users with this permission can add and edit checklists for opportunities to which they have Edit permissions. They can:

Add items to an opportunity checklist
Edit items in the checklist
Reorder and copy items within the checklist

Can delete/uncomplete items

Users with this permission can:

Uncomplete checklist items completed by anyone
Delete items from the checklist on an opportunity

The listed settings are enabled by default for the following system security levels:

Opportunity Checklist Permissions	Can add/edit Library Checklists	Can delete Library Checklists	Can add/edit items	Can delete/uncomplete items
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Other Permissions

Can modify Account Manager (reassign Organizations)

About this setting

The users for whom you enable this setting can change an organization's Account Manager, which reassigns the organization to a new owner.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Can modify Opportunity Owner (reassign Opportunities)

About this setting

Users who have this feature enabled will be able to change the Opportunity Owner on the Edit Opportunity page, which reassigns the opportunity to a new owner.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Can access Device Mapping

About this setting

This setting determines if a user can see the Device Mapping section (and its content) in > CRM, as well as the Go to Device Mapping button on the Device widget drill-in table. It also controls page-level security on the Device Mapping page.

This check box is enabled by default for all security levels that have access to CRM and for whom the Datto RMM Integration or the Advanced Datto Integration is active.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Display ALL organizations in organization picklists and data selectors

About this setting

Enable this feature to allow users to see all organizations in organization picklists and data selectors. Doing so will allow users to search for and create organization-related items for organizations that they do not have permission to view.

IMPORTANT Do not check this setting if you are creating or editing a restricted security level. Users with this setting selected will be able to see the names, addresses, and phone numbers of all organizations in your Autotask instance.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Can erase (redact) Contacts

About this setting

Resources with this security level will see the Erase (Redact) section on the Edit Contact page, and they will be able to redact contacts that they can edit. For more on this feature, refer to Erasing (redacting) contacts and resources.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk
Minimal Access
Time & Attendance
Team Member
Contractor
Private CRM
Sales
Service Desk User
Project Manager
Dashboard User
Manager
System Administrator, Full Access User
API User

Dashboard Display

About this setting

Use this setting to define which data should be available to display on the CRM dashboard tabs. The options are: None, Mine (data for the assigned resource), My Territories (all resources in the assigned resource's territory), and All.

The listed settings are enabled by default for the following system security levels:

Security Level	Permission
Co-managed Help Desk	Mine
Minimal Access	Mine
Time & Attendance	Mine
Team Member	Mine
Contractor	Mine
Private CRM	Mine
Sales	My Territories
Service Desk User	Mine
Project Manager	Mine
Dashboard User	All
Manager	Mine
System Administrator, Full Access User	All
API User	All

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.

CRM security settings

Overview

Settings

Additional Resources

Why wasn't this article helpful? (check all that apply)

Great!