Least Privilege Access Guide for Datto's Autotask PSA Integration

Introduction

This guide provides an overview of the permissions and security configurations needed to integrate Datto Autotask PSA with Rewst. By following these instructions, you can ensure a secure and efficient integration, adhering to best practices for least privilege.

Configure API User Permissions

To utilize Rewst with least privilege, you'll need to configure a new user class named 'Rewst Automation' within your Datto Autotask PSA. Below are the general steps:

  1. Create a New Security Level: Follow the steps outlined in Defining an API User to create a new security level with the necessary permissions.

  2. Assign Security Level: Apply the new security level to the API user responsible for Rewst integration.

  3. Webhook Permissions: If you plan to use webhooks, additional setup is required. Please refer to the Webhook Configuration page for detailed instructions.

Each API user has a tracking identifier that must be used when setting up the Autotask PSA integration. Ensure you have this identifier available when configuring Rewst.

Step 2: Configure API User Permissions

The following table outlines the categorized permissions required for each category of endpoints in Autotask that Rewst will access. For further details on each endpoint we interact with, review the Actions & Endpoints page for an exhaustive list.

Category
Endpoints
Autotask Permissions
Required Permissions

Companies & Contacts

10

CRM permissions

View, Add, Edit

Contracts

7

Contract permissions

Manage Contracts, Manage Adjustments

Documents & Attachments

10

Documents & Knowledgebase

View, Add Documents

Projects

9

Projects permissions

Add, View Projects

Resources

3

Admin permissions

Manage Resources

Surveys

3

Other

Manage Surveys

Ticket & Ticket Notes

16

Service Desk permissions

View, Add, Edit Tickets

Time Entries

6

Timesheet permissions

Create, Edit, Delete

Follow the steps on our Autotask Integration Setup page to input the API credentials and tracking identifier to complete the integration setup.

Conclusion

By following this guide, Datto Autotask PSA users can configure the necessary permissions to securely integrate with Rewst. The permissions are tailored to provide only the required access for Rewst's actions, adhering to best practices in security.

Last updated