Widget security

SECURITY Admin level security
NAVIGATION Left Navigation Menu > Admin > Features and Settings > Application-wide (shared) features > System Settings > Site Setup > Allow HTML widgets on shared dashboards
General widget security principles
Widgets, similar to searches and reports, display only data you have permission to view. These permissions are defined in the security level your user profile is associated with.
EXAMPLE The widgets on your dashboard display entities (organizations, tickets or projects) where your permission setting is at least Mine, in lines of business you are associated with.
If you don't have permission to view certain types of data, for example billing data, you won't even be able to create widgets for that, although you may see them on tabs shared by another user.
Widgets that display information only accessible in reports (for example survey results) apply the report security permissions defined in your security level.
EXAMPLE Users with access to the Contracts module or view permissions for Contracts & Billing reports will be able to create Pending Billing Item, Posted Billing Item, and Invoice Item widgets. If a user has neither of these permissions but has access to any widgets of these types (via shared tabs or previously created) such widgets will never display any data.
EXAMPLE The same rule applies to Milestone widgets with the exception that access to Projects also provides access to Milestone widgets.
EXAMPLE For Work Entry widgets, users with Contracts permissions or view permissions for Time & Expense reports can see all work entries. Otherwise they will only see work entries for themselves and users they are timesheet approvers for.
EXAMPLE You can see survey results for tickets where you are a resource. To see all survey results, you need Admin report security.
Exception: HTML widgets security system setting
Why does Autotask provide this system setting?
HTML widgets allow users to render custom content inside of a dashboard widget. This level of flexibility comes with a potential risk of malicious behavior. Knowledgeable users could exploit various attack vectors to create HTML widgets that produce harmful results. Shared tabs could distribute these widgets and extend this potential harm to multiple users in your organization.
What does this system setting do?
"Allow HTML widgets on shared dashboard tabs" determines whether shared dashboard tabs can include HTML widgets.
This setting is disabled (not checked) by default. When it is disabled, you cannot add HTML widgets to a shared dashboard tab. If you share a tab that already contains an HTML widget, the widget will not render content when the shared tab is edited or accessed by the assigned users.
To allow HTML widgets on shared dashboard tabs, select the system setting check box to enable the system setting.
IMPORTANT If you choose to allow users to include HTML widgets on shared dashboard tabs, we recommend that you be selective about which security levels have permission to manage shared tabs. Refer to Creating or editing a custom security level.