This article will cover the basics of NetSuite User Roles and Permissions. Roles & Permissions, simply put, restrict what a user can and cannot view or edit in NetSuite. This helps promote security and data integrity in your business, and it also helps users not get overwhelmed by the capabilities and features available in the NetSuite UI.
NetSuite provides a standard set of Roles that are provisioned in every NetSuite Account. However, a custom set of roles can also be provisioned in your account during your NetSuite Implementation.
Note: "User" in this article, and in NetSuite Terminology in general refers to any person who has access to your NetSuite Account. This refers most commonly to employees and contractors, but can also be applied to partners, vendors, and even customers who have some level of access to your NetSuite Account.
What are User Roles & Permissions in NetSuite?
Roles are the foundation for data security in your NetSuite account. Roles are configured access, defined by permissions & restrictions, and assigned to users. The role is configured to give access to users and is characterized by a set of permissions, a level set for each granted permission, and Restrictions that modify these permissions. Understanding the function of Roles and Permissions is essential as you set up users in the account.
Managing NetSuite roles properly ensures that your employees are given the appropriate permissions and have access only to the parts of the software that are relevant to them. This does two things. It makes it so that more information is private. In addition, it's easier for users to work in and understand NetSuite when there is a limited amount of information available to each user in their role, rather than having multiple unused dropdowns that clutter up the NetSuite navigation. So, properly assigning roles in NetSuite can improve the user experience and promote data integrity within your NetSuite account.
To learn more about what you can do to keep your NetSuite data clean, check out this article on Tips for Clean Data Management in NetSuite that my teammate Jacob back in November of 2022!
User Permission Levels and Security Layers in NetSuite
Permissions limit a user's access to data and define the user's authority to access and work with specific data while they are in that role within your NetSuite account. A set of permissions is provided for each pre-defined role in your NetSuite account, and each granted permission is assigned an access level defined by one of the following permission types: View, Create, Edit, or Full.
It is important to remember that NetSuite users can be assigned multiple roles within your account. If you edit a user's role to prevent them from using data when logged in under that role, it does not affect how the user can interact when logged into your NetSuite account under another role.
Additional security layers are applied to a role and govern interaction with data. For example, you can allow someone to edit any record of a particular record type or restrict the security layer so that they can only edit their own records.
Looking for another way to improve the security of your NetSuite account? Check out this article on IP Address Restrictions in NetSuite, that my teammate KC put together in March of 2025!
NetSuite Centers Overview
Each role is assigned a center with optimized navigation for the tasks typically associated with that role, terminology more familiar to users commonly assigned to that role, and a collection of tabbed pages featuring NetSuite dashboards. However, a few standard pages are included in all NetSuite centers: Home, Activities, Documents, and Setup pages. Remember that any NetSuite user who wants to use the classic interface can choose this by updating their User Preferences.
Want to learn how to create a Custom NetSuite Center? Check out this article on NetSuite Navigation Dropdown (Centers, Tabs, Categories, Links) that I wrote in July of 2022!
Setting up Roles and Permissions in NetSuite
I'll show you how to set up roles and permissions, giving you more control over who has access to specific parts of your system. So, first, let's go into setup, then users and roles, and finally, we'll click on 'Manage Roles'.
Now that we're in there, we can see that each of these different types of roles has different permissions assigned.
These permissions have different access to certain records. For example, you can grant access to view, edit, create, or have full access to specific parts of the system. For instance, if I go into List > Accounting > Items, some people may have full access to modify the items as they see fit. In contrast, others may only have the ability to create new items, view existing items, or edit them.
NetSuite User Permissions Example
Now, let's look at an example. We can look at the Accountant, and then the Accountant has a name and ID. There are also some other checkboxes that you can explore in more detail on SuiteAnswers if you'd like. However, the main thing we'll focus on is the Permissions tab. You can see that there are Transactions, Reports, Lists, Setup, Custom Record, and permissions for all these different parts of the software.
Under Transactions, you'll see that this accountant has access to things that make sense for the accountant, like Bills, Checks, Deposits, and Invoices. In addition, the accountant can access several Reports, such as Income, Inventory, Purchases, and Sales. Under Lists, you can see that the Accountant has access to Accounts, Calendar, Classes, Competitors, Contacts, Customers, Employees, Events, and several more. Under Setup, they have access to a limited number of things, including Accounting Lists, Deleted Records, and Web Services. Finally, under Custom Record, you can also assign permissions to any custom item you add to your system.
NetSuite User Access Levels
Before customizing the permissions associated with this Accounting role, you also need to understand Security levels. All the rows listed under the various permissions tabs on this Role are things that this Accountant role has access to, but the type of access they have can vary. As briefly mentioned above, the available security levels in NetSuite are Full, Edit, Create, and View. However, some of these permissions can be further restricted by being applied to their own records rather than any records (ex., View Own, Edit Own). Using security levels to limit permissions further gives you greater flexibility in managing roles, promoting data integrity, and protecting sensitive information within your NetSuite account.
Customizing NetSuite Roles & Permissions
Your account has pre-built, custom roles, which should be assigned to users. It provides better account security; users have only the permissions necessary to do their jobs. However, roles can be customized to better fit your business needs.
Note: You can never change the native role. Still, you can always customize it, create a copy, and assign it from there.
To review a custom role, navigate to Setup > Users/Roles > Manage Roles, click on the Role name, and check the role's configuration. For example, let's say you didn't like the permissions for the Accountant role and needed to customize them. You will start by clicking the 'Customize' option next to the role.
You cannot edit the permissions of a default role by customizing it directly. Instead, as soon as you click 'Customize' next to a default role, NetSuite makes a copy of the default role with all the same permissions so that you can create a custom role with edited permissions from there.
Let's say I want to call this the New Accountant Role. Let's skip the rest of the options in the main tab and go directly to the Permissions.
Add/Remove NetSuite User Permissions
To manage entire permissions, click on a permission you want to edit, and a menu will appear.
This menu gives you options to Insert a new permission or Remove the permission you have selected. It also includes a Cancel button that closes the menu without saving your changes, and an OK button to save the permission.
Note: Clicking 'OK' only saves the changes you made to the role for the duration of your editing session. It does not save the changes to the role itself until you click 'Save' on the role.
Changing a Permission Level in NetSuite
Before removing a permission, check to see if restricting the permission level will be sufficient—for example, this Accountant can edit Track Time transaction data. Instead of removing the Transaction permission for Track Time entirely, you can change the permission level from "Edit" to "View". That way, this accountant can still view the data as needed, but they cannot make changes to it.
Alternatively, you can expand the permissions associated with a role by changing the access type. For example, this Accountant role only has 'Edit' access to Sales Order transactions. However, if you want them to be able to create and edit Sales Orders, you can switch their access to 'Full'.
Now we can click 'Save' on this role. Now, if you go back to the Manage Roles list, you'll be able to locate the New Accountant role we just created.
Note: If you're having trouble finding the role you created, remember you can quickly find an item in a surfaced list through a CTRL + F search
If you would like, you can edit the role further by clicking the 'Edit' option next to the role. Remember that any custom roles in your NetSuite account will have the 'Edit' option next to them, while default roles will have the 'Customize' option, which we used earlier to create our custom role.
Assigning a NetSuite Role to an Employee
Let's say I have an employee who is currently assigned the default Account role, but I want them to have the New Accountant role instead. As the Administrator, you will need to edit the employee record, navigate to the Access subtab, and adjust the employee's roles from there. An employee may have multiple roles assigned to them. However, they will need to know how and when to switch between various roles to access the information they need.
Assigning users multiple limited roles does not affect your license count. However, there are limits to Full Access licenses, so be sure to assign them only to those who need them.
For more detailed instructions on how to assign a Role to an Employee in NetSuite, check out our article on Giving Somone Access to NetSuite.
Switching Between Multiple Roles in NetSuite
Employees can use different roles to do their work. To switch between multiple roles, hover over your login profile on the top right side of the page. If necessary, click "All Roles" to view your assigned roles. Then, click the role to select it from the list of assigned roles. In addition, you may have to answer a security question depending on how long it has been since you logged into that role from your current browser.
Note: It is a best practice in NetSuite to set a different color scheme for each of your assigned roles, so you can easily tell them apart while working. You can change the color scheme of a given role by navigating to Home > Set Preferences > Appearance and selecting a new color..
Show Role Differences in NetSuite
Finally, the last thing I will show you is the Show Role Difference feature. What this is going to do is give you a little bit more of an understanding of the differences between one roll and another one. To view and compare the permissions associated with different roles, navigate to Setup > Users/Roles > Show Role Differences.
It takes you to a page where you can choose which roles you want to compare line by line based on their permissions. For this example, I'll select AP Clerk as my comparison role, and the base role I'm comparing it to will be an Engineer.
I'm going to click 'Show,' and you can see that it opens a list view where you can view the differences between each permission granted to these roles. For instance, if we look at the List category Accounts Payable permission, we can see that the engineer has no access while the AP clerk role has Edit access.
This ability to compare role differences allows you to quickly learn why one role might suit a particular user better. With this knowledge, you will be better equipped to manage the various roles in your NetSuite Account.
NetSuite Roles Not Showing Up When Assigned
Sometimes, after assigning a role, they may fail to appear in the 'My Roles' list for logging in. If you have this issue, go to the role for which you are trying to log in. After you've done that, navigate to Permissions > Setup. Then, delete the SAML Single Sign-on Permission.
That's all for now! Hopefully, this post gives you something to work with as you begin to understand NetSuite and what it can do for your business. If you have any questions, feel free to contact our team at Anchor Group.
.
Got stuck on a step during this article?
We like to update our blogs and articles to make sure they help resolve any troubleshooting difficulties you are having. Sometimes there is a related feature to enable or a field to fill out that we miss during the instructions. If this article didn't resolve the issue, please use the chat and let us know so that we can update this article!