This article will cover the basics of NetSuite User Roles and Permissions. Roles & Permissions, simply put, restrict what a user can and cannot view or edit in NetSuite. This helps promote security and data integrity in your business and helps the user not get overwhelmed by the capabilities and features available in the NetSuite UI.
NetSuite provides a standard set of Roles that are provisioned in every NetSuite Account. However, a custom set of roles can also be provisioned in your account during your NetSuite Implementation.
Note: "User" in this article, and in NetSuite Terminology in general refers to any person who has access to your NetSuite Account. This refers most commonly to employees and contractors, but can also be applied to partners, vendors, and even customers who have some level of access to your NetSuite Account.
What are User Roles & Permissions in NetSuite?
Roles are the foundation for data security in your NS account. Roles are configured access defined by permissions & restrictions and assigned to users. The role is configured access given to users and characterized by: A set of permissions, A level set for each granted permission, and Restrictions that modify permissions. Understanding the function of Roles and Permissions is essential as you set up users in the account.
Managing NetSuite roles properly helps you ensure that your employees are given the appropriate permissions and only have access to the parts of the software that apply to them. This does two things. It makes it so that more information is private. In addition, it's a lot easier for users to work in and understand NetSuite when instead of having a bunch of different dropdowns, there's a limited amount of information available to each user in their role. So properly assigning roles in NetSuite can make it a little bit better for the user experience and your employees and promote data integrity within your NetSuite Account!
Permission Levels & Security Layers
Permissions limit a user's access to data and define the user's authority to access and work with specific data while working within that role in your NetSuite Account. A set of permissions is provided for each pre-defined role in your NetSuite account, and each granted permission is assigned an access level defined by one of the following permission types: View, Create, Edit, or Full.
Note: NetSuite users can be assigned multiple roles within your account. If you edit a user's role to prevent them from using data when logged in under that role, this does not affect the way the user can interact when logged into your NetSuite account under another role.
Additional security layers are applied to a role and govern interaction with data. For example, you can allow someone to edit any record of a particular record type or restrict the security layer only to enable them to edit their own records.
Centers Overview
Each role is assigned a center with optimized navigation for the tasks typically associated with that role, terminology that is likely to be more familiar to users commonly assigned to that role, and a collection of tabbed pages with dashboards. However, a few standard pages are included in all NetSuite centers: Home, Activities, Documents, and Setup pages. Remember that any NetSuite user who wants to use the classic interface can choose this by updating their User Preferences.
Want to learn how to create a Custom NetSuite Center? Check out our article on the topic: NetSuite Navigation Dropdown
Setting up Roles and Permissions in NetSuite
I will show you how you can set up roles and permissions to give you a little more control over who has access to what parts of your system. So, first of all, let's go into setup, then users and roles, and then we'll click on 'Manage Roles'.
Now that we're in there, we can see that all these different types of roles have different permissions assigned to them.
These permissions have different access to certain records. For example, you can give access to view edit to create or full access to certain parts of the system. So, for instance, if I go into List > Accounting > Items, some people may have full access to do whatever they want to the items, and some may only be able to Create a new item, View an item, or Edit an item.
.
Example Permissions
Now let's go into an example. We can look at Accountant, and then the accountant has a name and ID, and there are some other check boxes that you can look into a little bit more in detail on SuiteAnswers if you'd like, but the main thing that we're going to look at is the Permissions tab. You can see that there are Transactions, Reports, Lists, Setup, Custom Record, and permissions for all these different parts of the software.
Under Transactions, you'll see that this accountant has access to things that make sense for the accountant, like Bills, Check, Deposit, and Invoice. In addition, the accountant can access several Reports, such as Income, Inventory, Purchases, and Sales. Under Lists, you can see that the Accountant has access to Accounts, Calendar, Classes, Competitors, Contacts, Customers, Employees, Events, and several more. Under Setup, they have access to just a handful of things, including Accounting Lists, Deleted Records, and Web Services. Finally, under Custom Record, you could also assign permissions to anything custom that you add to your system.
Access Levels
BeforeBefore we look at customizing the permissions associated with this Accounting role; you also need to understand Security levels. All the rows listed under the various permissions tabs on this Role are things that this Accountant role has access to, but the type of access they have can vary. As briefly mentioned above, the available security levels in NetSuite are Full, Edit, Create, and View. However, some of these permissions can be further restricted by being applied to their own records rather than any records (ex. View Own, Edit Own). Using security levels to limit permissions further gives you greater flexibility in managing roles, promoting data integrity, and protecting sensitive information within your NetSuite account.
.
Customizing Roles & Permissions
Your account had pre-built, custom roles, which should be assigned to users: It provides better account security; users have only the permissions necessary to do their jobs. However, roles can be customized to fit your business needs better.
Note: You can never change the native role. Still, you can always customize it, create a copy, and assign it from there.
To review a custom role, navigate to Setup > Users/Roles > Manage Roles, click on the Role name, and check the role's configuration. For example, let's say that you didn't like the permissions for this Accountant role and needed to customize it. You will start by clicking the 'Customize' option next to the role.
You cannot edit the permissions of a default role by customizing it directly. Instead, as soon as you click 'Customize' next to a default role, NetSuite makes a copy of the default role with all the same permissions so you can create a custom role with edited permissions from there.
Let's say that I want to call this the New Accountant Role, and let's skip the rest of the options in the main tab and jump down to the Permissions.
Add/Remove Permissions
If you want to manage entire permissions, click on a permission you would like to edit, and a menu will appear.
This menu gives you options to Insert a new permission or Remove the permission you have selected. It also includes a Cancel button that will close the menu without saving your changes and an OK option to save the permission.
Note: Clicking 'OK' only saves the changes you made to the role for the duration of your editing session. It does not save the changes to the role itself until you click 'Save' on the role.
Change Permission Level
Before removing a permission, check to see if restricting the permission level will be sufficient—for example, this Accountant can edit Track Time transaction data. Instead of removing the Transaction permission for Track Time entirely, you can change the permission level from 'Edit' to 'View'. That way, this accountant cannot make changes to the data, but they can still view it as needed.
Alternatively, you may want to expand the permissions associated with a role by changing the access type. For example, this Accountant role only has 'Edit' access to Sales Order transactions. However, if you want them to be able to create and edit Sales Orders, you can switch their access to 'Full'.
Now we can click 'Save' on this role. Now, if you go back to the Manage Roles list, you'll be able to locate the New Accountant role we just created.
Note: If you're having trouble finding the role you created, remember you can quickly find an item in a surfaced list through a CTRL + F search
If you would like, you can edit the role further by clicking the 'Edit' option next to the role. Remember that any custom roles in your NetSuite account will have this 'Edit' option next to them, while the default roles will have the 'Customize' option that we used earlier to create our custom role.
.
Assigning a Role to an Employee
Let's say I have an employee who is currently assigned the default Account role, but I want them only to have this New Accountant role. As the Administrator, you will need to edit the employee record, navigate to the Access subtab on the employee record, and adjust the employee's roles from there. An employee may have multiple roles assigned to them. However, they will need to know how and when to switch between various roles to access the information they need.
Assigning users multiple limited roles does not affect your license count. However, there are limits on Full Access licenses, so be sure to only assign those to the people who need them.
For more detailed instructions on how to assign a Role to an Employee in NetSuite, check out our article on Giving Somone Access to NetSuite.
.
Switching Between Multiple roles
Employees can use different roles to do their work. To switch between multiple roles, hover over your login profile on the top-right side of the page; if necessary, click on "All Roles" to view assigned roles; click the role to select from the assigned roles list. In addition, you may have to answer a security question depending on how long it has been since you logged into that role from your current browser.
Note: It is a best practice in NetSuite to set a different color scheme for each of your assigned roles, so you can easily tell them apart while working. You can change the color scheme of a given role by navigating to Home > Set Preferences > Appearance and selecting a new color.
.
Show Role Differences
Finally, the last thing I will show you is the Show Role Difference feature. What this is going to do is give you a little bit more of an understanding of the differences between one roll and another one. To view and compare the permissions associated with different roles, navigate to Setup > Users/Roles > Show Role Differences.
It takes you to a page where you can choose what roles you would like to see in a line-by-line comparison of their permissions. For this example, I'm going to select AP Clerk as my compare-to role, and the base role I'm comparing it with will be an Engineer.
I'm going to click 'Show,' and you can see that it opens a list view where you can view the differences between each permission granted to these roles. For instance, if we look at the List category Accounts Payable permission, we can see that the engineer has no access while the AP clerk role has Edit access.
This ability to compare role differences lets you quickly learn why one role may suit a particular user better. With this knowledge, you will be better equipped to manage the various roles in your NetSuite Account.
Roles Not Showing Up When Assigned
Sometimes after assigning a role, they will fail to appear in the My Roles list to login to. If you have this issue, go to the role you are trying to log in to. After you've done that, navigate to Permissions > Setup. Then, delete the SAML Single Sign-on Permission.
That's all for now! Hopefully, this post gives you something to work with while trying to understand NetSuite and what it can do for your business. If you have any questions, feel free to contact our team at Anchor Group.
.
Get stuck in a step during this article?
We like to update our blogs and articles to make sure they help resolve any troubleshooting difficulties you are having. Sometimes there is a related feature to enable or a field to fill out that we miss during the instructions. If this article didn't resolve the issue, please use the chat and let us know so that we can update this article!