Roles and Permission Considerations for APIs
When you work with the following NetSuite APIs, you must consider which permissions you need. In addition to main permissions, REST and SOAP Web Services, SuiteAnalytics Connect, and SuiteScript rely on other permissions that allow access to forms, sublists, fields, and other components.
REST Web Services
The following permissions must be assigned to roles, or people, who work with REST Web Services:
-
REST Web Services
-
Log in using Access Tokens
-
SuiteAnalytics Workbook
To learn about standard roles that have these permissions enabled by default, see REST Web Services Prerequisites and Setup.
SuiteAnalytics Connect
To use SuiteAnalytics Connect, you can either have the Full level of the SuiteAnalytics Connect permission, or the SuiteAnalytics Connect – Read All permission that provides read-only access to all NetSuite data through the Connect Service.
Note that the SuiteAnalytics Connect – Read All permission improves performance when running queries, but exposes sensitive data such as employee and customer records to the user. For more information, see Connect Permissions.
Depending on the data source that you use when you access the Connect Service, consider the following:
SuiteScript
To use SuiteScript, you must have the SuiteScript permission assigned to your role. Also, you must consider what other permissions you may need. For example, when you work with records, you may need the Find Transaction permission to retrieve a record using the GET operation. Or when you work with employees, you must check the subsidiary restrictions.
For more information, see Feature Permissions Documentation.
SOAP Web Services
To log in to SOAP Web Services, you must have the Full level of the SOAP Web Services permission. In addition, you should have the correct access permissions and operations permissions that the SOAP Web Services application needs. Another role-related consideration is the preferred custom forms of some roles may not have access to certain fields or sublists that a SOAP application requires. When you use SOAP to set fields that you cannot access, you receive permission errors.
For example, when you work with records, you may need the Find Transaction permission to retrieve a record using the GET operation. Or when you work with employees, you must check the subsidiary restrictions. For more information, see Roles and Permissions in SOAP Web Services and Permissions and Restrictions.