If your account has the respective feature enabled, you can restrict this role’s access to transaction, employee, partner, and optionally item records, based on the values in the Department, Class, and Location fields on these records. Limit the set of available values of Department, Class, and Locations that users can assign to these records using restrictions. Department, Class, and Location restrictions can be defined per role and then applied to all users logged in with that role.
To set Department, Class, and Location restrictions, click the Restrictions subtab. On the Restrictions subtab, set the following fields:
Segment – Select the Segment by which to restrict the role. Select either Class, Department, or Location.
Restrictions – Select the appropriate restriction level for the role:
none - default to own – There is no restriction on what can be selected. Record access is not determined by this field. Fields of this type will select the user by default.
own, subordinate, and unassigned – Users are restricted when selecting any of the employee, sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy. Users may only select themselves or their subordinates. If the select field is optional, then the user may leave the value unassigned. Note that unassigned is technically a null value when used for filtering.
own and subordinates only – Users are restricted when selecting any of the employee, sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy with the exception of unassigned records. Consequently, unassigned records are filtered and denied access. Users may only select themselves or their subordinates.
Allow Viewing – Check this box to allow users logged in with this role to see, but not edit, data for departments, classes and locations to which the role does not have access. Note that this setting does not allow viewing of employee payroll or commissions data. Also, users cannot view non-subordinate records other than their own department, class or locations records when the Restrictions field is set to own and subordinates only.
Apply To Items – Check this box to apply the department, class and locations restrictions defined here to item records, in addition to transaction, employee, and partner records.
Any account in the Chart of Accounts list that does not have an assigned department is not subject to the own, subordinate, and unassigned or own and subordinates only restrictions.
In NetSuite OneWorld, subsidiary restrictions automatically apply to departments. For example, if Department A is assigned to only Subsidiary X and a role is restricted to Subsidiary X, users with that role have access to only Department A, even if that role does not have any department restrictions.
You can also apply role-based, class restrictions to custom records. For more information, see Applying Role-Based Restrictions to Custom Records.
- Customizing or Creating NetSuite Roles
- Customizing and Creating Roles
- Assigning Core Administration Permissions
- Administrator – No HR/Employee Access SuiteApp
- Restricting Role Access to Accounting Books
- Restricting Role Access to Subsidiaries (OneWorld Only)
- Setting Employee Restrictions
- Setting a Role as Issue Role for Issue Management
- Setting a Role as Web Services Only Role
- Setting a Role as Single Sign-On Only Role
- Restricting a Role by Device ID
- Restricting a Role by IP Address
- Setting Two-Factor Authentication Requirements
- Setting Permissions
- Setting Default and Restricted Forms
- Setting Search Defaults for a Role
- Setting Preferences for the Role
- Translating Custom Role Names
- Selecting a Dashboard for a Role