Restricting Role Access to Subsidiaries (OneWorld Only)

If you have NetSuite OneWorld, you can use subsidiary restrictions to restrict what users with this role can access.

When you restrict role access to subsidiaries, consider the following:

To restrict role access to subsidiaries:

  1. On the Role page, under Subsidiary Restrictions, choose one of the following options:

    • All – Grants the role access to all subsidiaries, including inactive subsidiaries.

    • Active – Grants the role access to the active subsidiaries only.

    • User Subsidiary – Restricts the role’s access to the user’s subsidiary only. When users log in with this role, they can only access their own subsidiary. A user’s subsidiary is set on the employee record. For more information, see Assigning a Subsidiary to an Employee.

    • Selected – You select the subsidiaries to which you want to restrict the role’s access. You must select at least one subsidiary from the list.

  2. If you choose Selected, in the auto-generated list of active and inactive subsidiaries, select the subsidiaries that you want the role to have access to. To select multiple subsidiaries, hold down the Ctrl key while selecting subsidiaries.

  3. To allow users logged in with this role to see, but not edit, records for subsidiaries to which the role does not have access, check the Allow Cross-Subsidiary Record Viewing box. You cannot use this setting to view employee payroll or commissions data.


    If the Book Record Restriction option is enabled for a user, this restriction overrides permissions granted by the Allow Cross-Subsidiary Record Viewing option.

Related Topics

Customizing or Creating NetSuite Roles
Customizing and Creating Roles
Assigning Core Administration Permissions
Administrator – No HR/Employee Access SuiteApp
Restricting Role Access to Accounting Books
Setting Employee Restrictions
Setting Department, Class, and Location Restrictions
Setting a Role as Issue Role for Issue Management
Setting a Role as Web Services Only Role
Setting a Role as Single Sign-On Only Role
Restricting a Role by Device ID
Restricting a Role by IP Address
Setting Two-Factor Authentication Requirements
Setting Permissions
Setting Default and Restricted Forms
Setting Search Defaults for a Role
Setting Role-Based Preferences
Translating Custom Role Names
Selecting a Dashboard for a Role

General Notices