Setting Employee Access for Advanced Employee Permissions

You can specify additional levels of restrictions and access to employee information on the Employee Access subtab of the Role page.

To set employee access:

1. Go to Setup > Users/Roles > Manage Roles.

2. From the Manage Roles list page, you can either create a custom or new role that you want to customize employee access for:

   • To create a custom role, click Customize or Edit beside the role. All of the permissions associated with the parent role are inherited. You can make changes as necessary.

     Important:

     The Lists > Employees permission takes precedence over any of the employee permissions that are part of the Advanced Employee Permissions feature. This change is a step in separating the legacy permission model from the Advanced Employee Permissions feature. The Lists > Employees permission gives full-record access to employee records. When customizing a role, check if this permission is present. If this role should not have full access to employee records, remove the permission.

   • To create a new role that does not contain a list of associated permissions, click New Role.

     Important:

     When creating a new role using Advanced Employee Permissions you must add the Lists > Employee Record permission to the role. This permission is required to see NetSuite menus related to employees. For example, List > Employees.

3. Click the Employee Access subtab.

4. From the Permission list, select the employee access you want to add to the role. Select from the following:

   • Employee Administration – This permission is intended for Human Resources Generalists and Human Resources Administrators. Users assigned to a role with this permission have access to HR-related fields on the employee record. For more information, see Employee Administration Permission Overview.

   • Employee Compensation – This permission is intended for managers. Users assigned to a role with this permission have access to compensation information on the employee record. For more information, see Employee Compensation Permission Overview.

   • Employee Confidential – This permission is intended for managers. Users assigned to a role with this permission have access to public and confidential information on the employee record. For more information, see Employee Confidential Permission Overview.

   • Employee Public – This permission is intended for employees. Users assigned to a role with this permission have access to basic employee information on the employee record. For more information, see Employee Public Permission Overview.

   • Employee Record Full – This permission is intended for Human Resources Business Partners, Chief People Officers (CPOs), and Human Resources Directors. Users assigned to a role with this permission have access to all information on the employee record. For more information, see Employee Record Full Permission Overview.

   • Employee Self – This permission is intended for employees. Users assigned to a role with this permission have access to basic personal information on the employee record. For more information, see Employee Self Permission Overview.

   • Employee Access Tab – This permission is intended for IT Administrators. Users assigned to a role with this permission can give access and assign roles to employees. For more information, see Employee Access Tab Permission Overview.

   Note:

   When you select a permission, the default access level and restriction are applied, but you can change these.

5. If required, change the access level for the selected restriction from the Level list. For more information, see Access Levels for Permissions.

   Note:

   When two employee permissions, one at level View and another at level Edit, are included with a role, note the following. Users assigned to the role see a combination of the fields and sublists they are permitted to view on the employee record. In edit mode, only the fields and sublists that the user can edit are visible on the employee record.

   Warning:

   When you assign permissions, be aware that:

   • If you change the access level of the Employee Self permission to Edit, employees can make changes to the fields exposed with this permission. This includes their compensation information. You should use the default access level View, however, if required, you can create a custom permission. For more information, see Custom Advanced Employee Permissions.

   • If you change the access level of the following permissions to Edit, users can create employees in NetSuite:

     • Employee Public

     • Employee Confidential

     • Employee Compensation

     • Employee Administration

   • The Employee Record Full permission gives roles access to all information on the employee record. This permission is intended for Human Resources Business Partners, Chief People Officers (CPO), and Human Resources Directors. To restrict these roles to see only employee administration information, remove the Employee Record Full permission, and add the Employee Administration permission. For more information, see Employee Administration Permission Overview.

6. If required, from the Restrictions list, select a new restriction level. Select from the following:

   • Active and Non-Terminated – Select this when you want to restrict the permission to active and non-terminated employees. For example, you could add this restriction to the Employee Public permission. Then, users assigned to this role would have access to basic employee information for all active and non-terminated employees only.

   • Inherit from Role – Select this when you want the permission to inherit the restrictions set on the Role page. For more information about setting restrictions on the Role page, see Customizing or Creating NetSuite Roles.

   • Own Only – Select this when you want to restrict the permission to the employee’s own record only. Users assigned to this role have access to the fields and sublists exposed with the permission for only themselves. For example, you could add this restriction to the Employee Self permission. Then, users assigned to this role would have access only to basic personal employee information for themselves.

   • Subordinates – Select this when you want to restrict the permission by subordinates. For example, you could add this restriction to the Employee Confidential permission. Then, users assigned to this role would have access to public and confidential employee information only for their subordinates.

   Note:

   You can also create custom restrictions. For more information, see Custom Restrictions for Advanced Employee Permissions.

7. Click Add.

8. Repeat steps 4 to 7 for each permission you want to assign to the role.

9. To finish, click Save.

Note:

If you change access to a role that a user currently logged in to NetSuite is using, note the following. That user must log out and log back in to see the newly-assigned access.

Related Topics

Advanced Employee Permissions Overview

Before Enabling the Advanced Employee Permissions Feature

Advanced Employee Permissions and Standard NetSuite Roles

Advanced Employee Permissions Use Cases

Creating Custom Fields for Advanced Employee Permissions

Creating Custom Sublists for Advanced Employee Permissions

Advanced Employee Permissions

General Notices