Advanced Employee Permissions and SuiteFlow

In NetSuite, account administrators have access to all the information on all record types, including the employee record. This can create issues in the following situations:

When a user is assigned a role that has permission to create workflows.
When a user sets a workflow to run as administrator.

A user could write or deploy a workflow that gains access to employee information that they would normally not have access to. This could potentially be used to compromise employee information.

When Advanced Employee Permissions is enabled, carefully track which roles have permission to create or alter workflows. In addition, track which workflows execute as administrator, and what they do to make sure employee information is not unintentionally leaked.

It is not possible to know what fields or sublists are present on any employee record when Advanced Employee Permissions is enabled. This means that workflows cannot safely perform operations, such as setting a default value on a field. To avoid this, utilize an After Submit workflow as administrator, which gives access to the complete set of fields and sublists on the employee record.

If you have any workflows that add buttons to the employee record, make sure that they appear only when appropriate. Configure scripts so that the action being added respects the restrictions on the employee record.

For more information about workflows, see Working with Workflows.

Related Topics