Core Administration Permissions

Core Administration Permissions is a feature that can be enabled for a role and gives the role access to a functionality that is currently only accessible to the standard Administrator role. You can use Core Administration Permissions to customize a role so that it behaves almost like the Administrator role, while also restricting access to other areas of NetSuite using role permissions and restrictions. For example, with Core Administration Permissions you can create a role specifically for an IT administrator who is responsible for the general administration of the system, but who should not have access to sensitive employee information.

By default, Core Administration Permissions is not assigned to any roles. The Core Administration Permissions feature is enabled by default. For more information, see Customizing or Creating a Role with Core Administration Permissions.

Important:

Use caution when assigning a role with Core Administration Permissions to a user, because the role will become similar to the standard Administrator role in terms of exclusive administrator privileges.

Differences Between Core Administration Permissions and Administrator Role

Although Core Administration Permissions is designed to behave like the standard Administrator role, the following table outlines some of the differences between these two roles.

Core Administration Permissions

Administrator Role

Searches

  • Can only view saved searches through the user interface

  • Can only view private and saved searches by entering an URL

  • Can view, edit, make inactive, and delete ALL saved searches, including:

    • Shared searches, with or without the Allow Audience to Edit option enabled, whether or not they include the administrator as the audience

    • Public searches, with or without the Allow Audience to Edit option enabled

    • Private searches owned by users other than the administrator

Account administration

  • Cannot edit employees that are assigned the Administrator role

  • Cannot assign the Administrator role

  • Role with Core Administration Permissions assigned can be edited by users with non-administrator roles

  • Can edit employees that are assigned the Administrator or role

  • Can assign the Administrator role

  • Administrator role can only be edited by a user with an Administrator role

Contact Records

  • When the Advanced Employee Permissions feature is not enabled, any role using Core Administration Permissions must include the Lists > Employees permission when the Show Employees as Contacts box on the General Preferences page is checked

  • When the Advanced Employee Permissions feature is enabled, Show Employees as Contacts is not supported

  • For details, see Advanced Employee Permissions and Contact Records.

Customizing or Creating a Role with Core Administration Permissions

Consider the following when you are customizing or creating a role with Core Administration permissions:

  • Use caution when assigning Core Administration Permissions to a role, because the role will become similar to the standard Administrator role in terms of exclusive administrative privileges.

  • When you assign Core Administration Permissions to a role, you should consider making two-factor authentication required for the role. For more information, see Two-Factor Authentication (2FA).

The Core Administration Permissions feature is enabled on all accounts by default.

You can assign Core Administration Permissions to any role, and then configure the role to restrict access to areas of NetSuite.

Note:

To assign Core Administration Permissions to a role, you must be logged in using the Administrator role or a role with Core Administration Permissions and Manage Roles permissions assigned.

To assign Core Administration Permissions to a role:

  1. Go to Setup > Users/Roles > Manage Roles.

  2. On the Manage Roles list page, next to the role that you want to add Core Administration Permissions to, click Customize.

  3. On the Role record, check the Core Administration Permissions box.

  4. To make two-factor authentication required for the role, in the Two-Factor Authentication Required dropdown list, select 2FA authentication required.

  5. Click Save.

Important:

If you are logged in with a role where mandatory two-factor authentication (2FA) is required and you select Not required in the Two-Factor Authentication Required dropdown list, the mandatory 2FA policy supersedes the role setting. This means that two-factor authentication is required for the role even though it says two-factor authentication is not required on the Role record. For more information, see Mandatory Two-Factor Authentication (2FA) for NetSuite Access and Two-Factor Authentication (2FA).

Related Topics

NetSuite Permissions Overview
Permissions and Restrictions
Reviewing Permissions Assigned to Roles
Access Levels for Permissions
Permissions Documentation
Feature Permissions Documentation
Using the Global Permissions Feature
Giving Access to the Transactions Subtab on Entity Records
Giving Access to Financial Statements
Hiding Employee Information on Financial Reports
Setting Permissions for Custom Records
Permissions for Inbound Single Sign-on Methods

General Notices