Core Administration Permissions

Access to various features, records, transactions, or reports in NetSuite is primarily controlled by permissions associated with roles that are assigned to end users. This way the end user logged in under a given role can be granted full access to one record, while having read-only access to another record, and no access to a third record. Unfortunately, not every kind of access in NetSuite can be granted to the user by giving the right permission. Most likely this is because such a permission is missing in the system, and access to this functionality is only available for a user with the Administrator role.

Core Administration Permissions is a feature that can be enabled for a role and gives the role access to a functionality that is currently only accessible to the standard Administrator role. You can use Core Administration Permissions to customize a role so that it behaves almost like the Administrator role, while also restricting access to other areas of NetSuite using role permissions and restrictions. For example, with Core Administration Permissions you can create a role specifically for an IT administrator who is responsible for the general administration of the system, but who should not have access to sensitive employee information.

By default, Core Administration Permissions is not assigned to any roles. The Core Administration Permissions feature is enabled by default. For more information, see Customizing or Creating a Role with Core Administration Permissions.

Important:

Use caution when assigning a role with Core Administration Permissions to a user, because the role will become similar to the standard Administrator role in terms of exclusive administrator privileges.

Differences Between Core Administration Permissions and Administrator Role

Although Core Administration Permissions is designed to behave like the standard Administrator role, the following table outlines some of the differences between these two roles.

Functionality	Core Administration Permissions	Administrator Role
Searches	Can only view saved searches through the user interface Can only view private and saved searches by entering an URL	Can view, edit, make inactive, and delete ALL saved searches, including: Shared searches, with or without the Allow Audience to Edit option enabled, whether or not they include the administrator as the audience Public searches, with or without the Allow Audience to Edit option enabled Private searches owned by users other than the administrator
Account administration	Cannot edit employees that are assigned the Administrator role Cannot approve Employee change request Cannot assign the Administrator role Cannot close a NetSuite account Cannot provide access to a demo account Cannot create payment instruments Role with Core Administration Permissions assigned can be edited by users with non-administrator roles	Can edit employees that are assigned the Administrator role Can approve Employee change request Can assign the Administrator role Can close a NetSuite account Can provide access to a demo account Can create payment instruments Administrator role can only be edited by a user with an Administrator role
Contact Records	When the Advanced Employee Permissions feature is not enabled, any role using Core Administration Permissions must include the Lists > Employees permission when the Show Employees as Contacts box on the General Preferences page is checked When the Advanced Employee Permissions feature is enabled, Show Employees as Contacts is not supported For details, see Advanced Employee Permissions and Contact Records.	—

Customizing or Creating a Role with Core Administration Permissions

Consider the following when you are customizing or creating a role with Core Administration permissions:

• Use caution when assigning Core Administration Permissions to a role, because the role will become similar to the standard Administrator role in terms of exclusive administrative privileges.

• When you assign Core Administration Permissions to a role, you should consider making two-factor authentication required for the role. For more information, see Two-Factor Authentication (2FA).

The Core Administration Permissions feature is enabled on all accounts by default.

You can assign Core Administration Permissions to any role, and then configure the role to restrict access to areas of NetSuite.

Note:

To assign Core Administration Permissions to a role, you must be logged in using the Administrator role or a role with Core Administration Permissions and Manage Roles permissions assigned.

To assign Core Administration Permissions to a role:

1. Go to Setup > Users/Roles > Manage Roles.

2. On the Manage Roles list page, next to the role that you want to add Core Administration Permissions to, click Customize.

3. On the Role record, check the Core Administration Permissions box.

4. To make two-factor authentication required for the role, in the Two-Factor Authentication Required dropdown list, select 2FA authentication required.

5. Click Save.

Important:

If you are logged in with a role where mandatory two-factor authentication (2FA) is required and you select Not required in the Two-Factor Authentication Required dropdown list, the mandatory 2FA policy supersedes the role setting. This means that two-factor authentication is required for the role even though it says two-factor authentication is not required on the Role record. For more information, see Mandatory Two-Factor Authentication (2FA) for NetSuite Access and Two-Factor Authentication (2FA).

Related Topics

NetSuite Permissions Overview

Permissions and Restrictions

Reviewing Permissions Assigned to Roles

Access Levels for Permissions

Permissions Documentation

Feature Permissions Documentation

Using the Global Permissions Feature

Giving Access to the Transactions Subtab on Entity Records

Giving Access to Financial Statements

Hiding Employee Information on Financial Reports

Setting Permissions for Custom Records

Permissions for Inbound Single Sign-on Methods

General Notices