Permissions and Restrictions

A permission grants access to a specific record type. Some permissions grant access to tasks rather than record types, but for the purposes of understanding the difference between permissions and restrictions, only record type access is relevant.
A restriction defines, after you have the necessary permissions, which instances of that record type can be accessed.

Note that users with create or full permissions to a restricted record type are able to create and submit new instances of that record type. However, these users are not able to view these newly created restricted records. In other words, users cannot view records to which they are restricted, regardless of their permissions and levels.

Permissions and Restrictions Example

As the manager of a team of employees your role might be granted the View access level for the Employees permission. This level would enable you to view, but not edit, all employee records.

In addition, a restriction might be applied to your role so you can only access employee records of members of your team.

Permissions are generally assigned to roles, and apply to users to which roles are assigned. If the global permissions feature is enabled, permissions can also be assigned to employees, independently of roles. For details about NetSuite permissions, see NetSuite Permissions Overview.

Restrictions are defined on roles, and apply to users to which roles are assigned. The following types of restrictions are available:

Employee Restrictions: You can restrict a role's access to transaction, customer, and employee records, based on values in the employee, sales rep, and supervisor fields on these records. These restrictions may also limit the values that users logged in with this role can assign to these fields on records. These restrictions do not affect access to contact records. You can choose an option to allow viewing of records that are not available for editing due to these restrictions.
Department Restrictions: You can restrict this role's access to transaction, employee, partner, and optionally item records, based on values in the department field on these records. These restrictions may also limit the values that users logged in with this role can assign to the department field on records. You can choose an option to allow viewing of records that are not available for editing due to these restrictions.
Class Restrictions: You can restrict this role's access to transaction, employee, partner, and optionally item records, based on values in the class field on these records. These restrictions may also limit the values that users logged in with this role can assign to the class field on records. You can choose an option to allow viewing of records that are not available for editing due to these restrictions.
Location Restrictions: You can restrict this role's access to transaction, employee, partner, and optionally item records, based on values in the location field on these records. These restrictions may also limit the values that users logged in with this role can assign to the location field on records. You can choose an option to allow viewing of records that are not available for editing due to these restrictions.
(OneWorld only) Subsidiary Restrictions: You can limit the subsidiary values that users with this role can select for customer and vendor records, and to limit the transaction, customer, and vendor records that users with this role can edit, based on these records' selected subsidiaries. You can choose an option to allow viewing of records that are not available for editing due to these restrictions.

For instructions for setting restrictions on a role, see Customizing or Creating NetSuite Roles.

You can audit assigned permissions through searches of role and employee records. You can audit assigned restrictions through searches of role records.

Permissions and Restrictions Example

Related Topics