Connect Permissions

You need the SuiteAnalytics Connect permission to download a Connect driver and access NetSuite data. To access the data source through Connect, you should consider the following:

• General Role and Permission Considerations for Connect

• Role and Permission Considerations for NetSuite.com

• Role and Permission Considerations for NetSuite2.com

General Role and Permission Considerations for Connect

Account administrators can assign the SuiteAnalytics Connect permission as a Setup permission for a role or as a global permission for an employee. The employee permission gives per-user control of Connect access.

To learn how to assign the SuiteAnalytics Connect permission to roles and employees, see Providing Users with SuiteAnalytics Connect Permissions.

You can verify that you have the SuiteAnalytics Connect permission if the Set Up SuiteAnalytics Connect option appears in the Settings portlet on your home page. See Verifying the SuiteAnalytics Connect Permission.

Depending on the data source that you use when you access the Connect Service, consider the following:

• Role and Permission Considerations for NetSuite.com

• Role and Permission Considerations for NetSuite2.com

Role and Permission Considerations for NetSuite.com

Important:

Support ends for the NetSuite.com data source in 2025.1, and it will be removed in 2026.1. Start transitioning to the NetSuite2.com as soon as possible to avoid disruption when this change occurs.

Account administrators should exercise caution when assigning the SuiteAnalytics Connect permission, as some NetSuite permissions and restrictions are not enforced for Connect Service. The same permissions apply for accessing the Connect Service no matter the type of driver used.

When you use the Connect Service to access the NetSuite.com data source, consider the following:

• Enforced Permissions

• Non-enforced Permissions and Restrictions

• SuiteAnalytics Connect – Read All Permission

Enforced Permissions

The following permissions are enforced for Connect access, unless a user has been granted the SuiteAnalytics Connect – Read All permission:

• All Transactions permissions and Lists permissions for employees

• Customers

• Partners

• Vendors

• Accounting registers

Enforcement of these permissions means that when users access NetSuite data through the Connect Service, they can see only the records they have access to.

Note:

Users with the SuiteAnalytics Connect – Read All permission have read-only access to all NetSuite data through the Connect Service, regardless of what they can access in the NetSuite user interface. This applies to NetSuite.com data source only, which uses the only schema available up to 2018.2. For more information, see SuiteAnalytics Connect – Read All Permission

Non-enforced Permissions and Restrictions

Other permissions and restrictions are not enforced for Connect access, including:

• Classes

• Departments

• Locations

• Custom records

• Subsidiary Restrictions (OneWorld only)

This lack of enforcement means that users with the Connect permission enabled can access records of these types through the Connect Service that they cannot access in the NetSuite user interface.

SuiteAnalytics Connect – Read All Permission

As of 2018.2, the SuiteAnalytics Connect – Read All permission enables users to have read-only access to NetSuite data using the Connect Service, regardless of what they can access in the NetSuite user interface. This permission applies to the NetSuite.com data source only. It is not applicable to the analytics data source, also known as NetSuite2.com. The analytics data source applies role-based access restrictions. Users can query only data that they can access in the NetSuite user interface.

Important:

Enabling the SuiteAnalytics Connect - Read All permission can improve performance when running queries, however sensitive information such as employee and customer records are also exposed to the user. Account administrators should therefore only enable this permission for some users in their account.

The roles and permissions assigned to Connect users determine the data that they can access through NetSuite.com.

• Custom roles

  Certain records in the Connect schema are only accessible using an Administrator role, even if you set the appropriate permissions in NetSuite. Consequently, users assigned to custom roles who have only been granted the SuiteAnalytics Connect permission may have access to different data in the NetSuite user interface than through the Connect Service. Queries that are run using the Connect Service may also be slower for these users, because of permission checks that are not performed for Administrators.

• Custom roles and the SuiteAnalytics Connect - Read All permission

  Users assigned to custom roles who have been granted both permissions, the SuiteAnalytics Connect and the SuiteAnalytics Connect - Read All permission, have read-only access to NetSuite data through the Connect Service that they cannot access through the NetSuite user interface.

  Note:

  To protect sensitive data such as contacts, certain records are only accessible using an administrator role, even if the SuiteAnalytics Connect - Read All permission has been granted. For example, when a contact is marked as private, only the owner and the administrator role have access to its data through the Contacts table.

Role and Permission Considerations for NetSuite2.com

The roles and permissions assigned to Connect users determine the data that they can access through NetSuite2.com. However, if they use the Static Data Model, they can see the structure and the name of all available record types and fields, even if they can only get the data for the records that they have access to. For more information, see Setting the Static Data Model for Connect Drivers.

• Data Warehouse Integrator (DWI) role

  The Data Warehouse Integrator role allows users to access all NetSuite data through the NetSuite2.com data source. Note that credit card information is not accessible even if users are assigned to the Data Warehouse Integrator role. Also, Global Permissions take precedence over the Data Warehouse Integrator role. If the access level for some permissions is set to None, users with the Data Warehouse Integrator role will not have access to this data. For more information, see Using the Global Permissions Feature.

  The Data Warehouse Integrator role requires access with token-based authentication (TBA).

  Note:

  The Data Warehouse Integrator role and custom roles are the preferred option when transferring data to a data warehouse.

  For more information, see Token-based Authentication for Connect.

• General role limitations

  The Connect Service enforces role-based access restrictions to the analytics data source, also known as NetSuite2.com, which contributes to improved security. The analytics data source is not accessible for the following roles and permissions:

  • Administrator

    Note:

    When you use SuiteAnalytics Connect with OAuth 2.0, the NetSuite2.com data source is accessible for the Administrator role. However, the Data Warehouse Integrator role and custom roles are the preferred option when transferring data to a data warehouse.

  • Full Access (Deprecated)

  • Roles requiring two-factor authentication (2FA)

  • Roles accessing the Connect Service with IP restrictions

Related Topics

• Getting Started with SuiteAnalytics Connect
• Prerequisites for Using the Connect Service
• Enabling the Connect Service Feature
• Supported Windows Versions
• Supported Linux Distributions

General Notices