Connect Permissions

You need the SuiteAnalytics Connect permission to download a Connect driver and access NetSuite data. To access the data source through Connect, you should consider the following:

General Role and Permission Considerations for Connect

Account administrators can assign the SuiteAnalytics Connect permission as a Setup permission for a role or as a global permission for an employee. The employee permission gives per-user control of Connect access.

To learn how to assign the SuiteAnalytics Connect permission to roles and employees, see Providing Users with SuiteAnalytics Connect Permissions.

You can verify that you have the SuiteAnalytics Connect permission if the Set Up SuiteAnalytics Connect option appears in the Settings portlet on your home page. See Verifying the SuiteAnalytics Connect Permission.

Depending on the data source that you use when you access the Connect Service, consider the following:

Role and Permission Considerations for NetSuite.com

Important:

As of November 8, 2021, new Connect users can access the Connect Service using the NetSuite2.com data source only. If you gained access to the Connect Service before this date, you can still access the NetSuite.com data source to ensure a smooth transition to NetSuite2.com.

Note that the NetSuite.com data source is no longer being updated with newly exposed tables and columns, and support for this data source will end in a future release. The use of the NetSuite.com data source is no longer considered a best practice, and all Connect users are encouraged to use the NetSuite2.com data source. For more information about this change, see New Accounts and Access to the Connect Data Source.

Account administrators should exercise caution when assigning the SuiteAnalytics Connect permission, as some NetSuite permissions and restrictions are not enforced for Connect Service. The same permissions apply for accessing the Connect Service no matter the type of driver used.

When you use the Connect Service to access the NetSuite.com data source, consider the following:

Enforced Permissions

The following permissions are enforced for Connect access, unless a user has been granted the SuiteAnalytics Connect – Read All permission:

  • All Transactions permissions and Lists permissions for employees

  • Customers

  • Partners

  • Vendors

  • Accounting registers

Enforcement of these permissions means that when users access NetSuite data through the Connect Service, they can see only the records they have access to.

Note:

Users with the SuiteAnalytics Connect – Read All permission have read-only access to all NetSuite data through the Connect Service, regardless of what they can access in the NetSuite user interface. This applies to NetSuite.com data source only, which uses the only schema available up to 2018.2. For more information, see SuiteAnalytics Connect – Read All Permission

Non-enforced Permissions and Restrictions

Other permissions and restrictions are not enforced for Connect access, including:

  • Classes

  • Departments

  • Locations

  • Custom records

  • Subsidiary Restrictions (OneWorld only)

This lack of enforcement means that users with the Connect permission enabled can access records of these types through the Connect Service that they cannot access in the NetSuite user interface.

SuiteAnalytics Connect – Read All Permission

As of 2018.2, the SuiteAnalytics Connect – Read All permission enables users to have read-only access to NetSuite data using the Connect Service, regardless of what they can access in the NetSuite user interface. This permission applies to the NetSuite.com data source only. It is not applicable to the analytics data source, also known as NetSuite2.com. The analytics data source applies role-based access restrictions. Users can query only data that they can access in the NetSuite user interface.

Important:

Enabling the SuiteAnalytics Connect - Read All permission can improve performance when running queries, however sensitive information such as employee and customer records are also exposed to the user. Account administrators should therefore only enable this permission for some users in their account.

The roles and permissions assigned to Connect users determine the data that they can access through NetSuite.com.

  • Custom roles

    Certain records in the Connect schema are only accessible using an Administrator role, even if you set the appropriate permissions in NetSuite. Consequently, users assigned to custom roles who have only been granted the SuiteAnalytics Connect permission may have access to different data in the NetSuite user interface than through the Connect Service. Queries that are run using the Connect Service may also be slower for these users, because of permission checks that are not performed for Administrators.

  • Custom roles and the SuiteAnalytics Connect - Read All permission

    Users assigned to custom roles who have been granted both permissions, the SuiteAnalytics Connect and the SuiteAnalytics Connect - Read All permission, have read-only access to NetSuite data through the Connect Service that they cannot access through the NetSuite user interface.

    Note:

    To protect sensitive data such as contacts, certain records are only accessible using an administrator role, even if the SuiteAnalytics Connect - Read All permission has been granted. For example, when a contact is marked as private, only the owner and the administrator role have access to its data through the Contacts table.

Role and Permission Considerations for NetSuite2.com

The roles and permissions assigned to Connect users determine the data that they can access through NetSuite2.com.

  • Data Warehouse Integrator (DWI) role

    The Data Warehouse Integrator role allows users to access all NetSuite data through the NetSuite2.com data source.

    Note:

    Credit card information is not accessible even if users are assigned to the Data Warehouse Integrator role. Also, Global Permissions take precedence over the Data Warehouse Integrator role. If the access level for some permissions is set to None, users with the Data Warehouse Integrator role will not have access to this data. For more information, see Using the Global Permissions Feature.

    The Data Warehouse Integrator role requires access with token-based authentication (TBA).

    For more information, see Token-based Authentication for Connect.

  • General role limitations

    The Connect Service enforces role-based access restrictions to the analytics data source, also known as NetSuite2.com, which contributes to improved security. The analytics data source is not accessible for the following roles and permissions:

    • Administrator

    • Full Access (Deprecated)

    • Roles requiring two-factor authentication (2FA)

    • Roles accessing the Connect Service with IP restrictions

Related Topics

Getting Started with SuiteAnalytics Connect
Prerequisites for Using the Connect Service
Enabling the Connect Service Feature
SuiteAnalytics Connect Authentication
Supported Windows Versions
Supported Linux Distributions
Determining which Type of Connect Driver to Use
Downloading and Installing Connect Drivers
Determining Your Connect Driver Version
Configuring Your Connect Driver

General Notices