Restricting Access to Records by Location
If your account has the Locations feature enabled, you can restrict access to transaction, employee, partner, and optionally item records based on their assigned location values. You can also limit the locations that users can assign to these records. Location restrictions can be defined per user role and then applied to all users logged in with that role.
Any account in the Chart of Accounts list that does not have an assigned location is not subject to the own, subordinate, and unassigned or own and subordinates only restrictions.
The following settings for the Location Restrictions field on the Role page define location-related restrictions for transaction and customer records:
-
none - no default – There is no restriction on what can be selected. Record access is not determined by this field. A default selection does not appear.
-
none - default to own – There is no restriction on what can be selected. Record access is not determined by this field. Fields of this type will select the user by default.
-
own, subordinate, and unassigned – Users are restricted when selecting any of the employee, sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy. Users may only select themselves or their subordinates. If the select field is optional, then the user may leave the value unassigned. Note that unassigned is technically a null value when used for filtering.
-
own and subordinates only – Users are restricted when selecting any of the employee, sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy with the exception of unassigned records. Consequently, unassigned records are filtered and denied access. Users may only select themselves or their subordinates.
Check the Allow Viewing box to permit users logged in with this role to see, but not edit, records for locations to which the role does not have access.
Check the Apply to Items box to apply the location restrictions defined here to item records, in addition to transaction and customer records.
To set up a role to include these restrictions, go to Setup > Users/Roles > Manage Roles. Click Customize or Edit, or click the New button.
In NetSuite OneWorld, subsidiary restrictions automatically apply to locations. For example, if Location A is assigned to only Subsidiary X and a role is restricted to Subsidiary X, users with that role have access to only Location A, even if that role does not have any location restrictions.
If you are using the Advanced Employee Permissions feature, restrictions set on the Role page are only applicable to the Employees and Employee Administration permissions. The Employee Public and Employee Confidential permissions ignore the restrictions set on this page. For more information, see Setting Employee Access for Advanced Employee Permissions.
You can also apply role-based, location restrictions to custom records. For more information, see Applying Role-Based Restrictions to Custom Records.