Restricting Access to Custom Fields

You can control who can access the information in custom fields, enabling you to maintain the security of your business information. The access you define determines how the field can be accessed both on the record as well as through search results and reports.

Note:

When the Advanced Employee Permissions feature is enabled, use the Employee Access subtab to assign custom fields to custom advanced employee permissions. For more information, see Restricting Access to Employee Custom Fields.

Access to a field can be based on role, department, or subsidiary. The following custom access levels can be assigned to each department and subsidiary.

For cases when various access levels are defined for a user's role, department, or subsidiary, the highest level of access is granted. For example, an employee is assigned to a department that has Edit access to a custom field, and the employee's role has been granted View access. The employee has the higher level of access – in the preceding example, Edit access.

In addition to search and reporting, the access level granted to a custom field includes instances where it is referenced by online forms, mail merge operations, and when it is sourced by other custom fields, or referred to by formula fields.

Note:

If you remove the administrator role's access to a custom field, the field will not be accessible to scripts that are run by an administrator. To access the field through scripting, you must edit and restore administrator access to the field.

You can set the level of access you want to grant by default to custom fields. The default access level applies to the roles, departments, and subsidiaries, that you do not define on the Role, Department, and Subsidiary subtabs.

To set default access, edit the custom field record, and click the Access subtab. In the Default Access Level, set the level of access you want to give by default. In the Default Level for Search/Reporting field, select the level of access you want to give through search and reporting.

The access you define on the Role, Department, and Subsidiary subtabs overrides the default access levels.

To set role, department, or subsidiary access restrictions:

  1. Edit the custom field record.

  2. Click the Access subtab.

  3. In the Default Access Level field, set the access level you want to grant to roles, departments, and subsidiaries that you do not specifically define in the following steps.

  4. In the Default Level for Search/Reporting field, set the level of access you want to grant through search and reports to roles, departments, and subsidiaries that you do not specifically define in the following steps.

  5. Click the Role, Department, or Subsidiary subtab.

  6. In the first column, select the role, department, or subsidiary you want to define access for.

  7. In the Access Level column, select the level of access you want to grant.

  8. In the Level for Search/Reporting column, select the level of access you want to give the role, department, or subsidiary for search and reporting.

  9. Click Add.

  10. Repeat these steps for each role, department, or subsidiary.

  11. Click Save.

Important:

The preceding procedure describes how to limit access to a custom field. When available, you also can check the Apply Role Restrictions box to limit access to an entire custom record, according to a custom field's values. Applying role restrictions extends access restrictions based on class, department, location, or subsidiary, that are set on role definition pages. For example, if you have set restrictions for roles based on locations, and you want to apply these same restrictions to Subscription custom records, you can check Use Role Restrictions for the Subscription record type's custom field that stores location values. For more information, See Applying Role-Based Restrictions to Custom Records.

Access Level History

For auditing purposes, you can view any changes that have been made to custom field access levels.

To view custom field access changes, open the custom field record. Click the Access subtab, and click the History subtab.

You can view the date and time a change was made, the user who made the change, and the changes that were made.

Bundling Fields With Access Restrictions

Note:

SuiteBundler is still supported, but it will not be updated with any new features.

To take advantage of new features for packaging and distributing customizations, you can use the Copy to Account and SuiteCloud Development (SDF) features instead of SuiteBundler.

Copy to Account is an administrator tool that you can use to copy custom objects between your accounts. The tool can copy one custom object at a time, including dependencies and data. For more information, see Copy to Account Overview.

SuiteCloud Development Framework is a development framework that you can use to create SuiteApps from an integrated development environment (IDE) on your local computer. For more information, see SuiteCloud Development Framework Overview.

If you include a custom field in a bundle that has access restrictions, custom roles that have access are not automatically included in the bundle. If, however, you include those custom roles in the same bundle, the access restrictions are preserved.

The access level assigned to standard roles is preserved when you bundle a custom field that has access restrictions.

Custom field restrictions based on subsidiary or departments are not carried over into the target account because departments and subsidiaries cannot be included in a bundle.

Related Topics

Creating a Custom Field
Creating Custom Fields by Type
Assigning Custom Fields to Specific Record Types
Setting Display Options for Custom Fields
Setting Validation and Defaulting Properties
Setting Sourcing Criteria
Sourcing and Filtering Examples
Setting Filtering Criteria
Dependent Dropdown Lists
Restricting Access to Employee Custom Fields
Creating Read-Only Custom Fields
Adding Translations for Custom Fields
Adding Custom Fields to Transaction Forms
Tracking Changes to Custom Fields

General Notices