1. Account Administration
  2. Account Setup
  3. NetSuite Users & Roles
  4. NetSuite Roles Overview
  5. Restricting Accounts for Roles

Restricting Accounts for Roles

You can restrict your accounts by classes, departments, or locations, to control the accounts with which employees work. If you use NetSuite OneWorld, you also can restrict roles by subsidiary. For more information, see Customizing or Creating NetSuite Roles.

For example, Jennifer Sawyer, A/R manager for Wolfe Electronics' Japan location, has her accounts restricted to include only her local bank account. This account appears by default when she accepts customer payments. This increases Sawyer's efficiency and reduces her chances of making data-entry errors.

To restrict access to accounts, you first set restrictions on account records. By default, NetSuite roles do not restrict users by class, department, or location. To restrict accounts, you must set up both account restrictions and role restrictions.

To set account restrictions:

  1. Go to Lists > Accounting > Accounts.

  2. Click Edit next to the account you want to restrict.

  3. To restrict the account by department, select a department in the Restrict to Department dropdown list.

  4. To restrict the account by class, select a class in the Restrict to Class dropdown list.

  5. To restrict the account by location, select a location in the Restrict to Location dropdown list.

  6. If you use NetSuite OneWorld, to restrict the account by subsidiary, select a subsidiary in the Subsidiaries dropdown list.

  7. Click Save.

Next, you must set up restrictions for user roles.

To set role restrictions:

  1. Go to Setup > Users/Roles > Manage Roles.

  2. Do one of the following:

    • To customize a standard role, click Customize next to the role you want to change.

    • To edit a customized role, click Edit next to the role you want to change.

  3. Click the Restrictions subtab.

  4. In the Segment dropdown list, select Class, Department, or Location.

  5. In the Restrictions dropdown list, select one of the following restrictions:

    • none - default to own – There is no restriction on what can be selected. Record access is not determined by this field. Fields of this type will select the user by default.

    • own, subordinate, and unassigned – Users are restricted when selecting any of the employee, sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy. Users may only select themselves or their subordinates. If the select field is optional, then the user may leave the value unassigned. Note that unassigned is technically a null value when used to filter.

    • own and subordinates only – Users are restricted when selecting any of the employee, sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy with the exception of unassigned records. Consequently, unassigned records are filtered and denied access. Users may only select themselves or their own subordinates.

      Important:

      Any account in the Chart of Accounts list that does not have an assigned department is not subject to the own, subordinate, and unassigned or own and subordinates only restrictions.

  6. To allow users logged in with this role to see, but not edit, data for departments to which the role does not have access, check the Allow Viewing box. You cannot use this setting to view employee payroll or commissions data. Also, users cannot view non-subordinate department records other than their own department records when the Department Restrictions field is set to own and subordinates only.

  7. To apply the department restrictions defined here to item records (in addition to transaction, employee, and partner records), check the Apply to Items box.

  8. If you have NetSuite OneWorld, you can use subsidiary restrictions to restrict what users with this role can access. Under Subsidiary Restrictions, select one of the following options:

    • All – Grants the role access to all subsidiaries, including inactive subsidiaries.

    • Active – Grants the role access to the active subsidiaries only.

    • User Subsidiary – Restricts the role’s access to the user’s subsidiary only. When users log in with this role, they can only access their own subsidiary. A user’s subsidiary is set on the employee record. For more information, see Assigning a Subsidiary to an Employee.

    • Selected – You select the subsidiaries to which you want to restrict the role’s access. When you choose Selected, you need to select the subsidiaries from an autogenerated list of all of the active and inactive subsidiaries. You must select at least one subsidiary. To select multiple subsidiaries, hold down the Ctrl key while selecting subsidiaries.

  9. To allow users logged in with this role to see, but not edit, records for subsidiaries to which the role does not have access, check the Allow Cross-Subsidiary Record Viewing box. You cannot use this setting to view employee payroll or commissions data.

    Note:

    If the Book Record Restriction option is enabled for a user, this restriction overrides permissions granted by the Allow Cross-Subsidiary Viewing option.

  10. Click Save.

Related Topics

NetSuite Roles Overview
NetSuite Account Administration
Separate Administration Permissions
Full Access Role (Deprecated)
Permissions Requiring Two-Factor Authentication (2FA)
Customizing or Creating NetSuite Roles
Changing Custom Roles
Inactivating Roles
Setting Default Forms for Roles
Customizing the Customer Center Role
Retail Clerk Roles
Showing Role Permission Differences
Use Searches to Audit Roles and Permissions
Use Searches to Audit Roles
Use Searches to Audit Permissions By Employee
Mass Updating a Permission on Custom Roles
Mass Updating the Role Assigned to Customers
Standard Roles Permissions Table

General Notices