NetSuite Permissions Overview
NetSuite provides a large number of permissions that govern the data and interface that users can access. Role permissions are used to define usage of record types, tasks, and pages. Permissions are associated with roles, and roles are assigned to users, who can be employees, vendors, partners, or customers.
Standard roles for specific business functions include predefined sets of permissions. Users with the Administrator role can create custom roles to vary from these standard sets. For information about setting up roles, see NetSuite Roles Overview. For information about assigning roles to users, see NetSuite Users Overview.
You can use the following sources to understand permissions:
-
Each role definition page lists permissions already assigned to that role, and other permissions that can be assigned. Permissions are divided into different types: Transactions, Reports, Lists, Setup, and Custom Records. To see this page, go to Setup > Users/Roles > Manage Roles, and click Customize for a role. For more information, see Reviewing Permissions Assigned to Roles. For many permissions, different access levels are available. For information, see Access Levels for Permissions.
-
NetSuite provides a page where you can compare the permissions assigned to two or more roles and identify differences. To access this page, go to Setup > Users/Roles > Show Role Differences.
-
The Help Center provides a link to a spreadsheet listing how permissions are used, meaning the record types, pages, and/or tasks to which permissions provide access. To access this spreadsheet, click here: NetSuitePermissionsUsage.xls For more information, see Permissions Documentation.
Be aware of the following:
-
If the Advanced Employee Permissions feature is enabled in your account, you can customize or create roles to use the Employee Self, Employee Public, Employee Confidential, Employee Compensation, Employee System Access, Employee Record Full, and Employee Administration permissions. For more information, see Advanced Employee Permissions Overview.
-
If the Global Permissions feature is enabled in your account, you can assign permissions directly to employees. Employees retain these global permissions with all of their roles. If there is a conflict between role-based permissions and global permissions, global permissions take precedence. Please note that usage of the Global Permissions feature is not preferred. For more information, see Using the Global Permissions Feature.
-
A special permission is required to see unmasked credit card numbers, the View Unencrypted Credit Card Numbers permission. To make this permission available to be assigned to roles in your account, you need to complete a signed agreement. For information, see Payment Card Number Security and Compliance.
-
A special permission is available that masks employee information about financial reports. For more information, see Hiding Employee Information on Financial Reports.
-
When you newly enable a feature in your account, you must consider permissions associated with the added feature. Customized roles that you have already assigned to users may need to be updated to reflect the proper permissions associated with the added feature. See Customizing or Creating NetSuite Roles.