Authorization is the process of ensuring that the requester has the appropriate entitlement to perform the requested operation. When users request to be authenticated, they also provide their NetSuite role. For every SOAP web services request, the system uses the role definition to ensure that the user has the required permission for the requested operation as well as the requested record type. The role must be provided in the Passport type via the login operation:
As of the 2020.2 SOAP web services endpoint, authentication through request-level credentials is not supported. The Passport complex type is not supported. If you attempt to authenticate through request-level credentials in SOAP web services 2020.2 and later endpoints, the web services request is not processed, and an error message is returned. You must ensure that SOAP web services integrations created with 2020.2 and later SOAP web services endpoints use TBA. Authentication through user credentials continues to be supported in integrations that use SOAP web services 2020.1 and earlier endpoints. For more information, see Token-based Authentication and Web Services.
<soapenv:Body <login xmlns="urn:messages_2018_1.platform.webservices.netsuite.com"> <passport> <ns1:email xmlns:ns1="urn:core_2018_1.platform.webservices.netsuite.com">email@example.com</ns1:email> <ns2:password xmlns:ns2="urn:core_2018_1.platform.webservices.netsuite.com">********</ns2:password> <ns3:account xmlns:ns3="urn:core_2018_1.platform.webservices.netsuite.com">1234567</ns3:account> <ns4:role internalId="37" xmlns:ns4="urn:core_2018_1.platform.webservices.netsuite.com"/> </passport> </login> </soapenv:Body>
For detailed information on NetSuite roles and permissions and how SOAP web services implement roles and permissions rules, refer to Roles and Permissions in SOAP Web Services.