Role and Permission Considerations for NetSuite.com
The NetSuite.com data source is no longer supported as of 2025.1 and will be removed in 2026.1. You should use the NetSuite2.com data source when working with SuiteAnalytics Connect to avoid any disruptions. If you stopped using NetSuite.com for a long period, the outdated data source will be removed earlier. For more information, see the following topics:
Account administrators should pay attention when assigning the SuiteAnalytics Connect permission, as some NetSuite permissions and restrictions are not enforced for Connect Service. The same permissions apply for accessing the Connect Service no matter the type of driver used.
When you use the Connect Service to access the NetSuite.com data source, consider the following:
Enforced Permissions
The following permissions are enforced for Connect access, unless a user has been granted the SuiteAnalytics Connect – Read All permission:
-
All Transactions permissions and Lists permissions for employees
-
Customers
-
Partners
-
Vendors
-
Accounting registers
Enforcement of these permissions means that when users access NetSuite data through the Connect Service, they can see only the records they have access to.
Users with the SuiteAnalytics Connect – Read All permission have read-only access to all NetSuite data through the Connect Service, regardless of what they can access in the NetSuite user interface. This applies to NetSuite.com data source only, which uses the only schema available up to 2018.2. For more information, see SuiteAnalytics Connect – Read All Permission
Non-enforced Permissions and Restrictions
Other permissions and restrictions are not enforced for Connect access, including:
-
Classes
-
Departments
-
Locations
-
Custom records
-
Subsidiary Restrictions (OneWorld only)
This lack of enforcement means that users with the Connect permission enabled can access records of these types through the Connect Service that they can't access in the NetSuite user interface.
SuiteAnalytics Connect – Read All Permission
As of 2018.2, the SuiteAnalytics Connect – Read All permission enables users to have read-only access to NetSuite data using the Connect Service, regardless of what they can access in the NetSuite user interface. This permission applies to the NetSuite.com data source only. It's not applicable to the analytics data source, also known as NetSuite2.com. The analytics data source applies role-based access restrictions. Users can query only data that they can access in the NetSuite user interface.
Enabling the SuiteAnalytics Connect - Read All permission can improve performance when running queries, however sensitive information such as employee and customer records are also exposed to the user. Account administrators should therefore only enable this permission for some users in their account.
The roles and permissions assigned to Connect users determine the data that they can access through NetSuite.com.
-
Custom roles
Certain records in the Connect schema are only accessible using an Administrator role, even if you set the appropriate permissions in NetSuite. Consequently, users assigned to custom roles who have only been granted the SuiteAnalytics Connect permission may have access to different data in the NetSuite user interface than through the Connect Service. Queries that are run using the Connect Service may also be slower for these users, because of permission checks that are not performed for Administrators.
-
Custom roles and the SuiteAnalytics Connect - Read All permission
Users assigned to custom roles who have been granted both permissions, the SuiteAnalytics Connect and the SuiteAnalytics Connect - Read All permission, have read-only access to NetSuite data through the Connect Service that they can't access through the NetSuite user interface.
Note:To protect sensitive data such as contacts, certain records are only accessible using an administrator role, even if the SuiteAnalytics Connect - Read All permission has been granted. For example, when a contact is marked as private, only the owner and the administrator role have access to its data through the
Contactstable.