NetSuite contains your company’s most sensitive data. With all the NetSuite users in a single company, how do you make sure that each user has access to all the data they need, but no more data than what they need? Custom roles in NetSuite are the answer.
Custom Roles in NetSuite
NetSuite comes with certain standard roles, like Administrator, Accountant, Marketing Manager, and Warehouse Manager, to name a few. Each of NetSuite’s standard roles has certain access permissions automatically built into it. The standard roles provide a good place to start, since the work of putting them together has already been done. But inevitably, your company will need to tweak the permissions of the standard roles. By customizing the standard roles in NetSuite, you can create custom roles that are unique to your company and best fulfill your needs. Because of the need for clarity and precision in your use of NetSuite, it is always best to create custom roles rather than simply using the prebuilt standard roles.
Creating a Custom Role in NetSuite
To create a custom role in NetSuite, you would first need to log into NetSuite with the Administrator role and then navigate to the list of roles: Setup > Users/Roles > User Management > Manage Roles. On this page, notice that you have the option to customize standard roles and to edit previously customized roles. If you are going to create an entirely new custom role, find the standard role that would be the closest match to the custom role you wish to create, and select the Customize button next to that role.
Setting Controls for a Custom Role in NetSuite
When you select a standard role to customize, you will be taken to the Role page. On the Role page, you can name your new role and designate specific restrictions and permissions that will be connected to that role. In the following picture, notice the customization options you have in the top field groups, as well as the options that are available in the subtabs. The one thing you cannot customize is the Center Type. When you select a standard role to modify, therefore, it’s important that you choose one which has the most appropriate center for your custom role.
Let’s take a closer look at some of the customization options that are available for custom roles.
Top Field Group Controls
In the top field groups, administrators have some broad control options. To better understand each of these control options, click each field name and read the field help details on each control. One key control option is the ability to place subsidiary restrictions on roles. For example, you could restrict the role based on the subsidiary that the user is assigned to. The exact subsidiary that this role is restricted to, then, will vary based on the individual users who are signed in to this role.
In addition to subsidiary restrictions, you can choose how NetSuite will authenticate users when they sign in to this role. We look at authentication in more detail in another blog.
Subtab Controls
Now, let’s browse through some of the subtabs to learn about more of the controls.
Under the Permissions subtab, you can set the permissions levels for things like transactions, reports, and lists. The permissions levels include Create, View, Edit, and Full, and you can change these standard permissions either to provide greater access or to further restrict the access permitted to this role. Under the Restrictions subtab, you can limit the role’s access to certain information based on a user’s Department, Type, or Location. The Forms subtab allows you to restrict or enable specific NetSuite forms for that role, while the Searches subtab can restrict the access, use, and visibility of specific search results.
The Preferences subtab allows you to set the default preferences for any user logged in with this role. Users who dislike these default preferences, however, can go to Set Preferences while logged into this role to change them. And under the Dashboard subtab, you can assign a preconfigured dashboard to this role.
Testing and Best Practices
Once you’ve set controls for a custom role, what are some ways you can test your controls to ensure that they are adequate? First, it’s a good idea for the NetSuite administrator to regularly check up on the access that has been allotted to each role. Job functions may change over time, and unnecessary permissions can be a liability. The NetSuite roles that users have access to should always fit the job functions of those users, rather than forcing the job functions into the mold of the NetSuite roles.
Also, administrators should make sure that certain processes and transactions are segregated among more than one user, ensuring that one user doesn’t have full control of a single process. This rule of thumb may look different depending on the size of your company, but especially as your company grows you want to be sure that there are adequate checks and balances on your NetSuite users.
The Role Permission Differences page is one tool that may be useful to administrators as they audit the permissions of different roles. To access this page, navigate to Setup > Users/Roles > User Management > Show Role Differences. On this page, you can compare all the permissions that have been given to two roles. This may be especially helpful to use when auditing similar roles.
Conclusion
The ability to use custom roles in NetSuite ensures that your company’s data is secure while also ensuring that users have all the information they need to do their jobs well. If you enjoyed this blog and learned something new, be sure to subscribe to our blog below so that you can receive our new blog posts right in your inbox each week.