Managing Roles in NetSuite
What are roles?
Roles are unique access configurations. Each role contains its own set of permissions for viewing or editing data. These permissions also dictate which pages the user can see within the NetSuite interface, and which tasks can be completed. Each role is associated to a single centre within NetSuite. This centre is a specific user interface designed for a particular business area, for example; Accounting, Shipping or Sales all have their own specific centre in NetSuite.
To customise a role, navigate to Setup > Users/Roles > Manage Roles.
Now, find a standard role similar to the finalised custom role you wish to achieve. Beside the standard role, click ‘Customize’.
Firstly, give the custom role a new name. This could simply be adding your company name to the beginning of the standard role name;
- ‘A/P Clerk’ becomes ‘3EN A/P Clerk’
Or, if you restrict the role to specific subsidiaries, you may wish to include this information within the role name as well;
- ‘3EN A/P Clerk – 3EN Cloud Ltd’
- Or, ‘3EN A/P Clerk – 3EN Cloud LLC’
Other information that needs to be decided at the header level:
- Subsidiaries: Do you wish to restrict this role to one, or many, subsidiaries?
- Employee Restrictions: Do you wish to restrict access to records based on the user?
- None – no default: There is no restriction on what can be selected.
- None – default to own: There is no restriction on what can be selected. Fields of this type will select the user by default.
- Own, subordinate, and unassigned: Users are restricted when selecting any of the employee, sales rep or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy. Users may only select themselves or their subordinates. If the select field is optional, then the user may leave the value unassigned.
- Own and subordinates only: Users are restricted when selecting any of the employee, sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy except for unassigned records. Therefore, unassigned records are filtered and denied access.
- If 'Own, subordinate, and unassigned’ or ‘Own and subordinate only’ are selected, you may choose to tick the ‘Allow Viewing’ checkbox. This will let the user see, but not edit, data for employees to which this role does not give access.
- Do Not Restrict Employee Fields: Tick this box to allow users to select any employee in any employee fields.
- Allow Cross-Subsidiary Recording Viewing: Tick this box to let the user see, but not edit, records for subsidiaries to which this role does not give access.
- Restrict Time and Expenses: If your add the 'Track Time' and 'Expenses Report' permissions, tick this box if you wish to restrict Time and Expense Report entry for the signed in user only. They will not be able to enter Time or Expense Reports for another employee. They will have access to view expense reports for subordinates.
- Sales Role: Tick this box if the role is used for Sales.
- Support Role: Tick this box if the role is to be used for Customer Service and Support.
Now, under the ‘Permissions’ subtab, you can choose which functionality the user will get access to by adding, or removing, permissions.
TIP: If you need help deciding which permissions to add or want to check what functionality a permission grants access to, in the NetSuite Help Centre, or on SuiteAnswers, search for ‘Permissions Documentation’ and you can download a spreadsheet containing all permissions and their definitions!
Once you have added the permissions the role requires, you can move on to setting other restrictions, for example, you could restrict by ‘Department’ and set the restriction to ‘Own and Subordinate Only’. This behaves similar to the employee restriction, were the user will only be able to enter data relating to the Department set on their employee record.
Under the ‘Forms’ subtab, you can set preferred forms for this role. You can also disable any forms you don’t want the user to see.
Once you have finished defining the custom role, you can Save, assign it to yourself and begin testing the role to ensure it has all of the access you expected.
When you are satisfied that the role behaves as expected, you can then begin to assign it to users.
Mass Update Roles
If you wish to update all roles within your NetSuite account, it may be worth checking out the Mass Update to ‘Add/Edit Permission on Roles’.
Take, as an example, you want to add the setup permission ‘Mobile Device Access’ to all roles. Rather than completing the cumbersome task of manually editing each role, adding the permission, setting the permission level, saving the role, then repeating however many times; you can go to the mass update, select the ‘Mobile Device Access’ permission, set the permission level to what you require, then perform the mass update. Something that could save a huge amount of time!