Managing Users & Roles: September 9, 2020 2020.2

Managing Users & Roles
September 9, 2020 2020.2

Copyright © 2005, 2020, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions
on use and disclosure and are protected by intellectual property laws. Except as expressly permitted
in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast,
modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any
means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-
free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end
users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation
and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated software, any programs installed
on the hardware, and/or documentation, shall be subject to license terms and license restrictions
applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc.
AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of
Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content,
products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and
expressly disclaim all warranties of any kind with respect to third-party content, products, and services
unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and
its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use
of third-party content, products, or services, except as set forth in an applicable agreement between you
and Oracle.
If this document is in public or private pre-General Availability status:
This documentation is in pre-General Availability status and is intended for demonstration and preliminary
use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation
and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to
this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of
this documentation.
If this document is in private pre-General Availability status:
The information contained in this document is for informational sharing purposes only and should be
considered in your capacity as a customer advisory board member or pursuant to your pre-General
Availability trial agreement only. It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The development, release, and timing of any
features or functionality described in this document remains at the sole discretion of Oracle.
This document in any form, software or printed matter, contains proprietary information that is the
exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms
and conditions of your Oracle Master Agreement, Oracle License and Services Agreement, Oracle
PartnerNetwork Agreement, Oracle distribution agreement, or other license agreement which has
been executed by you and Oracle and with which you agree to comply. This document and information
contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle
without prior written consent of Oracle. This document is not part of your license agreement nor can it be
incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website
at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc
Oracle customers that have purchased support have access to electronic support through My Oracle
Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://
www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Sample Code
Oracle may provide sample code in SuiteAnswers, the Help Center, User Guides, or elsewhere through
help links. All such sample code is provided "as is” and “as available”, for use only with an authorized
NetSuite Service account, and is made available as a SuiteCloud Technology subject to the SuiteCloud
Terms of Service at www.netsuite.com/tos.
Oracle may modify or remove sample code at any time without notice.
No Excessive Use of the Service
As the Service is a multi-tenant service offering on shared databases, Customer may not use the Service
in excess of limits or thresholds that Oracle considers commercially reasonable for the Service. If Oracle
reasonably concludes that a Customer’s use is excessive and/or will cause immediate or ongoing
performance issues for one or more of Oracle’s other customers, Oracle may slow down or throttle
Customer’s excess use until such time that Customer’s use stays within reasonable limits. If Customer’s
particular usage pattern requires a higher limit or threshold, then the Customer should procure a
subscription to the Service that accommodates a higher limit and/or threshold that more effectively aligns
with the Customer’s actual usage pattern.
Beta Features
This software and related documentation are provided under a license agreement containing restrictions
on use and disclosure and are protected by intellectual property laws. Except as expressly permitted
in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast,
modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any
means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-
free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,
any programs embedded, installed or activated on delivered hardware, and modifications of such
programs) and Oracle computer documentation or other Oracle data delivered to or accessed by
U.S. Government end users are "commercial computer software" or “commercial computer software
documentation” pursuant to the applicable Federal Acquisition Regulation and agency-specific
supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure,
modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any
operating system, integrated software, any programs embedded, installed or activated on delivered
hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other
Oracle data, is subject to the rights and limitations specified in the license contained in the applicable
contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the
applicable contract for such services. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a
registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content,
products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and
expressly disclaim all warranties of any kind with respect to third-party content, products, and services
unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and
its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use
of third-party content, products, or services, except as set forth in an applicable agreement between you
and Oracle.
This documentation is in pre-General Availability status and is intended for demonstration and preliminary
use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation
and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to
this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of
this documentation.
The information contained in this document is for informational sharing purposes only and should be
considered in your capacity as a customer advisory board member or pursuant to your pre-General
Availability trial agreement only. It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The development, release, and timing of any
features or functionality described in this document remains at the sole discretion of Oracle.
This document in any form, software or printed matter, contains proprietary information that is the
exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms
and conditions of your Oracle Master Agreement, Oracle License and Services Agreement, Oracle
PartnerNetwork Agreement, Oracle distribution agreement, or other license agreement which has
been executed by you and Oracle and with which you agree to comply. This document and information
contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle
without prior written consent of Oracle. This document is not part of your license agreement nor can it be
incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
Send Us Your Feedback

We'd like to hear your feedback on this document.
Answering the following questions will help us improve our help content:
■ Did you find the information you needed? If not, what was missing?
■ Did you find any errors?
■ Is the information clear?
■ Are the examples correct?
■ Do you need more examples?
■ What did you like most about this document?
Click here to send us your comments. If possible, please provide a page number or section title to identify
the content you're describing.
To report software issues, contact NetSuite Customer Support.

Table of Contents
NetSuite Users & Roles ............................................................................................................ 1
NetSuite Access Overview ..................................................................................................... 1
NetSuite Roles Overview ....................................................................................................... 3
The NetSuite Account Administrator ................................................................................... 5
Separate Administration Permissions .................................................................................. 7
Full Access Role .............................................................................................................. 7
Permissions Requiring Two-Factor Authentication (2FA) ......................................................... 8
Customizing or Creating NetSuite Roles .............................................................................. 8
Changing Custom Roles ................................................................................................. 17
Inactivating Roles .......................................................................................................... 18
Setting Default Forms for Roles ....................................................................................... 19
Restricting Accounts for Roles ......................................................................................... 20
Customizing the Customer Center Role ............................................................................. 22
Retail Clerk Roles ........................................................................................................... 23
Showing Role Permission Differences ............................................................................... 24
Use Searches to Audit Roles and Permissions .................................................................... 24
Use Searches to Audit Roles ........................................................................................... 24
Use Searches to Audit Permissions By Employee ................................................................ 26
Setting Role-Based Preferences ....................................................................................... 27
Translating Custom Role Names ...................................................................................... 28
Mass Updating a Permission on Custom Roles ................................................................... 29
Mass Updating the Role Assigned to Customers ................................................................. 32
Standard Roles Permissions Table .................................................................................... 33
NetSuite Users Overview .................................................................................................... 74
Employee Users ............................................................................................................ 75
Vendor Users ................................................................................................................ 76
Partner Users ............................................................................................................... 76
Customer Users ............................................................................................................ 76
Giving Customers Access ................................................................................................ 77
Changing a User’s NetSuite Password ............................................................................... 82
Viewing Your NetSuite Users List ..................................................................................... 83
Login Audit Trail Overview .............................................................................................. 84
Inactivating Users .......................................................................................................... 87
Restricting an Individual User View ................................................................................... 88
NetSuite Permissions Overview ............................................................................................ 89
Permissions and Restrictions ........................................................................................... 90
Reviewing Permissions Assigned to Roles .......................................................................... 91
Access Levels for Permissions .......................................................................................... 91
Permissions Documentation ............................................................................................ 91
Core Administration Permissions ...................................................................................... 92
Feature Permissions Documentation ................................................................................ 94
Using the Global Permissions Feature ............................................................................... 97
Giving Access to the Transactions Subtab on Entity Records ................................................. 98
Giving Access to Financial Statements ............................................................................... 99
Hiding Employee Information on Financial Reports ............................................................. 99
Setting Permissions for Custom Records ......................................................................... 100
Permissions for Inbound Single Sign-on Methods ............................................................. 100
NetSuite Users & Roles 1
NetSuite Users & Roles

The following topics describe how to manage NetSuite roles and permissions to provide your account
users with the access they need. A role is a defined access configuration that can be assigned to users. A
user is an individual who has access to a NetSuite account.
■ For an introduction to the NetSuite access model, including definitions of users and roles, see NetSuite
Access Overview.
■ For details about standard roles provided by NetSuite, how to create customized roles, and tools for
managing roles, see NetSuite Roles Overview.
■ To understand how to work with the different kinds of users that can access NetSuite, see NetSuite
Users Overview.
■ For tips for working with permissions, see NetSuite Permissions Overview.
Note: The following link provides access to a Microsoft Excel worksheet listing the usage of
most NetSuite permissions: NetSuitePermissionsUsage.xls. You can use this list to understand
the implications of assigning a specific permission, or to find the permission required to provide
access to a specific task or page. For more information, see Permissions Documentation.
NetSuite Access Overview

Access to NetSuite data and to the NetSuite user interface is based on users, roles, and permissions.
Users
A user is an individual who has access to a NetSuite account.
■ Generally, most users are employees, but vendors, partners, and customers also can be users.
■ Users need to be set up in the NetSuite system through the creation of employee, vendor, partner, or
customer records. For users to have access to NetSuite, their records must include an email address,
which serves as their user ID. Users must also have a password to access NetSuite. Administrators can
send an access notification email that includes a link that lets users create their own passwords.
For information about setting up different user types, see Manage Different Types of Users.
Roles
A role is a defined access configuration that can be assigned to users.
■ Each role includes a set of associated permissions that determine the data users can see and the tasks
they can perform. For example, the A/P Clerk role lets users enter bills and vendor credits, pay bills and
sales tax, and view A/P and inventory reports.
■ Each role is tied to a center, meaning a set of tabbed pages that display as the NetSuite user interface.
Each center is tailored to the business needs of users in a specific functional area, such as accounting
or sales. A role's center determines the pages that users see when they log into NetSuite.
■ A user may be assigned multiple roles. In this case, the user has a default role used for login, and can
switch among roles by using the Change Roles icon available from the NetSuite user interface. For
more information, see the help topic Switching Between Roles.
Users & Roles

NetSuite Access Overview 2
NetSuite Account Access

The person who signs up for a NetSuite account is automatically assigned the administrator role. The
administrator has full privileges to all aspects of the system and usually is the person who sets up account
access by assigning roles to users.
■ The first step for setting up account access is to set up roles. See NetSuite Roles Overview.
□ To get an understanding of NetSuite roles, review the standard roles and associated permissions.
See Standard Roles Permissions Table.
□ You cannot modify standard roles, but you can create customized versions of them. In most
cases, assigning customized roles is more practical for maintenance and update purposes. See
Customizing or Creating NetSuite Roles.
□ NetSuite provides some tools for managing roles. See Showing Role Permission Differences and
Use Searches to Audit Roles.
■ After roles have been set up, users can be given access and assigned roles. See NetSuite Users
Overview.
□ NetSuite lets you monitor users' login activity. See Login Audit Trail Overview.
■ NetSuite has a complex permission structure, with permissions divided into different types and
different access levels. See NetSuite Permissions Overview.
□ The following link provides access to a Microsoft Excel worksheet listing the usage of most NetSuite
permissions: NetSuitePermissionsUsage.xls. You can use this list to understand the implications of
assigning a specific permission, or to find the permission required to provide access to a specific
task or page. For more information, see Permissions Documentation.
□ A global permissions feature can be enabled, so that permissions can be assigned directly to
employees, as well as to roles. Please note that usage of the Global Permissions feature is not
recommended. See Using the Global Permissions Feature.
■ NetSuite’s Advanced Employee Permissions feature can be enabled to give you more flexibility and
control over the employee information that users with certain roles can access in NetSuite. When this
feature is enabled, administrators can customize or create roles to use the Employee Self, Employee
Public, Employee Confidential, Employee Compensation, Employee System Access, Employee Record
Full, and Employee Administration permissions. For more information, see the help topic Advanced
Employee Permissions Overview. Administrators also can create custom employee permissions and
custom restrictions when this feature is enabled. For more information, see the help topics Custom
Advanced Employee Permissions and Custom Restrictions for Advanced Employee Permissions.
■ In addition to permissions, NetSuite has role restrictions that define the record instances of a record
type that can be accessed by a role. See Permissions and Restrictions.
Note: Users need the SuiteAnalytics Connect permission for access to the NetSuite
SuiteAnalytics Connect schema. See the help topic Verifying the SuiteAnalytics Connect Permission.
Internal Controls for NetSuite Access

To achieve effective internal controls, you will need a combination of both automated and manual
controls that both prevent and detect misstatements or misappropriation of assets. Companies have
several responsibilities for establishing good general controls for NetSuite applications.
■ Ensure logical access and application security. Users should have only the information that they need
to do their jobs.
■ Segregate duties and transaction processing.
Users & Roles

NetSuite Access Overview 3
■ Ensure that your organization has user administration controls in place, including:
□ Process for requesting and approving access. If possible, the request, approval, and granting of
access should be segregated among different individuals to ensure appropriate application of the
process.
□ Access should be reviewed periodically for changes in responsibilities, assurance that terminated
employees have had their access revoked, list of users with sensitive/critical access is confirmed
that the appropriate individuals have access to these permissions.
□ Process access termination in a timely manner.
■ Maintain a mapping of role assignment to job function, and map role assignment to job title.
■ Periodically audit the permissions that make up each role to ensure they are appropriate.
■ The administrator role is very powerful, and access to this role should be extremely limited. Ideally
your organization could have one administrator and one back-up administrator.
NetSuite Roles Overview

A role is a defined access configuration. To set up and manage user access to your NetSuite account, you
need to set up roles that can be assigned to users. Roles include sets of permissions for viewing and/or
editing data. Roles and their permissions determine the pages that users can see in the NetSuite interface
and the tasks that they can complete. Each role is associated with a center, a user interface designed for a
particular business area.
Note: You can designate a user's role as Web Services Only. When a user logs in with a role
that has been designated as Web Services Only, validation is performed to ensure that the user is
logging in through web services and not through the user interface. For details, see the help topic
Setting a Web Services Only Role for a User.
Standard Roles
NetSuite provides many standard roles with predefined permissions. Most of these roles map to common
employee positions, such as Accountant and Sales Rep. Standard roles also are available for vendors,
partners, and customers who have account access. For more information, see Standard Roles Permissions
Table.
Custom Roles
Standard roles cannot be modified, so it is a good idea to use these roles as templates to create your own
customized roles that you assign to users in your account. The process for customizing a standard role
is easier than creating a new role from scratch. If you assign custom roles rather than standard roles to
users, you can make permission changes to users' assigned roles as needed. The ability to modify a role
without having to change multiple users' role assignments simplifies maintenance.
■ For instructions for customizing roles, see Customizing or Creating NetSuite Roles.
Note: Because of their design as limited access roles, Retail Clerk roles, unlike other standard
NetSuite roles, cannot be customized. For details, see Retail Clerk Roles.
■ For information about changes you can make to roles, see the following:
Users & Roles

NetSuite Roles Overview 4
□ Changing Custom Roles

□ Inactivating Roles
□ Setting Default Forms for Roles
□ Restricting Accounts for Roles
□ Customizing the Customer Center Role
□ Setting Role-Based Preferences
□ Translating Custom Role Names
Manage Roles Page

To see a list of roles available in your account, go to Setup > Users/Roles > Manage Roles to open the
Manage Roles page. This page indicates the center associated with each role and whether the role is
standard or custom. Click Customize to create a custom version of a standard role. Click Edit to make
changes to a custom role.
Figure 1. Manage Roles Page
Show Permission Differences Between Roles Page

NetSuite provides a management tool that enables you to see at a glance the differences among multiple
roles' permissions. Go to Setup > Users/Roles > Show Role Differences to open the Show Permission
Differences Between Roles page. For more information, see Showing Role Permission Differences.
Users & Roles

Figure 2. Role Permission Difference Results
Role Search
You can use the role search to find a particular role or set of roles, or to return a list of roles and their
characteristics. To access this search, go to Setup > Users/Roles > Manage Roles > Search. Role fields also
are available as criteria filters and results for Employee searches. For more information, see Use Searches
to Audit Roles.
Note: To see a list of all users assigned a particular role, go to Setup > Users/Roles > Manage
Users, and select the role from the Role dropdown list at the bottom of the Manage Users page.
The NetSuite Account Administrator

The NetSuite account administrator is the key contact for NetSuite and your users. This person:
■ Oversees the initial implementation of the NetSuite application

■ Manages the on-going administration of the NetSuite application
Key administrator tasks may include:
■ Daily account maintenance and management

■ Technical and system administration, including configuration and integration
Users & Roles

■ Point of contact for end users and NetSuite Support

■ Facilitation of system adoption and satisfaction through user training, user support, and meeting user
requirements
■ Planning, reviewing, and customizing NetSuite to meet user needs
■ Helping with data extraction through reporting and searches
■ Monitoring end user usage and system performance
■ Ensuring the quality of account data and performance of regular data audits; resolution of data
integrity issues
■ Development of tests, functional testing, and rollout of customizations, custom objects, new
enhancements, application releases, and system integration based on user/business needs
The NetSuite account administrator uses the The Administrator Role.
The Administrator Role

The person that signs up for a NetSuite account is automatically given the Administrator role. This is
a powerful role and should only be given to those who require full NetSuite functionality for their job.
Typically, this is a small number of people. It is recommended that the Administrator role be given to at
least two people on an account. With at least two Administrator roles on an account, crucial NetSuite
tasks can be reached in the event of absence or employee departure. Although it is recommended that
you have more than one administrator for an account, it is also recommended that you choose your
administrators wisely. Users assigned the Administrator role should receive enhanced scrutiny of their
transactions via audit trails in system notes.
As with other standard roles, the standard Administrator role cannot be customized. NetSuite
recommends that you create and use a custom administrator role rather than using the standard role.
The Administrator role has full access to all tasks and pages in NetSuite, including:
■ Full visibility into all areas of the NetSuite account

■ Complete access to the Setup Manager, the path to common administrator tasks
As of NetSuite 2018.1, Administrators must use two-factor authentication in newly provisioned accounts.
For information, see the help topic 2FA in the NetSuite Application.
The Administrator role is available in the list of roles on the Manage Roles page, however, since you
cannot customize the Administrator role, the Customize and Edit buttons are not available. The
Administrator role page shows all permissions in the system assigned with Full access level, or the highest
access level available for the given permission, and it provides a quick and easy way to see all users who
have the Administrator role assigned.
The Administrator role is a global role that applies to the entire NetSuite account. Other, localized,
administrator roles apply to specific areas of the NetSuite application, such as the Issues Administrator,
Marketing Administrator, and Sales Administrator roles.
Note: Several administration permissions are separate from the Administrator role so that they
can be assigned to non-administrator roles. For more information, see Separate Administration
Permissions.
If you need to configure a role that behaves like the standard Administrator role but limits access to
sensitive information, consider using Core Administration Permissions. Core Administration Permissions
is made up of a set of permissions that mimics the behaviors that the Administrator role has access to.
Core Administration Permissions can be assigned to any role and restricted through role configuration.
For more information, see Core Administration Permissions.
Users & Roles

Separate Administration Permissions

Several Setup type administration permissions are available to be assigned to users other than account
administrators. With these permissions, you can limit the number of account administrators by assigning
these administrative tasks to other users. The available Setup permissions are:
■ Enable Features
■ Set Up Company
■ View Billing
■ View SOAP Web Services Logs
■ Integration Application
■ SuiteScript Scheduling
These permissions can be found on the role record’s Permissions Setup tab.
Note: If you need to configure a role that behaves like the standard Administrator role but limits
access to sensitive employee information, consider using Core Administration Permissions. Core
Administration Permissions is made up of a set of permissions that mimics the behaviors that the
Administrator role has access to. Core Administration Permissions can be assigned to any role and
restricted through role configuration. For more information, see Core Administration Permissions.
Full Access Role

A process to deprecate the Full Access role has begun as of 2019.1 and will be permanently removed in
2021.1. This phased process is designed to allow time for accounts using this role to move toward more
optimal role and permission management.
Use of the Full Access role is not considered a best practice. The Full Access role is being deprecated as
a security enhancement. Currently, there are two nearly identical high-access roles that you can assign
to users (Full Access and Administrator). The Full Access role is being deprecated because it has become
a redundant role as the roles and permissions options have greatly expanded. Also, the Full Access role
probably provides more access than most users require.
For the first phase of the deprecation process, the following changes have been made to the Full Access
role as of 2019.1:
■ The Full Access role has been renamed to Full Access (deprecated).
■ You cannot assign the Full Access role to new users.
■ When users log in with the Full Access role, they see a notification indicating that the Full Access role is
being deprecated. Users will still be able to access NetSuite using the Full Access role.
As of 2020.2, this role has been inactivated for all users. The Full Access role no longer appears in the list
of roles available for users who had this role assigned.
Before your account is upgraded to 2021.1, make sure that any customizations in your account that are
running under the Full Access role work under another role without causing any errors. You should also
determine which users need the Full Access role for their job functions and consider the following:
■ If any users can use another existing role in your account instead of the Full Access role, assign this
other role to them and encourage them to start using it as soon as possible. For more information,
see the help topic Assigning Roles to an Employee.
■ Analyze the needs of other users to determine the access granted by the Full Access role that is not
available through existing roles or global permission assignments. Develop a strategy to configure the
desired access for these users.
Users & Roles

□ You can customize standard roles or create new custom roles as needed to provide users with the
specific access they require. For more information, see Customizing or Creating NetSuite Roles.
□ A new permission called Core Administration Permissions is available. This permission provides
access to some of the same functions that are currently available to users with the Full Access role.
You may be able to use Core Administration Permissions as an alternative to the Full Access role.
For more information, see Core Administration Permissions.
□ If the Global Permissions feature is enabled in your account, you can also assign additional global
permissions to users as needed. Please note that usage of the Global Permissions feature is not
recommended. For more information, see Using the Global Permissions Feature.
Permissions Requiring Two-Factor Authentication (2FA)

Important: As of 2018.2, the requirement for 2FA for these administrative permissions is
enforced in all NetSuite accounts. See the help topic Mandatory Two-Factor Authentication (2FA)
for NetSuite Access.
Administrative permissions that require 2FA include:
■ Access Token Management (for Token-based Authentication)

■ OAuth 2.0 Authorized Applications Management
■ Core Administration Permissions (for more information, see Core Administration Permissions)
■ Two-Factor Authentication base (permission to designate roles as 2FA authentication required and
specify the duration of trusted devices for those roles)
Note: Standard roles with the Two-Factor Authentication base permission include Marketing
Administrator, Sales Administrator, Support Administrator, and System Administrator.
■ Set Up OpenID Connect (OIDC) Single Sign-on

■ Set Up OpenID Single Sign-on
■ Set Up SAML Single Sign-on
■ Integration Application
■ Device ID Management
■ View Unencrypted Credit Cards
For more information about Mandatory 2FA and Two-Factor Authentication, see the following:
■ Administrators: Review Roles NetSuite Designates as Mandatory 2FA

■ Two-Factor Authentication (2FA).
■ 2FA in the NetSuite Application
Note: If a role is already designated as a SAML Single Sign-on (SSO) role, the 2FA requirement is
ignored. The requirement for SAML SSO authentication takes precedence.
Customizing or Creating NetSuite Roles

To create a new custom role that tailors the level of access you want to give to users, you can customize a
standard role or create a new role from scratch. Complete the following tasks:
Users & Roles

■ Customizing and Creating Roles

■ Entering Basic Role Information
■ Assigning Core Administration Permissions
■ Restricting Role Access to Subsidiaries (OneWorld Only)
■ Setting Employee Restrictions
■ Setting Department, Class, and Location Restrictions
■ Setting a Role as Issue Role for Issue Management
■ Setting a Role as Web Services Only Role
■ Setting a Role as Single Sign-On Only Role
■ Restricting a Role by Device ID
■ Restricting a Role by IP Address
■ Setting Two-Factor Authentication Requirements
■ Setting Permissions
■ Setting Employee Access
■ Setting Default and Restricted Forms
■ Setting Search Defaults for a Role
■ Setting Preferences for the Role
■ Translating Custom Role Names
■ Selecting a Dashboard for a Role
After you create a custom role, you can assign it to users. A role's assigned users are listed on the Users
subtab of the role record. See NetSuite Users Overview.
Role customization functionality varies according to the NetSuite product you have purchased and the
features you have enabled. Some of the fields described in the steps below may not be available to you.
For example, location restrictions are not available for NetSuite Small Business users. Also, because of
their design as limited access roles, Retail Clerk roles, unlike other standard NetSuite roles, cannot be
customized. For details, see Retail Clerk Roles.
You can apply the class, department, location, and subsidiary restrictions that you define here to custom
records. See the help topic Applying Role-Based Restrictions to Custom Records.
Be aware that updates made to the default role are not pushed to custom instances of that role. You
must manually update custom roles to include new default role functionality. Additionally, when a new
feature is enabled for an account, permissions associated with that feature are not automatically given to
custom roles that existed prior to enabling the feature. These permissions must be manually assigned to
custom roles that existed prior to enabling the feature.
Important: When the Advanced Employee Permissions feature is enabled, restrictions set
on the Role page are only applicable to the Employee Record Full, Employee System Access,
and Employee Administration permissions. The Employee Self, Employee Public, Employee
Confidential, and Employee Compensation permissions ignore the restrictions set on this page.
For more information, see the help topic Advanced Employee Permissions Overview.
Customizing and Creating Roles

The following procedure describes how to customize or create a role.
Users & Roles

To begin customizing or creating a role:

1. To customize a standard role, go to Setup > Users/Roles > Manage Roles, and on the Manage Roles
page, click Customize next to a standard role. This type of custom role inherits all of the standard
role's permissions to start; you can make changes as necessary.
2. To create a new role that does not start with a list of associated permissions, go to Setup > Users/
Roles > Manage Roles > New.
Entering Basic Role Information

1. In the Name field, enter a name for this custom role.
This name should be easy for you to recognize when assigning it to users.
2. If you use scripting, you can optionally enter an ID used for this role in scripts.
3. If you are creating a new role, select the center type to base the role on. The center type sets
default permissions and access levels that you can customize below. (If you are customizing a
standard role, the center type is predefined.)
After you enter basic information for the role, set optional restrictions for the role.
To make a copy of an existing standard or a custom role:

1. As Administrator, go to Setup > Users/Roles > Manage Roles.
2. Click on Customize or Edit next to the role you want to copy.
3. Enter a different name in the Name field.
4. Click the drop down arrow for Save and click Save As.
Assigning Core Administration Permissions

You can use the Core Administration Permissions to customize a role so that it behaves almost like the
Administrator role, while also restricting access to other areas of NetSuite using the role permissions and
restrictions. For example, with Core Administration Permissions you can create a role specifically for an IT
administrator who is responsible for the general administration of the system, but who should not have
access to sensitive employee information.
Before you can assign the Core Administration Permissions to a role, you need to enable the Core
Administration Permissions feature on the Enable Features page. For more information, see Core
Administration Permissions.
■ To assign Core Administration Permissions to a role, check the Core Administration Permissions
box.
Warning: Use caution when assigning Core Administration Permissions to a role, because the
role will become similar to the standard Administrator role in terms of exclusive administrator
privileges.
Administrator – No HR/Employee Access SuiteApp

The Administrator – No HR/Employee Access SuiteApp provides access to the Administrator – No HR/
Employee Access role. This role includes all of the permissions that come with the standard Administrator
role, except for any permissions associated with employee information. For example, the Administrator –
No HR/Employee Access role does not include the Time-Off Administration, Payroll Items, and Employee
Record permissions. You can use the Administrator – No HR/Employee Access SuiteApp as an alternative
to customizing a standard role and as the starting point for creating a Core Administration Permissions
admin role.
Users & Roles

Note: You do not need to install the Administrator – No HR/Employee Access SuiteApp to assign
the Core Administration Permissions to a role.
Note: From June 2019 onward, SuitePeople HR and U.S. Payroll include an Administrator –
No HR/Employee Access role that allows administrative functionality while controlling access to
sensitive employee data. Please see your SuiteSuccess SuitePeople Leading Practices for more
information, and review the role in your environment.
You can search for the Administrator – No HR/Employee Access SuiteApp using the following information:
■ Bundle name: Administrator – No HR/Employee Access

■ Bundle ID: 256715
For more information about installing SuiteApps, see the help topic Installing a Bundle.
After you install the Administrator – No HR/Employee Access SuiteApp, you can customize the role on the
Manage Roles page. You can assign the role to employees on the Employees page.
Restricting Role Access to Subsidiaries (OneWorld Only)

If you have NetSuite OneWorld, you can use subsidiary restrictions to restrict what users with this role can
access.
When you restrict role access to subsidiaries, consider the following:
■ By default, the subsidiary restrictions is set to User Subsidiary.

■ Only a role with access to all subsidiaries assigned for a department can edit that department.
1. On the Role page, under Subsidiary Restrictions, choose one of the following options:
■ All – Grants the role access to all subsidiaries, including inactive subsidiaries.
■ Active – Grants the role access to the active subsidiaries only.
■ User Subsidiary – Restricts the role’s access to the user’s subsidiary only. When users log
in with this role, they can only access their own subsidiary. A user’s subsidiary is set on the
employee record. For more information, see the help topic Assigning a Subsidiary to an
Employee.
■ Selected – You select the subsidiaries to which you want to restrict the role’s access. You must
select at least one subsidiary from the list.
2. If you choose Selected, in the autogenerated list of active and inactive subsidiaries, select the
subsidiaries that you want the role to have access to. To select multiple subsidiaries, hold down
the Ctrl key while selecting subsidiaries.
3. To allow users logged in with this role to see, but not edit, records for subsidiaries to which the
role does not have access, check the Allow Cross-Subsidiary Record Viewing box. You cannot
use this setting to view employee payroll or commissions data.
Note: If the Book Record Restriction option is enabled for a user, this restriction
overrides permissions granted by the Allow Cross-Subsidiary Record Viewing option.
Setting Employee Restrictions

In the Employee Restrictions field, you can restrict this role's access to transaction, customer, and
employee records, based on values in the employee, sales rep, and supervisor fields on these records.
Users & Roles

The restrictions set here may also limit the values that users logged in with this role can assign to these
fields on records. These restrictions do not affect access to contact records.
■ none - no default – There is no restriction on what can be selected. Record access is not determined
by this field. A default selection does not appear.
■ none - default to own – There is no restriction on what can be selected. Record access is not
determined by this field. Fields of this type will select the user by default.
■ own, subordinate, and unassigned – Users are restricted when selecting any of the employee,
sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor
hierarchy. Users may only select themselves or their subordinates. If the select field is optional, then
the user may leave the value unassigned. Note that unassigned is technically a null value when used
for filtering.
■ own and subordinates only – Users are restricted when selecting any of the employee, sales rep, or
supervisor fields. Users are granted access to records belonging to their supervisor hierarchy with the
exception of unassigned records. Consequently, unassigned records are filtered and denied access.
Users may only select themselves or their subordinates.
Note: In some cases, a role might include both the own and subordinates only restriction
and the process payroll and commit payroll permissions. In this case, to ensure that the user
can create a payroll batch and view all the employees who are included in the payroll batch,
the process payroll and commit payroll permissions override the own and subordinates only
restriction.
Important: These restrictions can also be used to restrict access to custom records, based on
values in an Employee list/record custom field, if the Apply Role Restrictions box is checked for
the field. See the help topic Applying Role-Based Restrictions to Custom Records.
Check the Allow Viewing box to allow users logged in with this role to see, but not edit, data for
employees to which the role does not have access. Note that this setting does not allow viewing of
employee payroll or commissions data. Also, users cannot view non-subordinate employee records other
than their own record when the Employee Restrictions field is set to own and subordinates only.
Check the Do Not Restrict Employee Fields box to allow users with this role to select any employee
in employee fields. For example, a sales manager could select any sales rep in the Sales Rep field on a
customer record even if that sales rep is part of another team.
Check the Restrict Time and Expenses box to restrict the time and expenses employees with this role
can enter, edit, and view when you add the Track Time and Expense Report permissions. Employees
with this role will not be able to enter or edit expense reports or time transactions on behalf of other
employees. Employees with this role will be able to view expense reports and time transactions for
their subordinates. Reports and searches will only return time or expense transactions entered by the
employee or their subordinates. Class, department, location, and subsidiary restrictions will not be applied
for expense and time transactions.
Note: Clearing the Restrict Time and Expenses box enables this role to enter, edit, and
approve time transactions and expense reports for all other employees when you add the Track
Time and Expense Report permissions.
If you have set restrictions in the Employee Restrictions field, check the Sales Role box if employees
using this role should be restricted based on the Sales Rep field on records and transactions.
If you use the Customer Service and Support feature and have set restrictions in the Employee
Restrictions field, check the Support Role box if employees using this role should be restricted based on
the Assigned To field on cases.
Users & Roles

If you use the Partner Relationship Management feature and have set restrictions in the Employee
Restrictions field, check the Partner Role box to restrict partners to records and transactions based on
the Partner field.
Setting Department, Class, and Location Restrictions

If your account has the respective feature enabled, you can restrict this role’s access to transaction,
employee, partner, and optionally item records, based on the values in the Department, Class, and
Location fields on these records. Limit the set of available values of Department, Class, and Locations that
users can assign to these records using restrictions. Department, Class, and Location restrictions can be
defined per role and then applied to all users logged in with that role.
To set Department, Class, and Location restrictions, click the Restrictions subtab. On the Restrictions
subtab, set the following fields:
■ Segment – Select the Segment by which to restrict the role. Select either Class, Department, or
Location.
■ Restrictions – Select the appropriate restriction level for the role:
□ none - default to own – There is no restriction on what can be selected. Record access is not
□ own, subordinate, and unassigned – Users are restricted when selecting any of the employee,
sales rep, or supervisor fields. Users are granted access to records belonging to their supervisor
hierarchy. Users may only select themselves or their subordinates. If the select field is optional,
then the user may leave the value unassigned. Note that unassigned is technically a null value
when used for filtering.
□ own and subordinates only – Users are restricted when selecting any of the employee, sales rep,
or supervisor fields. Users are granted access to records belonging to their supervisor hierarchy
with the exception of unassigned records. Consequently, unassigned records are filtered and
denied access. Users may only select themselves or their subordinates.
■ Allow Viewing – Check this box to allow users logged in with this role to see, but not edit, data for
departments, classes and locations to which the role does not have access. Note that this setting does
not allow viewing of employee payroll or commissions data. Also, users cannot view non-subordinate
records other than their own department, class or locations records when the Restrictions field is set
to own and subordinates only.
■ Apply To Items – Check this box to apply the department, class and locations restrictions defined
here to item records, in addition to transaction, employee, and partner records.
Important: Any account in the Chart of Accounts list that does not have an assigned
department is not subject to the own, subordinate, and unassigned or own and subordinates
only restrictions.
Important: In NetSuite OneWorld, subsidiary restrictions automatically apply to departments.

For example, if Department A is assigned to only Subsidiary X and a role is restricted to Subsidiary
X, users with that role have access to only Department A, even if that role does not have any
department restrictions.
You can also apply role-based, class restrictions to custom records. For more information, see the help
topic Applying Role-Based Restrictions to Custom Records.
Setting a Role as Issue Role for Issue Management

If you use the Issue Management feature and want employees with this role to work with issues, select
the issue role in the Issue Role field.
Users & Roles

Setting a Role as Web Services Only Role

If a role is designed to be used by programs that integrate with NetSuite through web services, check the
Web Services Only Role box to allow NetSuite account access but disallow UI access and privileges.
This setting prohibits a user from accessing the user interface with permissions and privileges that are
created specifically for web services development, adding to the security of your integration. For more
details, see the help topic Setting a Web Services Only Role for a User.
Setting a Role as Single Sign-On Only Role

If the role is designed to be used by users accessing NetSuite through inbound single sign-on from an
external user-authenticating application, check the Single Sign-On Only box to allow NetSuite account
access only through an inbound single sign-on mechanism (either certificate-based or OpenID).
This setting prohibits a user from accessing NetSuite through web services or the user interface without
going through inbound single sign-on. This type of role supports strict control of credentials from the
external application. For more details, see the help topic Setting Up a Single Sign-on Only Role.
Important: You cannot use NetSuite for Outlook with a Single Sign-on Only role.
Restricting a Role by Device ID

If you use the Restrict by Device ID feature, check the Restrict by Device ID box to allow access to this
role only from the devices listed at Setup > Company > Company Information.
For more information, see the help topic Device ID Authentication.
Restricting a Role by IP Address

If you use the IP Address Rules feature, check the Restrict this role by IP Address box to allow access to
this role only from the IP addresses listed at Setup > Company > Company Information.
For more information, see the help topic Enabling and Creating IP Address Rules.
Setting Two-Factor Authentication Requirements

If the role requires two-factor authentication, enter the following settings:
■ Select the type of authentication required in the Two-Factor Authentication Required field.

■ In the Duration of Trusted Device field, select the length of time before a device a user has marked
as trusted will be subject to a two-factor authentication request.
For more information about two-factor authentication, see the help topic Two-Factor Authentication (2FA).
Setting Permissions
Important: If you have enabled the Advanced Employee Permissions feature in your NetSuite
account, see the help topic Advanced Employee Permissions for more information.
■ You can set permissions for a role on the Permissions subtab. Permissions are divided into four
different types on the Transactions, Reports, Lists, Setup, and Custom Record subtabs.
□ To add a permission, click a line in a list, click Insert, and select a permission. Or you can click the
blank line at the bottom of a list, select a permission, and click Add.
Users & Roles

□ To remove a permission, click it in a list, and click Remove.

□ To set the level of access for a permission, click a line in a list and select from the Level column. For
information about these levels, see Access Levels for Permissions.
□ For Custom Record permissions only, you can select a value in the Restrict column to limit this
role's access to custom records. (Each custom record permission provides access to a custom
record type.)
▬ Select Viewing and Editing to restrict users with this role to viewing or editing only the records
of this type that they or their subordinates created.
▬ Select Editing Only to restrict users with this role to editing only the records of this type that
they or their subordinates created. They can view all records of this type.
▬ Leave this column blank to allow users with this role to view and edit all records of this type.
The custom record restrictions you set on this subtab are also available on the record for
each custom record type. Changes made on custom record type records related to this role's
permissions are reflected here. See the help topic Setting Permissions for a Custom Record Type.
Important: When you newly enable a feature in your account, you must consider permissions
associated with the added feature. Customized roles that you have already assigned to users may
need to be updated to reflect the proper permissions associated with the added feature. See the
help topic Enabling Features.
For general information about permissions, see NetSuite Permissions Overview. For access to a list of
NetSuite permissions and their related tasks and records, see Permissions Documentation.
A mass update is available to add, remove, or change the level of a permission for multiple custom roles
simultaneously. See Mass Updating a Permission on Custom Roles.
Setting Employee Access
Important: If you have enabled the Advanced Employee Permissions feature in your NetSuite
account, see the help topic Advanced Employee Permissions for more information.
Setting Default and Restricted Forms

■ Click the Forms subtab to set default forms for a role, and/or to restrict a role to only using certain
forms. On each of the following subtabs, Transaction, Entity, CRM, Item, Other Record, Custom
Record, Time, Bill of Materials, and Inventory Detail, you can do the following:
□ Check the box in the Enabled column next to the forms you want to make available to users with
this role. (Not available for Customer Center roles.)
If you disable all forms for a record or transaction type, users with this role will use the standard
form.
□ Check the box in the Preferred column next to the forms you want the role to use by default.
□ If you want to restrict the role to only the forms you mark as preferred, check the box in the
Restricted column. (Not available for Customer Center roles.)
Note the following about marking a transaction or CRM form Preferred for the Customer Center role:
■ External forms, meaning forms with names appended with (External), can be marked Preferred for the
Customer Center roles, but not for other roles.
■ Forms that are not external cannot be marked as Preferred for Customer Center roles, so they are not
listed on the Forms tab of Customer Center role records.
Users & Roles

Setting Search Defaults for a Role

■ Click the Searches subtab to set saved search definitions to be used as defaults for the search forms,
search results, list views, sublist views, and dashboard views available to a role. For each kind of view,
you also can make the selected saved search the only one available for a record type.
You make these selections by record type. When you select a record type on the Standard or Custom
Record subtab, you can do the following:
□ In the Search Form column, select a saved search to simplify the default search form for the
selected record type.
By default, the simple search form for each record type displays a system-defined set of fields that
can be used as filters. Selecting a saved search here applies the saved search's available filters to
be the only fields on this form for this role.
A preferred search form also can be defined on a saved search record. See the help topic Defining
a Saved Search as a Preferred Search Form.
□ In the Search Results column, select a saved search to be applied to the default global and quick
search results for the selected record type.
This option applies all saved search settings, including criteria, results, and available filters, to the
global and quick search results for the selected record type, for this role.
Preferred search results also can be defined on a saved search record. See the help topic Defining
a Saved Search as Preferred Results.
□ In the List View column, you can select a saved search to be the default list view for the selected
record type. To make that saved search the only list view available, check the Restricted box.
For each record type that is available in a list, a system-defined set of columns displays by default.
The displayed set of records and fields is called a list view. The selection of a saved search here
overrides the system default definitions.
□ In the Sublist View column, you can select a saved search to be the default sublist view for
the selected record type. To make that saved search the only sublist view available, check the
Restricted box.
Some record lists may be displayed on a subtab of another record. For example, a list of
transactions may display on the History subtab of an item record. This type of list is called a sublist.
The selection of a saved search here overrides the system default definitions.
□ In the Dashboard View column, you can select a saved search to be the default view in a
dashboard List portlet for the selected record type. To make that saved search the only dashboard
view available, check the Restricted box.
A record list displayed in a List portlet on the dashboard is called a dashboard view. The selection
of a saved search here overrides the system default definitions.
For general information about views, see the help topic Working with List Views, Sublist Views, and
Dashboard Views . For information about saved searches as views, see the help topic Using a Saved
Search as a View.
Setting Preferences for the Role

You can set role-based defaults for user preferences, to be set for users logging in with that custom role.
See Setting Role-Based Preferences.
Translating Custom Role Names

If the Multi-Language feature is enabled in your account, you can translate the custom role name into
languages that have been set up as company preferences. See Translating Custom Role Names.
Users & Roles

Selecting a Dashboard for a Role

Consider the following information when you select a dashboard for a role.
■ For a standard role, click the Dashboard subtab to select a published dashboard to be used by the
role.
Only dashboards that have been published to the role's assigned center are available. See the help
topic Publishing Dashboards Overview.
■ For a custom role, click the Dashboard subtab to view the dashboard currently published to the role.
Dashboards cannot be published from the Dashboard tab of a custom role. Publishing a dashboard to
a custom role can only be done from the Publish Dashboard link in the Home Settings portlet.
Changing Custom Roles

After you customize a role, you may later decide that you want to edit or inactivate it.
Note: If you assign an additional role to a user who is currently logged in to NetSuite, that user
will need to log out and log back in to NetSuite to see the newly assigned role. The same is true
if you add permissions to an existing role while a user is currently logged in to NetSuite. The user
needs to log out and log back in to exercise the new permissions.
To edit a custom role:
1. Go to Setup > Users/Roles > Manage Roles.

2. Click Edit next to the role you want to change.
3. On the Role page, make desired changes, including:
■ Restricting Role Access to Subsidiaries (OneWorld Only)
■ Setting Employee Restrictions
■ Setting Department, Class, and Location Restrictions
■ Setting a Role as Issue Role for Issue Management
■ Setting a Role as Web Services Only Role
■ Restricting a Role by IP Address
■ Setting Permissions
■ Setting Default and Restricted Forms
■ Setting Search Defaults for a Role
■ Setting Preferences for the Role
■ Translating Custom Role Names
■ Selecting a Dashboard for a Role
4. Click Save.
If you edit a custom role after you've assigned it to employees or vendors, the changes are automatically
updated.
Users & Roles

Note: A mass update is available to add, remove, or change the level of a permission for multiple
custom roles simultaneously. See Mass Updating a Permission on Custom Roles.
Using SDF and Copy to Account (Beta) to Copy Customized

Roles
Warning: Copy to Account is a beta feature. The contents of this feature are preliminary and
may be changed or discontinued without prior notice. Any changes may impact the feature’s
operation with the NetSuite application. NetSuite warranties and product service levels shall
not apply to the feature or impact of the feature on other portions of the NetSuite application.
NetSuite may review and monitor the performance and use of this feature. The documentation of
this feature is also considered a beta version and is subject to revision.
You can use SuiteCloud Development Framework (SDF) to manage custom objects as part of file-
based customization projects. For information about SDF, see the help topic SuiteCloud Development
Framework Overview.
You can use the Copy to Account feature to copy a customized role to another of your accounts. To copy
a customized role, follow the instructions to edit a custom role, and click Copy to Account (Beta) on the
Role page.
For information about Copy to Account, see the help topic Copy to Account Overview.
Inactivating Roles
You can inactivate custom or standard roles that you do not want to use in your account.
When you inactivate a role, you can no longer select it in the Role field on records, and those assigned to
the role can no longer access your account with that role.
Warning: If you inactivate the only role an employee is assigned, you can lock that person out
of your account. Before inactivating a role, go to Setup > Users/Roles > Manage Users to view who
may be assigned to that role.
To inactivate a custom or standard role:

Users & Roles

2. Check the Show Inactives box at the bottom of the list.

3. In the Inactive column, check the box next to any role you want to inactivate.
To prevent errors in the website, you cannot inactivate the standard Customer Center role after
you enable the Web Site feature.
If this role was inactivated before the Web Site feature was enabled, you must temporarily disable
the Web Site feature, activate the standard Customer Center role again, and enable the Web Site
feature again.
You will not lose website data in this process.
4. Click Submit.
You can delete a custom role if it is not currently assigned to any users AND if has never been used to log
in to NetSuite. If a role has previously been used to log in, or is currently assigned to any users, you need
to inactivate the role rather than delete it.
Setting Default Forms for Roles

You can set default forms for your users by customizing roles and assigning them to your users. This lets
you tailor the level of access you want to give to users.
A role is a set of permissions that lets customers, vendors, and employees access specific areas of your
data. You assign roles on customer, vendor, and employee records.
By setting a default form for your users you can control the entry and transaction forms they use to enter
data. Note that Employee Center roles are given limited access to forms such that only one form is ever
made available to this type of role. For other types of roles, in addition to setting a default, you can also
restrict access to particular forms.
For example, you can set a custom case entry form as the only form your support reps can use. This
maintains consistency in your company and lets you capture the information that is most important for
your business.
Note: To make a custom transaction or entry form a default form, you must first customize and
save your forms.
To set a default form for roles:

2. Click Customize next to the role you want to set a form for.
3. Enter a name for your custom role.
4. Click the Forms subtab.
5. Click the section you want to set default forms for.
■ Transaction – Set default forms for transactions such as cash refunds, cash sales, invoices, and
sales orders.
■ Entity – Set default forms for the records you keep for people and companies in NetSuite, such
as employees and customers.
■ CRM – Set default forms for CRM-related activities and records such as campaigns, cases,
events, and tasks
■ Time – Set default forms for time entries.
■ Item – Set default forms for item records.
■ Other Record – Set default forms for other types of records, such as competitor records.
Users & Roles

6. In the Enabled column, clear any boxes for forms this role should not have access to. (not available
for Customer Center roles)
If you disable all forms for a record or transaction type, users with this role will use the standard
form.
7. Check the box in the Preferred column next to any form that should be the default for this role.
Note: Be aware of the following about marking a transaction or CRM form Preferred
for Customer Center roles: External forms, meaning forms with names appended with
(External), can be marked Preferred for Customer Center roles, but not for other roles.
Forms that are not external cannot be marked as Preferred for Customer Center roles, so
they are not listed on the Forms tab of Customer Center role records.
8. To have this form to be the only form available to this role, check the box in the Restricted column.
9. Click Save.
If you set default forms and do not make the defaults restricted, your users can still change the form they
use when they are entering transactions or records.
After you have set default forms, you need to assign your customized roles to your employees. You can
assign roles on the Access tab of employee records.
Restricting Accounts for Roles

You can restrict your accounts by classes, departments, or locations, to control the accounts with which
employees work. If you use NetSuite OneWorld, you also can restrict roles by subsidiary. For more
information, see Customizing or Creating NetSuite Roles.
For example, Jennifer Sawyer, A/R manager for Wolfe Electronics' Japan location, has her accounts
restricted to include only her local bank account. This account appears by default when she accepts
customer payments. This increases Sawyer's efficiency and reduces her chances of making data-entry
errors.
To restrict access to accounts, you first set restrictions on account records. By default, NetSuite roles do
not restrict users by class, department, or location. To restrict accounts, you must set up both account
restrictions and role restrictions.
To set account restrictions:

1. Go to Lists > Accounting > Accounts.
2. Click Edit next to the account you want to restrict.
3. To restrict the account by department, select a department in the Restrict to Department
dropdown list.
4. To restrict the account by class, select a class in the Restrict to Class dropdown list.
5. To restrict the account by location, select a location in the Restrict to Location dropdown list.
6. If you use NetSuite OneWorld, to restrict the account by subsidiary, select a subsidiary in the
Subsidiaries dropdown list.
7. Click Save.
Next, you must set up restrictions for user roles.
To set role restrictions:

Users & Roles

2. Do one of the following:

■ To customize a standard role, click Customize next to the role you want to change.
■ To edit a customized role, click Edit next to the role you want to change.
3. Click the Restrictions subtab.
4. In the Segment dropdown list, select Class, Department, or Location.
5. In the Restrictions dropdown list, select one of the following restrictions:
■ none - default to own – There is no restriction on what can be selected. Record access is not
■ own, subordinate, and unassigned – Users are restricted when selecting any of the
employee, sales rep, or supervisor fields. Users are granted access to records belonging to their
supervisor hierarchy. Users may only select themselves or their subordinates. If the select field
is optional, then the user may leave the value unassigned. Note that unassigned is technically a
null value when used to filter.
■ own and subordinates only – Users are restricted when selecting any of the employee, sales
rep, or supervisor fields. Users are granted access to records belonging to their supervisor
hierarchy with the exception of unassigned records. Consequently, unassigned records are
filtered and denied access. Users may only select themselves or their own subordinates.
Important: Any account in the Chart of Accounts list that does not have an assigned
department is not subject to the own, subordinate, and unassigned or own and
subordinates only restrictions.
6. To allow users logged in with this role to see, but not edit, data for departments to which the role
does not have access, check the Allow Viewing box. You cannot use this setting to view employee
payroll or commissions data. Also, users cannot view non-subordinate department records other
than their own department records when the Department Restrictions field is set to own and
subordinates only.
7. To apply the department restrictions defined here to item records (in addition to transaction,
employee, and partner records), check the Apply to Items box.
8. If you have NetSuite OneWorld, you can use subsidiary restrictions to restrict what users with this
role can access. Under Subsidiary Restrictions, select one of the following options:
■ All – Grants the role access to all subsidiaries, including inactive subsidiaries.
■ Active – Grants the role access to the active subsidiaries only.
■ User Subsidiary – Restricts the role’s access to the user’s subsidiary only. When users log
in with this role, they can only access their own subsidiary. A user’s subsidiary is set on the
employee record. For more information, see the help topic Assigning a Subsidiary to an
Employee.
■ Selected – You select the subsidiaries to which you want to restrict the role’s access. When
you choose Selected, you need to select the subsidiaries from an autogenerated list of all of
the active and inactive subsidiaries. You must select at least one subsidiary. To select multiple
subsidiaries, hold down the Ctrl key while selecting subsidiaries.
9. To allow users logged in with this role to see, but not edit, records for subsidiaries to which the role
does not have access, check the Allow Cross-Subsidiary Record Viewing box. You cannot use this
setting to view employee payroll or commissions data.
Note: If the Book Record Restriction option is enabled for a user, this restriction overrides
permissions granted by the Allow Cross-Subsidiary Viewing option.
10. Click Save.
Users & Roles

Customizing the Customer Center Role

Customize the Customer Center role to adjust the level of access customers have in the center. You can
remove links to transactions or records or limit access to only viewing instead of editing or creating.
The Customer Center role is also applied to the My Accounts section of your website. For information on
setting forms to use in your website, see the help topic Shopping Preferences.
Customizing this role also enables you to ensure a customer uses a custom form when entering sales
orders or making payments in the center.
Note: After you create a custom Customer Center role, you will need to manually assign this role
to each customer that you want to use it, on the Access tab of each customer record.
To customize the Customer Center role:

2. Click Customize next to Customer Center.
3. In the Name field, enter a name for this new custom role.
You select this name when you assign the role on customer records.
4. Click the Permissions subtab.
1. On the Transactions, Lists, and Setup subtabs, click the name of the task to which you
want to change access.
2. In the Level column, adjust the permission level for the task.
3. Click Edit.
4. Repeat these steps for each task you want to edit the access level for.
5. Click the Forms subtab, and on the Transaction and CRM subtabs, check the box in the Preferred
column next to the form you want customers to use in the Customer Center. This overrides the
preferred form selected on the Transaction Forms page.
■ The Customer Center and My Account section of your website use the transaction and entry
forms marked as (External) in the Custom Forms list. Note the following:
□ External forms, meaning forms with names appended with (External), can be marked
Preferred for Customer Center roles, but not for other roles.
□ Forms that are not external cannot be marked as Preferred for Customer Center roles, so
they are not listed on the Forms tab of Customer Center role records.
□ When a non-online order form is marked Preferred for Customer Center, it is saved as the
form for the order. However, an online form is not saved as the form for an order, even if it is
preferred; instead the preferred non-online order form is used.
Note: To create custom forms for transactions, go to Customization > Forms >
Transaction Forms. Custom transaction forms must use Basic printing for Customer Center
roles. To create custom forms for records, go to Customization > Forms > Entry Forms.
6. Click the Searches subtab.

1. To publish a custom search form or custom search results in the Customer Center, select
the type of record or transaction to search.
You must already have a public saved search to publish a search form or results in the
Customer Center. The fields you select on the Filters subtab of the saved search record are
used by the customer to set criteria on search forms.
2. To publish a search form, select the name of the saved search in the Search Form column.
Users & Roles

3. To allow customers to view search results as a list, select the name of the saved search in
the List View column. Searches must be marked both Public and Available as List View to
be selected here.
For example, a public transaction saved search marked Available as List View allows
customers to view transactions matching the criteria of the search in their transaction lists.
4. To allow customers to view search results in a list on the Customer Center dashboard,
select the name of the saved search in the Dashboard View column. Searches must be
marked both Public and Available as Dashboard View to be selected here.
5. To allow customers to view search results in subtab lists, select the name of the saved
search in the Sublist View column. Search must be marked both Public and Available as
Sublist View to be selected here.
6. Check the box in the Restricted column to only allow customers to view the results of this
search in the list view, dashboard view or sublist view, respectively.
If you clear this box, customers can select this view in a View filter at the bottom of the list,
and the list of all the customer's transactions or records for that page is shown by default.
7. Click the Preferences tab to set preferences for the custom center role. The preferences set here
are applied to new users assigned to a role and to existing users in a role who have not previously
set that preference. See the help topic Setting Personal Preferences.
You can now select this custom role on the Access tab of customer records to assign the role.
Note: To prevent errors in the website, you cannot inactivate the standard Customer Center
role you enable the Web Site feature. If this role was inactivated before the Web Site feature was
enabled, you must temporarily disable the Web Site feature, activate the standard Customer
Center role again, and enable the Web Site feature again. You will not lose any website data. For
more information see, Inactivating Roles.
Retail Clerk Roles

The Retail Clerk and Retail Clerk (Web Services Only) roles are specialized roles intended to provide limited
access for users to implement point-of-sale workflows.
Users can be assigned the Retail Clerk role to complete point-of-sale tasks in the NetSuite user interface.
The Retail Clerk (Web Services Only) is intended for use in web services transactions and is marked as a
Web Services Only role. For details about Web services roles, see the help topic Setting a Web Services
Only Role for a User.
Because of their design for limited access, these roles differ from other NetSuite standard roles in the
following respects:
■ The permissions for these roles cannnot be customized. To review the permissions assigned to these
roles, see the following roles in Standard Roles Permissions Table:
□ Retail Clerk
□ Retail Clerk (Web Services Only)
■ These roles are provisioned differently than other standard roles. Users assigned these roles may be
counted differently than users assigned other roles, as described below:
□ If a user is assigned the Retail Clerk role or Retail Clerk (Web Services Only) roll and any other full
access role, the user counts as one Retail Clerk.
□ If a user is assigned the Retail Clerk role or Retail Clerk (Web Services Only) role and any other non-
Employee Center role, the user counts only as a full access user, but not as a Retail Clerk.
Users & Roles

□ If a user is assigned the Retail Clerk role or Retail Clerk (Web Services Only) role and an employee
center role, the user counts as both a Retail Clerk and Employee Center.
Showing Role Permission Differences

Use the Show Role Differences feature to quickly review the differences in permissions between roles. You
can view all of the roles’ permissions or just the permissions that are different. You can also export the list
of role permission differences as a .CSV or .XLS file.
To compare permissions for two or more roles:
1. Go to Setup > Users/Roles > Show Role Differences.

2. In the Base Role dropdown list, select the role that will be the basis for comparison to other roles.
3. In the Compare To dropdown list, select one or more roles to compare to the base role.
■ To view all of the permissions associated with the selected roles, clear the Only Show
Differences box.
■ To view only the permissions that are different between the roles, select the Only Show
Differences box.
5. Click Show.
On the Role Permission Differences page, the permissions are arranged alphabetically and by
category.
6. To export the list as a .CSV or .XLS file, click one of the export options at the top of the list.
7. To compare permissions for another set of roles, click New.
Use Searches to Audit Roles and Permissions

You can use searches to audit your NetSuite role permissions. NetSuite provides a simple role search
you can use to find a particular role or set of roles, or to return a list of roles and their characteristics. For
information about running simple searches, see the help topic Defining a Simple Search. You can also
create advanced employee and role record saved searches to find information about role permissions.
For example, you can verify permissions assigned to a role, or verify permissions assigned to an employee
or an employee’s role. For information about auditing permissions, see Use Searches to Audit Roles and
Use Searches to Audit Permissions By Employee. In addition to user interface searches, you can use the
SuiteScript Search APIs to create and automate searches. For more information see the help topic Search
APIs.
Note: Role record searches do not support the nlapiLoadSearch(type, id) search API.
Use Searches to Audit Roles

You can run role and employee record saved searches to gather information about the roles in your
NetSuite account.
You can do role record searches for general information about roles in your account, such as permissions
assigned to a custom role. Role record body fields are available for role record searches.
Users & Roles

Figure 3. Role Record Search Fields
Related record fields are also available; see the help topic Related Records Fields Available for Advanced
Searches. Additionally, the following permissions fields are available:
■ Permission: Provides the name of each permission assigned to a role. If you include this field in a
search with the permission change fields, results information for the permission change fields is
displayed in every row that a permission name exists. To display search results efficiently, create
separate searches to return values for for the permission name field and the permission change fields.
■ Permission Change: Provides the name of a permission to which a change was made.
■ Permission Change Date: Provides the date a change was made to a permission.
■ Permission Change Level: Provides the level a permission was changed to.
Role Search Example
You need to audit permissions and levels assigned to sales roles.
To see this list, you would create a Role record advanced search. For the search criteria, you would add
a Is Sales Role filter set to Yes. For the results, you would select Name, Permission and Level.
Users & Roles

Figure 4. Role Record Search Results
Use Searches to Audit Permissions By Employee

In addition to role record searches, you also can run employee record saved searches to gather
information about the roles and permissions in your NetSuite account.
For example, you can do an employee record search to obtain a historical list of changes to an employee’s
roles.
All employee record fields are available for employee record searches.
Figure 5. Employee Record Filter Fields
Users & Roles

Related record fields are also available, see the help topic Related Records Fields Available for Advanced
Searches. Additionally, the following role fields are available:
■ Role: Provides a role’s name.

■ Role Change: Provides the name of a role to which a change was made.
■ Role Change Action: Provides the action taken on a role.
■ Role Change Date: Provides the date an action took place.
Employee Search Example
You need to see changes made to roles of employees at a specific location.
To gather this information, you would create an Employee record saved search. For the search criteria,
you would add a Location filter equaling the office location. For the search results, you would select the
Name, Permission Change, Permission Change Date, and Permission Change Level fields.
Figure 6. Employee Search Results
Setting Role-Based Preferences

An account administrator can set preferences that tailor NetSuite accounts to the needs of a particular
role. The preferences set for a role serve as the defaults for any account users who log in with that role.
Role-based preferences are defined on the Preferences subtab of a custom role record.
To set role-based preferences:
1. Click Edit next to a custom role or Customize next to a standard role.

2. On the Preferences subtab, select a preference, choose the desired value in the popup, and click
Add.
3. Repeat step 3 to set additional preferences as desired.
4. Click Save.
Users & Roles

Role-Based Preferences vs. Other Preference Levels

The same preferences that can be set for roles also can be set by individual users for themselves only at
Home > Set Preferences. Role-based preferences are not intended to override any preferences explicitly
set by an individual user. If a user has set a preference to a value other than the system default, company
default, or subsidiary default, the corresponding role-based preference is not applied when that user logs
in with that role.
Some role-based preferences are also available at the company level, and in NetSuite OneWorld accounts,
at the subsidiary level. A role-based preference overrides the system default setting, the corresponding
company-level preference, if any, and the corresponding subsidiary-level preference, if any. Note that if
a company preference has been set not to allow override, it is not available to be set as a preference on
role records.
For more information, see the help topic NetSuite Preference Levels Overview.
Role-Based Preferences in Bundles

When a custom role is added to a bundle, role-based preferences are included. When the bundle is
installed in a target account, role-based preferences are applied to users who log in with that role, except
for users who have already set preferences to non-default values.
Translating Custom Role Names

If the Multi-Language feature is enabled in an account, an account administrator can define translations
for custom role names so they match the language of the NetSuite user interface. Note that NetSuite
provides translations for standard role names.
When the NetSuite user interface is set to a different language, translated role names display in roles lists,
including the popup that displays when a user clicks the icon next to the current role in the upper right
corner.
Before you can translate roles names, you need to select translation languages at Seup > Company
> General Preferences, on the Languages subtab. For details, see the help topic Configuring Multiple
Languages.
Note: The Languages subtab at Seup > Company > General Preferences lists both system-
supported languages that can be used for the NetSuite user interface (and are available at Home
> Set Preferences), and additional languages that can be used for website translations only (and
are not available at Home > Set Preferences ). You should only enter translations for role names in
system-supported languages, because these are the only languages that can be displayed in the
user interface.
you have selected languages, you can enter translations on custom role pages, either when you first
create a role, or when you later edit it.
Users & Roles

To define translations for an existing custom role name:

2. Click Edit next to the role name that needs translations.
3. On the role page, enter translated role names on the Translation subtab.
Note: The maximum length for a role name's translation is 80 characters.
Mass Updating a Permission on Custom Roles

You can use a specialized mass update to add, remove, or change the level of a permission for multiple
roles at the same time, instead of editing each role individually. This mass update is available to users with
the Manage Roles permission.
Users cannot modify permissions for standard roles, so this mass update can only be applied to custom
roles. Also, this mass update is not available to customized Customer Center, Employee Center, Partner
Center, or Vendor Center roles.
For general information about mass updates, see the help topic Mass Changes or Updates.
To mass update a permission for multiple roles:
1. Go to List > Mass Update > Mass Updates, expand Roles & Permissions, and select Add/Edit
Permission on Roles.
2. In the Title of Action field, enter a name for this update.
3. In the Permission field, select the permission that you want to change for selected roles.
Users & Roles

■ Click the icon at the right of this field to see a list.

■ Note that all permissions are listed in alphabetical order; they are not divided into Transactions,
Reports, Lists, Setup, and Custom Records, as they are on role records.
4. In the Level field, choose the permission access level to be applied to selected roles.
■ Choose None to remove the permission from selected roles.
■ Note that the available access levels vary according to the permission selected. See Access
Levels for Permissions.
5. For custom record permissions only, you can select a value in the Restrict field, to limit the
selected roles' access to custom records of the type indicated by the permission.
■ Select Viewing and Editing to restrict users with selected roles to viewing or editing only the
records of this type that they or their subordinates created.
■ Select Editing Only to restrict users with selected roles to editing only the records of this type
that they or their subordinates created but allow them to view all records of this type.
■ Leave this column blank to allow users with selected roles to view and edit all records of this
type.
For information about custom record type permissions, see the help topic Setting Permissions for a
Custom Record Type.
6. To limit the roles where the selected permission should be modified, define a filter or filters on the
Criteria subtab.
■ If existing role fields do not provide needed filtering, you can create one or more custom field(s)
of the Other Custom Field type, and add them to role records, to be used as filter criteria for this
mass update. See Adding Custom Role Fields to be Mass Update Filter Criteria.
■ If you do not define any filter criteria, the permission change is applied to all custom roles in
the account, other than customized Customer Center, Employee Center, Partner Center, and
Vendor Center roles.
7. Define display options for mass update results on the Results subtab.
8. Define the users who can run the update on the Audience subtab, if available.
9. If you are an administrator and you want to run the mass update on a recurring basis, set up this
recurrence on the Schedule subtab. See the help topic Scheduling a Mass Update.
10. View audited changes and actions respective to the update on the Audit Trail subtab.
11. Click Preview to see which records the mass update will change, and review the Mass Update
Preview page.
■ To modify the mass update, click Return to Criteria, and repeat the previous steps as
necessary.
■ If your list has less than 1000 entries, an Apply column is shown. If any record listed should not
be updated, clear the box in the Apply column.
12. Choose one of the following options: Perform Update, or Save.
you click Perform Update, you cannot stop or cancel the mass update, so proceed with caution!
Adding Custom Role Fields to be Mass Update Filter Criteria

To increase the effectiveness of the Add/Edit Permission on Roles mass update, you can add one or more
custom fields to the role record. This kind of field can be used to categorize roles and provide filter criteria
for the mass update. The type of custom field that can be added to role records is the Other Custom Field
type.
Users & Roles

The steps below provide steps for creating this type of field. For further details, see the help topics
Creating a Custom Field and Other Record Fields.
To create a custom field to be added to the role record:
1. Go to Customization > Lists, Records, & Fields > Other Custom Fields > New.
2. From the Record Type dropdown list, select Role.
3. In the Label field, enter a name for the field.
4. From the Type dropdown list, select the type of field.
For example, you can choose List/Record if you want the field to be a dropdown list with multiple
options. For this choice, you need to select the list or record that supplies dropdown list options.
You may need to first create a custom list of these options, then return to creating this custom
field. See the help topic Custom Lists.
5. To add the field to the role page, select a value in the Insert Before field.
6. Complete other fields as necessary.
7. Click Save.
After you have created this custom field, you can set its values on role records as desired, then use it as a
filter criteria for the Add/Edit Permission on Roles mass update.
The following screenshots show the record for a sample custom field, its associated custom list, and the
field on the role record:
Users & Roles

Mass Updating the Role Assigned to Customers

You can update the role assigned to your customers using a mass update. When you mass update
customer roles, a change you indicate is made for many customer records at the same time, instead of
changing the records one at a time.
For example, if you customize your Customer Center role and want to assign the new custom role to all of
your customers, you can use the mass update to do so.
Users & Roles

To mass update the customer role:

1. Go to List > Mass Update > Mass Updates, expand Customer Support and Service and select
Change Customer Role.
2. In the Title of Action field, enter a name for this update.
3. In the Change Role field, select the role you previously assigned that you now want to change.
4. In the to field, select the role you want the update to assign in place of the role selected in the
Change Role field.
For example, in the Change Role field, you select Customer Center. In the to field, you select
Customer Role Alpha, a custom role you created. When you run the mass update, selected
customers are assigned the Customer Role Alpha role instead of the Customer Center role. These
customers no longer have access to the Customer Center role.
5. Define a filter or filters on the Criteria subtab to limit the customers whose role should be
modified.
6. Define display options for mass update results on the Results subtab.
7. Define the users who can run the update on the Audience subtab, if available.
8. If you are an administrator and you want to run the mass update on a recurring basis, set up this
recurrence on the Schedule subtab. See the help topic Scheduling a Mass Update.
9. View audited changes and actions respective to the update on the Audit Trail subtab.
10. Click Preview to see which records the mass update will change, and review the Mass Update
Preview page.
■ To modify the mass update, click Return to Criteria, and repeat the previous steps as
necessary.
■ If your list has less than 1000 entries, an Apply column is shown. (If you want to show the Apply
column, select search criteria that return results with less than 1000 entries. ) If any record
listed should not be updated, clear the box in the Apply column.
11. Choose one of the following options: Return to Criteria, Perform Update, or Save.
you click Perform Update, you cannot stop or cancel the mass update, so proceed with caution!
For general information about mass updates, see the help topic Mass Changes or Updates.
Standard Roles Permissions Table

The following table lists the permissions and permission levels for each standard role.
The standard roles available in your account may differ, depending upon the modules you have
purchased, and the features you have enabled. You can see the roles available in your account at Setup
> Users/Roles > Manage Roles, and you can review a role's details by clicking its link on the Manage Roles
page.
You cannot modify standard roles. It is recommended that you create a custom version of any standard
role before assigning it to users, so that you can modify the role as needed in the future, even after it has
been assigned.
The Administrator role has all permissions available in your NetSuite account at all levels. For more
information about the Administrator role, see The NetSuite Account Administrator.
The Full Access role can be used for token-based authentication. This role can log in, create a token for
itself, and tokens for other users. For more information about token-based authentication in NetSuite, see
the help topic Token-based Authentication (TBA).
Users & Roles

Note: As of NetSuite 2018.1, Administrators and users with Full Access roles must use two-
factor authentication in newly provisioned accounts. For information, see the help topic 2FA in the
NetSuite Application.
Important: If you have the Advanced Employee Permissions feature enabled, see the help
topic Advanced Employee Permissions and Standard NetSuite Roles for a list of the employee
permissions that are assigned to standard NetSuite roles when this feature is enabled.
A/P Clerk
View Create Edit Full

Accounts Payable Export Lists Accounting Lists Pay Bills Calendar
Accounts Payable Kudos Accounts Payable Pay Sales Tax Contacts
Graphing Resource Register Purchase Order Deleted Records
Amortization Tableau® Bill Purchase Orders Receive Order Documents and Files
Schedules Workbook Export Bill of Materials Requisition Events
Bill Of Materials Bills Statistical Account Find Transaction
Inquiry Classes Registers General Token
Custom Recognition Credit Returns SuiteAnalytics Inbound Shipment
Event Type Departments Workbook Log in using Access
Deferred Expense Email Template Tax Details Tab Tokens
Reports Enter Vendor Credits Track Messages Mobile Device Access
Employee Public Item Receipt Units Notifications
Employee Record Items Vendor Prepayment Ownership Transfer
Expense Amortization Locations Vendor Prepayment Payment Card
Plan Memorized Application Payment Card Token
Expense Amortization Transactions Vendor Return Auth. Payment Instruments
Rule Other Lists Approval Perform Search
Financial History Vendor Return Phone Calls
Inventory Authorization Posting Period on
Non Posting Vendor Returns Transactions
Registers Vendors Price Books
Notes Tab Price Plans
Purchase Order Report Customization
Reports Report Scheduling
Sales Order REST Web Services
Fulfillment Reports SOAP Web Services
Sales Order Reports Subscription Plan
Sales Order Tasks
Transaction Report Template Categories
System Journal Usage
Tax Records Vendor Bill Approval
Tax Reports Vendor Payment
Approval
A/R Clerk
Access Payment Audit Log Export Lists Accounting Lists Calendar

Accounts Receivable Kudos Accounts Receivable Charge – Run Rules
Accounts Receivable Graphing Recognize Gift Register Contacts
Bill Of Materials Inquiry Certificate Income Bill of Materials Deleted Records
Custom Recognition Event Type Resource Cash Sale Documents and Files
Employee Public Tableau® Workbook Charge Events
Employee Record Export Charge Rule Find Transaction
Fair Value Dimension Classes General Token
Fair Value Formula Competitors Invoice Approval
Users & Roles

A/R Clerk

Fair Value Price Customer Deposit Log in using Access
Financial History Customer Payment Tokens
Generate Price Lists Customer Payment Mobile Device Access
Generate Statements Authorization Notifications
Inventory Customers Payment Cart
Item Revenue Category Departments Payment Card Token
Lead Snapshot/Reminders Deposit Application Payment Instruments
Notes Tab Email Template Perform Search
Project Profitability Fulfill Orders Phone Calls
Project Revenue Rules Invoice Posting Period on
Project Templates Invoice Sales Orders Transactions
Recognition Treatment Item Fulfillment Price Books
Recognition Treatment Rule Items Price Plans
Revenue Arrangement Locations Project Tasks
Revenue Arrangement Approval Memorized Transactions Report Customization
Revenue Commitment Other Lists Report Scheduling
Revenue Commitment Reversal Override Payment Hold REST Web Services
Revenue Element Print Shipment SOAP Web Services
Revenue Management VSOE Documents Subscription Plan
Revenue Recognition Field Mapping Projects Tasks
Revenue Recognition Plan Sales Order Template Categories
Revenue Recognition Rule Shipping Partner Package Track Time
Revenue Recognition Schedules Shipping Partner Usage
System Journal Shipment
Tax Records Subscriptions
Tax Reports Subscription Change
Time Tracking Orders
Transaction Detail SuiteAnalytics Workbook
View Gateway Asynchronous Tax Details Tab
Notifications Track Messages
View Payment Events Transfer Order
Work Calendar Unbilled Receivable
Registers
Units
Accountant
Access Payment Audit Log Balance Accounting Lists Fixed Asset Registers Automated Cash
Account Detail Transactions by Accounting Generate Revenue Application
Accounts Payable Segments Management Commitment Bill Of Distribution
Accounts Payable Balancing Journals Accounts Generate Revenue Blanket Purchase
Graphing Export Lists Accounts Payable Commitment Order
Accounts Receivable Kudos Register Reversals Calendar
Accounts Receivable Recognize Gift Accounts Receivable Invoice Contacts
Graphing Certificate Income Register Invoice Sales Orders Count Inventory
Amortization Reports Resource Adjust Inventory Issue Components Create Inventory
Balance Sheet Tableau® Amortization Items Counts
Bill Of Materials Inquiry Workbook Export Schedules Locations Deleted Records
Check Item Availability Bank Account Long Term Liability Distribution Network
Commit Orders Registers Registers Documents and Files
Component Where Used Bill of Materials Make Journal Entry Employee Record
Costed Bill Of Materials Bill Purchase Orders Mark Work Orders Events
Inquiry Bills Built Find Transaction
Deferred Expense Build Assemblies Mark Work Orders Global Inventory
Reports Build Work Orders Firmed Relationship
Employee Public Cash Sale Charge - Run Rules
Users & Roles

Accountant

Employee Reminders Charge Mark Work Orders Inventory Cost
Expenses Charge Rule Released Template
Fair Value Dimension Check Mass Updates Invoice Approval
Fair Value Formula Classes Memorized Item Demand Plan
Fair Value Price Close Work Orders Transactions Item Revisions
Financial Statements Competitors Non Posting Registers Item Supply Plan
General Ledger Create Allocation Other Asset Registers Log in using Access
Generate Price Lists Schedules Other Current Asset Tokens
Generate Statements Credit Card Registers Manufacturing Cost
Income Credit Card Refund Other Current Liability Template
Income Statement Credit Card Registers Manufacturing
Inventory Registers Other Lists Routing
Item Revenue Category Credit Memo Other Names Mobile Device Access
Lead Snapshot/ Credit Returns Pay Bills Notifications
Reminders CRM Groups Pay Sales Tax Pay Tax Liability
Net Worth Currency Period End Journals Perform Search
Notes Tab Revaluation Post Time Phone Calls
Period End Financial Custom Recognition Projects Planned Standard
Statements Event Type Purchase Order Cost
Project Budget Customer Deposit Reconcile Post Vendor Bill
Project Profitability Customer Payment Reconcile Reporting Variances
Project Revenue Rules Customer Payment Requisition Posting Period on
Project Templates Authorization Revenue Commitment Transactions
Purchase Order Reports Customers Revenue Commitment Price Books
Purchases Departments Reversal Price Plans
Recognition Treatment Deposit Revenue Project Tasks
Recognition Treatment Deposit Application Management VSOE Purchase Contract
Rule Distribute Inventory Revenue Recognition Report
Revenue Arrangement Email Template Schedules Customization
Revenue Arrangement Employees Sales Order Report Scheduling
Approval Enter Completions Statistical Account REST Web Services
Revenue Element Enter Opening Registers Request For Quote
Revenue Recognition Balances Subscription Change Revalue Inventory
Field Mapping Enter Vendor Orders Cost
Revenue Recognition Plan Credits Subscriptions SOAP Web Services
Revenue Recognition Rule Equity Registers SuiteAnalytics Standard Cost
Revenue Recognition Expense Workbook Version
Reports Amortization Plan Tax Details Tab Subscription Plan
Sales Expense Tax Records Tasks
Sales By Partner Amortization Rule Tax Reports Tegata Accounts
Sales By Promotion Track Messages Tegata Payable
Sales Order Fulfillment Track Time Tegata Receivables
Reports Transfer Funds Template Categories
Sales Order Reports Transfer Inventory Transfer Order
Sales Order Transaction Unbilled Receivable Transfer Order
Report Registers Approval
Subsidiary Settings Unbuild Assemblies Usage
Manager Units Vendor Bill Approval
System Journal Vendor Return Auth. Vendor Payment
Tax Approval Approval
Time Tracking Vendor Return Vendor Request For
Transaction Detail Authorization Quote
Trial Balance Vendor Returns
View Gateway Vendors
Asynchronous Work Order
Notifications Work Order Close
View Payment Events Work Order
Completion
Work Order Issue
Users & Roles

Accountant

Work Breakdown
Structure
Work Calendar
Accountant (Reviewer)
Access Payment Audit Income Statement Export Lists Bills Bill Of Distribution
Log Inventory Kudos Email Template Blanket Purchase
Accounting Lists Invoice Resource Mass Updates Order
Accounting Issue Components Tableau® Override Payment Calendar
Management Item Revenue Category Workbook Hold Charge - Run Rules
Accounts Items Export SuiteAnalytics Contacts
Accounts Payable Lead Snapshot/Reminders Workbook Count Inventory
Accounts Payable Locations Track Messages Create Inventory
Graphing Long Term Liability Counts
Accounts Payable Registers Deleted Records
Register Make Journal Entry Distribution Network
Accounts Receivable Mark Work Orders Built Documents and Files
Accounts Receivable Mark Work Orders Firmed Employee Record
Graphing Mark Work Orders Events
Accounts Receivable Released Find Transaction
Register Memorized Transactions Global Inventory
Adjust Inventory Net Worth Relationship
Amortization Reports Non Posting Registers Inventory Cost
Amortization Notes Tab Template
Schedules Other Asset Registers Item Demand Plan
Balance Sheet Other Current Asset Item Revisions
Balance Transactions Registers Item Supply Plan
by Segments Other Current Liability Log in using Access
Balancing Journals Registers Tokens
Bank Account Other Lists Manufacturing Cost
Registers Other Names Template
Bill Of Materials Pay Sales Tax Manufacturing Routing
Inquiry Period End Financial Mobile Device Access
Bill of Materials Statements Notifications
Build Assemblies Period End Journals Perform Search
Build Work Orders Price Books Phone Calls
Cash Sale Price Plans Planned Standard Cost
Charge Project Budget Posting Period on
Charge Rule Project Profitability Transactions
Check Project Revenue Rules Project Tasks
Check Item Availability Projects Report Customization
Classes Purchase Contract Report Scheduling
Close Work Orders Purchase Order REST Web Services
Commit Orders Purchases SOAP Web Services
Competitors Recognition Treatment Standard Cost Version
Component Where Recognition Treatment Rule Subsidiary - Tax Engine
Used Reconcile Reporting selection
Costed Bill Of Request For Quote Tasks
Materials Inquiry Requisition Tegata Accounts
Create Allocation Revalue Inventory Cost Tegata Payable
Schedules Revenue Arrangement Tegata Receivables
Credit Card Revenue Arrangement Template Categories
Credit Card Refund Approval Vendor Bill Approval
Credit Card Registers Revenue Commitment Vendor Payment
Credit Memo Approval
Users & Roles


Credit Returns Revenue Commitment
CRM Groups Reversal
Currency Revaluation Revenue Element
Custom Recognition Revenue Management
Event Type VSOE
Customer Deposit Revenue Recognition Field
Customer Payment Mapping
Customer Payment Revenue Recognition Plan
Authorization Revenue Recognition
Customers Reports
Deferred Expense Revenue Recognition Rule
Reports Revenue Recognition
Departments Schedules
Deposit Sales
Deposit Application Sales By Partner
Distribute Inventory Sales By Promotion
Employee Public Sales Order
Employee Reminders Sales Order Reports
Employees Sales Order Transaction
Enter Completions Report
Enter Opening Statistical Account
Balances Registers
Enter Vendor Credits Subscription Plan
Equity Registers Subscription Change
Expense Amortization Orders
Plan Subscriptions
Expense Amortization System Journal
Rule Tax
Expenses Tax Details Tab
Fair Value Dimension Tax Records
Fair Value Formula Tax Reports
Fair Value Price Time Tracking
Financial Statements Track Time
Fixed Asset Registers Transaction Detail
General Ledger Transfer Funds
Generate Price Lists Transfer Inventory
Generate Statements Transfer Order
Income Trial Balance
Unbilled Receivable
Registers
Unbuild Assemblies
Units
Usage
Vendor Request For Quote
Vendor Return Auth.
Approval
Vendor Return
Authorization
Vendor Returns
Vendors
View Gateway
Asynchronous Notifications
View Payment Events
View Breakdown Structure
Work Calendar
Work Order
Work Order Close
Work Order Completion
Users & Roles


Work Order Issue
Advanced Partner Center
Bill Of Materials Inquiry Export Lists Campaign History Calendar

Bill of Materials Kudos Cases Contacts
Financial History Notes Tab CRM Groups Customers
Items Promotion Opportunity Deleted Records
Knowledge Base Tableau® Workbook Quote Email Template
Lead Snapshot/Reminders Export Sales Order Events
Marketing Campaigns SuiteAnalytics Workbook Find Transaction
Non Posting Registers Track Messages Log in using Access Tokens
Partner Commission Reports Mobile Device Access
Project Templates Notifications
Sales Partners
Sales By Partner Perform Search
Sales By Promotion Price Books
Sales Force Automation Price Plans
Sales Order Reports Projects
Sales Order Transaction Report Phone Calls
Support Project Tasks
Support Case Snapshot/Reminders Report Customization
Tax Details Tab Report Scheduling
Units REST Web Services
Work Calendar SOAP Web Services
Subscription Change
Orders
Subscription Plan
Subscriptions
Tasks
Template Categories
Usage
Bookkeeper
Access Payment Audit Log Export Lists Accounting Lists Automated Cash
Accounting Management Kudos Adjust Inventory Application
Accounts Recognize Gift Bill Purchase Orders Bill Of Distribution
Accounts Payable Certificate Income Bill of Materials Calendar
Accounts Payable Register Resource Bills Charge – Run Rules
Accounts Receivable Tableau® Workbook Cash Sale Contacts
Accounts Receivable Register Export Charge Count Inventory
Bank Account Registers Charge Rule Create Inventory Counts
Bill Of Materials Inquiry Check Deleted Records
Check Item Availability Classes Distribution Network
Commit Orders Competitors Documents and Files
Component Where Used Credit Card Employee Record
Credit Card Registers Credit Card Refund Events
Deferred Expense Reports Credit Memo Find Transaction
Employee Public Credit Returns Global Inventory
Employee Reminders CRM Groups Relationship
Equity Registers Currency Revaluation Inventory Cost Template
Fixed Asset Registers Customer Deposit Invoice Approval
Users & Roles

Bookkeeper

Generate Price Lists Customer Payment Item Demand Plan
Generate Statements Customer Payment Item Supply Plan
Inventory Authorization Log in using Access
Lead Snapshot/Reminders Customers Tokens
Long Term Liability Registers Departments Manufacturing Cost
Non Posting Registers Deposit Template
Notes Tab Deposit Application Manufacturing Routing
Other Asset Registers Email Template Mobile Device Access
Other Current Asset Registers Employees Notifications
Other Current Liability Registers Enter Opening Balances Perform Search
Project Profitability Enter Vendor Credits Phone Calls
Project Templates Invoice Planned Standard Cost
Purchase Order Reports Invoice Sales Orders Price Books
Revalue Inventory Cost Item Revisions Price Plans
Sales Order Fulfillment Reports Items Post Vendor Bill Variances
Sales Order Reports Locations Posting Period on
Sales Order Transaction Report Make Journal Entry Transactions
Statistical Account Registers Memorized Transactions Project Tasks
System Journal Other Lists Report Customization
Tax Other Names Report Scheduling
Tax Records Pay Bills REST Web Services
Tax Reports Pay Sales Tax SOAP Web Services
Time Tracking Projects Standard Cost Version
Transaction Detail Purchase Order Subscription Plan
Unbilled Receivable Registers Reconcile Tasks
View Gateway Asynchronous Reconcile Reporting Tegata Accounts
Notifications Requisition Tegata Payable
View Payment Events Sales Order Tegata Receivables
Work Calendar Subscriptions Template Categories
Subscription Change Track Time
Orders Usage
SuiteAnalytics Workbook Vendor Bill Approval
Tax Details Tab Vendor Payment Approval
Track Messages
Transfer Funds
Transfer Order
Units
Vendor Return Auth.
Approval
Vendor Return
Authorization
Vendor Returns
Vendors
Buyer
Accounts Payable Export Lists Accounting Lists Blanket Purchase Order

Accounts Payable Graphing Kudos Accounts Payable Register Blanket Purchase Order
Amortization Schedules Resource Bill Purchase Orders Approval
Bill Of Materials Inquiry Tableau® Workbook Bill of Materials Calendar
Custom Recognition Event Export Bills Contacts
Type Classes Deleted Records
Employee Public Departments Documents and Files
Employee Record Email Template Employee Record
Expense Amortization Plan Item Receipt Events
Expense Amortization Rule Items Find Transaction
Users & Roles

Buyer

Financial History Locations Inbound Shipment
Inventory Memorized Transactions Log in using Access Tokens
Non Posting Registers Other Lists Mobile Device Access
Notes Tab Receive Order Notifications
Purchase Order Reports Requisition Ownership Transfer
Sales Order Fulfillment Statistical Account Registers Perform Search
Reports SuiteAnalytics Workbook Phone Calls
Sales Order Reports Track Messages Purchase Contract
Sales Order Transaction Units Purchase Contract Approval
Report Vendor Returns Purchase Order
Vendors Report Customization
Report Scheduling
Request For Quote
Requisition Approval
REST Web Services
SOAP Web Services
Tasks
Template Categories
Vendor Return Auth. Approval
Vendor Return Authorization
CEO
Access Payment Export Lists Email Template Accounting Lists Edit Forecast Pay Bills
Audit Log Kudos Fax Messages Accounting Employee Pay Sales Tax
Accounts Payable Recognize Fax Template Management Commission Payment Card
Accounts Payable Gift Certificate Letter Messages Accounts Transaction Payment Card
Graphing Income Letter Template Accounts Payable Employee Token
Accounts Tableau® Mail Merge Register Commission Payment
Receivable Workbook Mass Updates Accounts Transaction Instruments
Accounts Export PDF Messages Receivable Approval Payroll Liability
Receivable PDF Template Register Employee Record Payments
Graphing Reconcile Adjust Inventory Employees Perform Search
Amortization SuiteAnalytics ADP Import Data Enter Completions Phone Calls
Reports Workbook Approve Online Enter Opening Planned Standard
Amortization Track Messages Bill Payments Balances Cost
Schedules Audit Trail Enter Vendor Post Vendor Bill
Balance Sheet Automated Cash Credits Variances
Bill Of Materials Application Enter Year-To-Date Posting Period on
Inquiry Bank Account Payroll Adjustments Transactions
Check Item Registers Equity Registers Presentation
Availability Bill Of Distribution Events Categories
Commission Bill Purchase Expense Report Price Books
Reports Orders Finance Charge Price Plans
Commit Orders Bill of Materials Financial History Print Shipment
Component Where Bills Find Transaction Documents
Used Blanket Purchase Fixed Asset Process GST
Costed Bill Of Order Registers Refund
Materials Inquiry Blanket Purchase Fulfill Orders Project Tasks
Create Allocation Order Approval General Token Projects
Schedules Build Work Global Inventory Publish Forms
Custom Orders Relationship Purchase Contract
Recognition Event Calculate Time Import Online Purchase Contract
Type Calendar Banking File Approval
Employee Public Cash Sale Inbound Shipment Purchase Order
Cash Sale Refund Internal Publisher Quote
Users & Roles

CEO

Employee Check Inventory Cost Receive Order
Reminders Classes Template Receive Returns
Expense Close Work Invoice Reconcile
Amortization Plan Orders Invoice Approval Reporting
Expense Competitors Invoice Sales Refund Returns
Amortization Rule Contacts Orders Report
Expenses Count Inventory Issue Components Customization
Fair Value Create Inventory Item Fulfillment Report Scheduling
Dimension Counts Item Receipt Request For
Fair Value Formula Credit Card Item Revisions Quote
Fair Value Price Credit Card Item/Category Requisition
Financial Refund Layouts Requisition
Statements Credit Card Items Approval
General Ledger Registers Locations Resource
Generate Price Credit Memo Log in using Access Resource
Lists Credit Returns Tokens Allocation
Generate CRM Groups Long Term Liability Approval
Statements Currency Registers REST Web Services
Income Revaluation Mail Merge Return Auth.
Income Statement Customer Deposit Make Journal Entry Approval
Individual Paycheck Customer Manufacturing Cost Return
Inventory Payment Template Authorization
Item Revenue Customer Manufacturing Sales Order
Category Payment Routing Sales Order
Lead Snapshot/ Authorization Mark Work Orders Approval
Reminders Customer Refund Built Set Up Budgets
Net Worth Customers Mark Work Orders Shipping Partner
Notes Tab Deleted Records Firmed Package
Partner Authorized Departments Mark Work Orders Shipping Partner
Commission Deposit Released Shipment
Reports Deposit Matching Rules for SOAP Web
Partner Application Online Banking Services
Commission Distribution Memorized Standard Cost
Reports Network Transactions Version
Project Budget Documents and Mobile Device Statement Charge
Project Profitability Files Access Statistical Account
Project Revenue Non Posting Registers
Rules Registers Store Account
Project Templates Notifications Registers
Purchase Order Opportunity Store Categories
Reports Other Asset Store Content
Purchases Registers Categories
Quota Reports Other Current Store Content
Recognition Asset Registers Items
Treatment Other Current Store Tabs
Recognition Liability Registers Subscription
Treatment Rule Other Lists Change Orders
Resource Other Names Subscription Plan
Allocations Outlook Integration Subscriptions
Return 2.0 System Status
Authorization Ownership Transfer Tasks
Reports Tegata Accounts
Revalue Inventory Tegata Payable
Cost Tegata
Revenue Receivables
Arrangement Template
Categories
Users & Roles

CEO

Revenue Timer
Arrangement Track Time
Approval Transfer Funds
Revenue Transfer Order
Commitment Transfer Order
Revenue Approval
Commitment Unbilled
Reversal Receivable
Revenue Element Registers
Revenue Units
Management VSOE Usage
Revenue Vendor Bill
Recognition Field Approval
Mapping Vendor Payment
Revenue Approval
Recognition Plan Vendor Request
Revenue For Quote
Recognition Vendor Return
Reports Auth. Approval
Revenue Vendor Return
Recognition Rule Authorization
Revenue Vendor Returns
Recognition Vendors
Schedules View Online Bill
Sales Pay Status
Sales By Partner Work Order
Sales By Promotion Work Order Close
Sales Force Work Order
Automation Completion
Sales Order Work Order Issue
Fulfillment Reports
Sales Order
Reports
Sales Order
Transaction Report
System Journal
Tax
Tax Details Tab
Tax Records
Tax Reports
Time Tracking
Trial Balance
View Gateway
Asynchronous
Notifications
View Payment
Events
Web Site Report
Web Store Report
Work Breakdown
Structure
Work Calendar
Users & Roles

CEO (Hands Off)
Access Payment Credit Memo Inventory Receive Order Export Lists Bills Blanket
Audit Log Credit Returns Invoice Receive Returns Kudos Email Template Purchase Order
Accounting Lists Currency Invoice Sales Reconcile Tableau® Fax Messages Calendar
Accounting Revaluation Orders Reporting Workbook Fax Template Contacts
Management Customer Issue Compone Refund Returns Export Letter Deleted Records
Accounts Deposit nts Request For Messages Documents and
Accounts Customer Item Fulfillment Quote Letter Template Files
Payable Payment Item Receipt Requisition Mail Merge Employee
Accounts Customer Items Resource PDF Messages Commission
Payable Payment Lead Snapshot/ Allocations PDF Template Transaction
Graphing Authorization Reminders Return Auth. SuiteAnalytics Employee
Accounts Customer Locations Approval Workbook Record
Payable Refund Long Term Return Track Messages Events
Register Customers Liability Authorization Find Transaction
Accounts Departments Registers Return General Token
Receivable Deposit Make Journal Authorization Inbound
Accounts Deposit Entry Reports Shipment
Receivable Application Mark Work Revenue Log in using
Graphing Edit Forecast Orders Built Recognition Access Tokens
Accounts Employee Mark Work Reports Mobile Device
Receivable Commission Orders Firmed Sales Access
Register Transaction Mark Work Sales By Partner Notifications
Adjust Inventory Approval Orders Released Sales By Outlook
ADP Import Employee Public Memorized Tran Promotion Integration 2.0
Data Employee sactions Sales Force Ownership
Amortization Reminders Net Worth Automation Transfer
Reports Employees Non Posting Sales Order Payment Card
Approve Online Enter Registers Sales Order Payment Card
Bill Payments Completions Notes Tab Approval Token
Audit Trail Enter Opening Opportunity Sales Order Payment
Balance Sheet Balances Other Asset Fulfillment Instruments
Bank Account Enter Vendor Registers Reports Perform Search
Registers Credits Other Current Sales Order Phone Calls
Bill of Materials Enter Year-To- Asset Registers Reports Project Tasks
Bill Of Materials Date Payroll Other Current Sales Order Report
Inquiry Adjustments Liability Transaction Customization
Bill Purchase Equity Registers Registers Report Report
Orders Expense Report Other Lists Set Up Budgets Scheduling
Build Work Expenses Other Names Shipping Partner Resource
Orders Finance Charge Partner Package Resource
Calculate Time Financial History Authorized Com Shipping Partner Allocation
Cash Sale Financial mission Reports Shipment Approval
Cash Sale Statements Partner Commis Statement REST Web
Refund Fixed Asset sion Reports Charge Services
Check Registers Pay Bills Statistical SOAP Web
Classes Fulfill Orders Pay Sales Tax Account Services
Close Work General Ledger Payroll Liability Registers System Status
Orders Generate Price Payments Subscription Tasks
Commission Lists Posting Period Plan Template
Reports Generate on Transactions Subscriptions Categories
Competitors Statements Price Books Subscription Transfer Order
Credit Card Import Online Price Plans Change Orders Approval
Credit Card Banking File Print Shipment System Journal Vendor Bill
Refund Income Documents Tax Approval
Credit Card Income Print Shipping Tax Details Tab Vendor Payment
Registers Statement Documents Tax Records Approval
Individual Process GST Tax Reports
Paycheck Refund Tegata Accounts
Projects Tegata Payable
Project Tegata
Profitability Receivables
Users & Roles

CEO (Hands Off)

Purchase Time Tracking
Contract Timer
Purchase Order Track Time
Purchase Order Transfer Funds
Reports Transfer Order
Purchases Trial Balance
Quota Reports Unbilled
Quote Receivable
Registers
Units
Usage
Vendor Request
For Quote
Vendor Return
Auth. Approval
Vendor Return
Authorization
Vendor Returns
Vendors
View Gateway
Asynchronous
Notifications
View Online Bill
Pay Status
View Payment
Events
Web Site Report
Web Store
Report
Work Calendar
Work Order
Work Order
Close
Work Order
Completion
Work Order
Issue
CFO
Access Payment Balance Override Accounting Book Events Perform Search

Audit Log Transactions by Payment Hold Accounting Lists Expense Period End
Account Detail Segments Subsidiary Accounting Amortization Plan Journals
Accounts Payable Export Lists Settings Manager Management Expense Phone Calls
Accounts Payable Kudos SuiteAnalytics Accounts Amortization Rule Planned Standard
Graphing Tableau® Workbook Accounts Payable Expense Report Cost
Accounts Workbook Tax Details Tab Register Fax Messages Post Time
Receivable Export Tax Reports Accounts Fax Template Post Vendor Bill
Accounts Vendor Request Receivable Finance Charge Variances
Receivable For Quote Register Financial History Posting Period on
Graphing Adjust Inventory Find Transaction Transactions
Amortization Amortization Fixed Asset Price Books
Reports Schedules Registers Price Plans
Balance Overview Approve Online Foreign Currency Process GST
Balance Sheet Bill Payments Variance Mapping Refund
Bill Of Materials Approve Vendor Fulfill Orders Projects
Inquiry Payments Project Budget
Budget Audit Trail
Users & Roles

CFO

Build Assemblies Automated Cash Generate Project
Check Item Application Intercompany Intercompany
Availability Balance Location Cross Charges Cross Charge
Commission Costing Group Generate Revenue Request
Reports Accounts Commitment Project Tasks
Commit Orders Balancing Generate Revenue Publish Search
Component Journals Commitment Purchase Contract
Where Used Bank Account Reversals Purchase Contract
Costed Bill Of Registers Global Account Approval
Materials Inquiry Bill Of Distribution Mapping Purchase Order
Custom Record Bill of Materials Global Inventory Quote
Types Bill Purchase Relationship Receive Order
Deferred Expense Orders Import Online Receive Returns
Reports Bills Banking File Reconcile
Employee Blanket Purchase Inbound Shipment Reconcile
Commission Order Intercompany Reporting
Schedules/Plans Blanket Purchase Adjustments Refund Returns
Employee Public Order Approval Inventory Cost Report
Employee Build Work Template Customization
Reminders Orders Invoice Report Scheduling
Expenses Calculate Time Invoice Approval Request For Quote
Fair Value Calendar Invoice Sales Requisition
Dimension Cash Sale Orders Requisition
Fair Value Formula Cash Sale Refund Issue Components Approval
Fair Value Price Charge Item Account Resource
Financial Charge Rule Mapping Resource
Statements Charge - Run Item Revisions Allocation
General Ledger Rules Items Approval
Generate Price Check Journal Approval REST Web Services
Lists Class Mapping Letter Messages Return Auth.
Generate Classes Letter Template Approval
Statements Close Work Location Costing Return
Income Orders Group Authorization
Income Statement Competitors Location Mapping Revalue Inventory
Individual Contacts Locations Cost
Paycheck Copy Budgets Log in using Revenue
Inventory Count Inventory Access Tokens Commitment
Item Fulfillment Create Allocation Long Term Liability Revenue
Item Receipt Schedules Registers Commitment
Item Revenue Create Inventory Mail Merge Reversal
Category Counts Make Journal Entry Revenue
Lead Snapshot/ Credit Card Manufacturing Management
Reminders Credit Card Cost Template VSOE
Net Worth Refund Manufacturing Revenue
Partner Credit Card Routing Recognition
Authorized Registers Mark Work Orders Schedules
Commission Credit Memo Built Sales Order
Reports Credit Returns Mark Work Orders Sales Order
Partner CRM Groups Firmed Approval
Commission Currency Mark Work Orders Set Up Budgets
Reports Revaluation Released SOAP Web
Period End Custom Mass Updates Services
Financial Recognition Event Matching Rules for Standard Cost
Statements Type Online Banking Version
Print Shipment Customer Deposit Memorized Statement Charge
Documents Customer Transactions Statistical Account
Project Profitability Payment Mobile Device Registers
Access Subscription
Non Posting Change Orders
Registers
Users & Roles

CFO

Project Revenue Customer Notes Tab Subscription Plan
Rules Payment Notifications Subscriptions
Project Templates Authorization Opportunity Subsidiary - Tax
Purchase Order Customer Refund Other Asset Engine selection
Reports Customers Registers Tasks
Purchases Deleted Records Other Current Tegata Accounts
Quota Reports Department Asset Registers Tegata Payable
Recognition Mapping Other Current Tegata
Treatment Departments Liability Registers Receivables
Recognition Deposit Other Lists Template
Treatment Rule Deposit Other Names Categories
Resource Application Outlook Timer
Allocations Distribution Integration 2.0 Track Messages
Return Authorizati Network Override Track Time
on Reports Documents and Estimated Cost on Transaction Detail
Revenue Arrange Files Transactions Transfer Funds
ment Email Template Ownership Trial Balance
Revenue Arrange Employee Transfer Unbilled
ment Approval Commission Partner Receivable
Revenue Element Transaction Commission Registers
Revenue Employee Transaction Units
Recognition Field Commission Partner Usage
Mapping Transaction Commission Vendor Bill
Revenue Approval Transaction Approval
Recognition Plan Employee Record Approval Vendor Payment
Revenue Employees Pay Bills Approval
Recognition Enter Pay Sales Tax Vendor Return
Reports Completions Pay Tax Liability Auth. Approval
Revenue Enter Opening Payroll Liability Vendor Return
Recognition Rule Balances Payments Authorization
Sales Enter Vendor PDF Messages Vendor Returns
Sales By Partner Credits PDF Template Vendors
Sales By Enter Year-To- View Online Bill
Promotion Date Payroll Pay Status
Sales Force Adjustments Work Breakdown
Automation Entity Account Structure
Sales Order Mapping Work Order
Fulfillment Reports Equity Registers Work Order Close
Sales Order Work Order
Reports Completion
Sales Order Work Order Issue
Transaction
Report
Shipping Partner
Package
Shipping Partner
Shipment
System Journal
Tax
Tax Records
Time Tracking
Unbuild
Assemblies
View Gateway
Asynchronous
Notifications
View Payment
Events
Users & Roles

CFO

Work Calendar
Chief People Officer (CPO)
Commission Reports Export Lists Email Template Advanced Government Issued

Employee Commission Resource Form W-2 – Wage and Tax IDs
Transaction Tableau® Workbook Statement Amend W-4
Employee Commission Export Kudos Basic Government Issued IDs
Transaction Approval Vendors SuiteAnalytics Workbook Calendar
Employee Public Track Messages Departments
Employee Reminders Documents and Files
Expense Categories Edit Banking Information
Find Transaction Edit Profile
Individual Paycheck Employee Effective Dating
Payroll Check Register Employee Change Reason
Payroll Hours & Earnings Employee Change Requests
Payroll Items Employee Change Request
Payroll Summary & Detail Types
Reports Employee Effective Dating
Purchase Order Reports Employee Record
Tax Details Tab Employee Social Security
Tax Reports Numbers
Workforce Analytics Employees
Events
Expense Report
Generic Resources
Government Issued ID Types
Job Management
Job Requisitions
Locations
Manage Users
News Item
Notes Tab
Notifications
Organization Value
Other Lists
Perform Search
Phone Calls
Positions
Report Customization
Report Scheduling
Talent Administration
Tasks
Template Categories
Termination Reasons
Time-Off Administration
Track Time
View Login Audit Trail
Work Calendar
Workplaces
Users & Roles

Consultant
Accounts Receivable Un-Billed Kudos Calendar Events

Classes Project Tasks Cases Expense Report
Customers Documents and Files Notification
Departments Find Transaction Phone Calls
Locations Perform Search Report Scheduling
Non Posting Registers Purchase Order Resource Allocations
Price Books Requisition Tasks
Price Plans SuiteAnalytics Workbook Track Time
Project Profitability
Projects
Statistical Account Registers
Subscriptions
Subscription Change Orders
Time Tracking
Customer Center
Accounts Receivable Register Deposit Application Cases Charge – Run Rules

Cash Sale Generate Statements Cardholder Authentication Deleted Records
Cardholder Authentications Item Fulfillment Contacts Log in using Access
Charge Print Shipment Customer Payment Tokens
Charge Rule Documents Customer Profile Notifications
Credit Memo Return Authorization General Token Payment Instruments
Customer Deposit Shipping Partner Package Payment Card Find Transaction
Customer Payment Shipping Partner Payment Card Token Perform Search
Authorization Shipment Sales Order REST Web Services
Find Transaction SOAP Web Services
Fulfill Orders
Invoice
Issues
Non Posting Registers
Price Plans
Quote
Return Authorization Reports
Sales Order Transaction Report
Subscriptions
Track Messages
Developer

■ SuiteAnalytics Workbook Advanced PDF/HTML Templates
Allow JS / HTML Uploads
Bulk Manage Roles
CRM Lists
Custom Address Form
Custom Body Fields
Custom Center Categories
Custom Center Links
Custom Center Tabs
Custom Centers
Custom Column Fields
Users & Roles

Developer

Custom Entity Fields
Custom Entry Forms
Custom Event Fields
Custom Fields
Custom Item Fields
Custom Item Number Fields
Custom Lists
Custom PDF Layouts
Custom Record Entries
Custom Record Types
Custom Segments
Custom Sublist
Custom Sublists
Custom Subtabs
Custom Transaction Fields
Custom Transaction Forms
Custom Transaction Types
Documents and Files
Email Template
Enable Features
Import CSV File
KPI Scorecards
Log in using Access Tokens
Log in using OAuth 2.0 Access Tokens
Manage Custom Permissions
Manage Translation
Marketing Template
Other Custom Fields
PDF Template
Perform Search
Publish Dashboards
Publish Search
REST Web Services
Set Up CSV Preferences
Set Up Web Site
SOAP Web Services
SuiteApp Deployment
SuiteApp Marketplace
SuiteScript
SuiteScript Scheduling
User Access Tokens
Website (External) publisher
Workflow
Employee Center
Amend W-4 Export Lists Contacts Calendar

Bonus Kudos Edit Profile Cases
Commission Reports Resource Employee Record Deleted Records
Employee Compensation Tableau® Workbook Notes Tab Documents and Files
Employee Confidential Export SuiteAnalytics Workbook Events
Employee Public Expense Report
Employee Reminders Find Transaction
Employee Self Log in using Access Tokens
Employee Social Security Mobile Device Access
Numbers Notifications
Users & Roles

Employee Center

Financial History Perform Search
Individual Paycheck Phone Calls
Non Posting Registers Project Tasks
Personal Banking Information Purchase Order
Project Profitability Request For Quote
Resource Allocations Requisition
Sales Order Transaction Report Requisition Approval
Time Tracking Resource Allocation
Work Calendar Approval
REST Web Services
SOAP Web Services
Tasks
Track Messages
Track Time
User Access Tokens
Engineer
Cases Export Lists Issue Reports Admindocs

Contacts Kudos Issues Calendar
Email Template Tableau® Workbook Mail Merge Deleted Records
Employee Public Export Mark Issue As Showstopper Documents and Files
Employee Record SuiteAnalytics Workbook Events
Template Categories Log in using Access Tokens
Track Messages Mobile Device Access
Notes Tab
Notifications
Perform Search
Report Scheduling
REST Web Services
SOAP Web Services
System Status
Tasks
Engineering Manager
Cases Export Lists Issues Admindocs

Contacts Kudos Perform Search Calendar
Employee Compensation Tableau® Workbook SuiteAnalytics Workbook Deleted Records
Employee Confidential Export Documents and Files
Employee Public Events
Employee Record Issue Reports
Track Messages Log in using Access Tokens
Mark Issue As Showstopper
Mobile Device Access
Notes Tab
Notifications
Report Scheduling
REST Web Services
SOAP Web Services
Tasks
Users & Roles

Full Access (deprecated)
View Full
Account Detail Net Worth Access Token Customer Individual Process Payroll
Report Payroll Check Management Payment Paycheck Promotion Code
Accounts Payable Register (TBA) Customer Profile Internal Publisher Purchase Order
Graphing Payroll Journal Accounting Lists Customer Refund Invoice Receive Items
Accounts Payable Report Accounting Customers Item/Category Receive Purchase
Report Payroll Liability Management Departments Layouts Orders
Accounts Report Accounting Deposit Items Receive Returns
Receivable Payroll Reports Preferences Direct Deposit Jobs Reconcile
Graphing Purchases Accounts Status Job Management Record Custom
Accounts Reconcile Accounts Distribute Job Requisitions Field
Receivable Report Reporting Payable Register Inventory Journal Approval Refund Returns
Accounts Reminders Accounts Documents and Knowledge Base Related Items
Receivable Un- Sales Receivable Files Kudos Report
Billed Sales By Partner Register Edit Forecast Locations Customization
Balance Sheet Sales By Adjust Inventory EFT Status Log in using Resource
Budget Promotion Code Adjust Inventory Email Template Access Tokens Resource
Cash Flow Report Sales Force Worksheet Employee (TBA) Allocation
Certificate access Automation Advanced Change Reason Long Term Approval
Certificate Sales Graphing Government Employee Liability Registers Return Auth.
management Support Issued IDs Effective Dating Mail Merge Approval
Employee Support Case Allow JS / HTML Employee Make Journal Return
Confidential Snapshot/ Uploads Related Entry Authorization
Employee Public Reminders Allow Non GL Lists(Other Lists) Marketing Revenue
Expenses Tax Changes Employees Template Commitment
Form 1099 Time Tracking Approve Direct Enter Opening Mass Updates Revenue
Form 940 Transaction Detail Deposit Balances Media Items Commitment
Form 941 Trial Balance Approve EFT Enter Vendor Memorized Reversal
Form W-2 Web Site Report Approve Online Credits Transactions Run Payroll
General Ledger Web Store Report Bill Payments Enter Year-to- Non Posting Sales Order
Income Audit Trail date Payroll Registers Sales Order
Income Statement Bank Account Adjustments Notes Tab Approval
Inventory Registers Equity Registers Online Bank Set Up Budgets
Lead Snapshot/ Bill Purchase Establish Quotas Statement Set Up Company
Monthly Summary Orders Estimate Opportunity Ship Items
Reports by Bill Sales Orders Events Organization Shipping Items
Employee Billing Setup Expense Value Shortcuts
Monthly Summary Bills Categories Other Asset Statement Charge
Reports by Item Blanket Purchase Expense Registers Store Categories
Period End Order Approval Registers Other Current Store Content
Financial Calculate Time Expense Report Asset Registers Categories
Statements Calendar Finance Charge Other Current Store Content
Resource Campaign Financial History Liability Registers Items
Allocations Campaign Find Transaction Other Expense Store Tabs
Suppliers History Fixed Asset Registers Subsidiary - Tax
Tax Reports Cases Registers Other Income Engine selection
View Gateway Cash Sale Fulfill Sales Registers SuiteAnalytics
Asynchronous Cash Sale Refund Orders Other Names Workbook
Notifications Categories Generate Outlook Tasks
Check Revenue Integration 2.0 Tax Details Tab
Classes Commitment Outlook Tax Items
Color Themes Generate Integration 3.0 Termination
Companies Revenue Partners Reasons
Competitors Commitment Pay Bills Time-Off
Contacts Reversals Pay Sales Tax Administration
Cost of Goods Generate Paychecks Timer
Sold Registers Statements Payment Methods Track Messages
Credit Card Global Inventory Payroll Items Track Time
Relationship Transfer Funds
Users & Roles

Full Access (deprecated)
View Full
Credit Card Government Payroll Liability Transfer Inventory
Refund Issued ID Types Payments Two-Factor
Credit Card Import CSV File Period End Authentication
Registers Import Online Journals base
Credit Memo Banking (QIF) File Posting Period on User Access
CRM Group Import XML Transactions Tokens (TBA)
CRM Lists (Other Transaction Presentation Vendor In-Transit
Lists) Income Registers Print Shipment Payment Approval
Currency Documents Vendors
Currency View Online Bill
Revaluation Pay Status
Custom Record Website (External)
Entries publisher
Workplaces
Human Resources Generalist
Commission Reports Export Lists Email Template Advanced Government Issued

Employee Commission Resource Form W-2 - Wage and Tax IDs
Transaction Tableau® Workbook Statement Amend W-4
Employee Commission Export Kudos Basic Government Issued IDs
Transaction Approval Vendors SuiteAnalytics Workbook Bonus
Employee Public Track Messages Bonus Types
Employee Reminders Calendar
Expense Categories Departments
Find Transaction Documents and Files
Individual Paycheck Edit Banking Information
Payroll Chek Register Edit Profile
Payroll Hours & Earnings Employee Effective Dating
Payroll Items Employee Change Reason
Payroll Summary & Detail Employee Change Request
Reports Employee Change Request
Purchase Order Reports type
Workforce Analytics Employee Record
Employees
Employee Social Security
Numbers
Events
Expense Report
Generic Resources
Government Issued ID Types
Job Management
Job Requisitions
Locations
Manage Users
News Items
Notes Tab
Notifications
Organization Value
Other Lists
Perform Search
Phone Calls
Positions
Report Scheduling
Talent Administration
Users & Roles

Human Resources Generalist

Tasks
Template Categories
Termination Reasons
Time-Off Administration
Track Time
View Login Audit Trail
Work Calendar
Workplaces
Intranet Manager
Bill Of Materials Inquiry Export Lists Email Template Allow JS / HTML Uploads
Employee Compensation Kudos SuiteAnalytics Workbook Bill of Materials
Employee Confidential Resource Track Messages Calendar
Employee Public Tableau® Workbook Color Themes
Employee Record Export Custom Item Fields
Find Transaction Deleted Records
Notes Tab Documents and Files
Web Site Report Events
Web Store Report Internal Publisher
Item/Category Layouts
Items
Notifications
Online Customer Form
Perform Search
Phone Calls
Presentation Categories
Publish Employee List
Publish Forms
Publish RSS Feeds
Related Items
Report Scheduling
REST Web Services
Set Up Image Resizing
Set Up Web Site
SOAP Web Services
Store Categories
Store Content Categories
Store Content Items
Store Tabs
Tasks
Template Categories
Units
Website (External) publisher
Issue Administrator
Cases Export Lists SuiteAnalytics Workbook Calendar

Employee Public Kudos CRM Groups
Employee Record Tableau® Workbook Export Deleted Records
Documents and Files
Users & Roles

Issue Administrator

Events
Import CSV File
Issue Reports
Issue Setup
Issues
Mass Updates
Notes Tab
Notifications
Perform Search
Publish Dasboards
Publish Search
Report Scheduling
REST Web Services
SOAP Web Services
Tasks
Marketing Administrator
Cases Export Lists Classes Backup Your Duplicate PDF Template

Employee Public Kudos Departments Data Detection Setup Perform Search
Employee Tableau® Email Template Bulk Manage Duplicate Entity Phone Calls
Reminders Workbook Locations Roles Management Presentation
Financial History Export SuiteAnalytics Calendar Employee Record Categories
Find Transaction Workbook Campaign Employees Project Tasks
Lead Snapshot/ Track Messages History Events Projects
Reminders Vendors Color Themes Fax Messages Promotion
Marketing Companies Fax Template Public Template
Campaign Reports Competitors Import CSV File Categories
Price Books Contact Roles Internal Publisher Publish Dashboards
Price Plans Contacts Item Collection Publish Knowledge
Project Templates CRM Groups Knowledge Base Base
Quota Reports CRM Lists KPI Scoreboards Publish Search
Sales Custom Body Letter Messages Record Custom
Sales By Partner Fields Letter Template Field
Sales By Promotion Custom Column Log in using Report
Sales Force Fields Access Tokens Customization
Automation Custom Entity Mail Merge Report Scheduling
Subscription Plan Fields Manage Users Resource
Web Site Report Custom Entry Marketing REST Web Services
Work Calendar Forms Campaigns Sales Force
Custom Event Marketing Automation Setup
Fields Template Sales Order Reports
Custom Fields Mass Updates Setup Campaign
Custom Item Mobile Device Email Addresses
Fields Access Set Up Domains
Custom Lists Notes Tab Setup Campaigns
Custom PDF Notifications Shortcuts
Layouts Online Custom SOAP Web Services
Custom Record Record Form Subscriptions
Entries Online Customer Subscription
Custom Record Form Change Orders
Types Other Names Tasks
Custom Subtabs Partners
Users & Roles

Marketing Administrator

Custom PDF Messages Template
Transaction Categories
Fields Two-Factor
Custom Authentication base
Transaction Upsell Assistant
Forms Upsell Setup
Customer Profile Upsell Wizard
Customer Users & Passwords
Segments
Manager
Customer Status
Customers
Delete Event
Deleted Records
Documents and
Files
Marketing Assistant
Bill Of Materials Export Lists CRM Lists Allow JS / HTML Uploads

Bill of Materials Inquiry Kudos Email Template Calendar
Employee Public Knowledge Base Fax Messages Campaign History
Employee Record Tableau® Workbook Fax Template Companies
Financial History Export Letter Messages Competitors
Items Letter Template Contacts
Lead Snapshot/Reminders Mail Merge CRM Groups
Marketing Campaign Reports Partners Customers
Price Books PDF Messages Deleted Records
Price Plans PDF Template Documents and Files
Project Templates Promotion Duplicate Entity Management
Quota Reports SuiteAnalytics Workbook Events
Sales Track Messages Find Transaction
Sales By Partner Log in using Access Tokens
Sales By Promotion Marketing Campaigns
Sales Force Automation Marketing Template
Sales Order Reports Mass Updates
Subscription Plan Mobile Device Access
Units Notes Tab
Work Calendar Notifications
Perform Search
Phone Calls
Project Tasks
Projects
Publish RSS Feeds
Report Scheduling
Resource
REST Web Services
SOAP Web Services
Subscriptions
Tasks
Template Categories
Upsell Assistant
Upsell Setup
Upsell Wizard
Users & Roles

Marketing Assistant

Website (External) Publisher
Marketing Manager
Bill Of Materials Inquiry Export Lists CRM Lists Calendar

Bill of Materials Knowledge Base Custom Body Fields Campaign History
Employee Compensation Kudos Custom Column Fields Companies
Employee Confidential Tableau® Workbook Custom Entity Fields Competitors
Employee Public Export Custom Event Fields Contact Roles
Employee Record Custom Fields Contacts
Financial History Custom Lists CRM Groups
Items Email Template Custom Transaction Forms
Lead Snapshot/Reminders Fax Messages Customer Segments Manager
Marketing Campaign Reports Fax Template Customer Status
Price Books Letter Messages Customers
Price Plans Letter Template Deleted Records
Project Templates Mail Merge Documents and Files
Quota Reports PDF Messages Duplicate Entity Management
Sales PDF Template Events
Sales By Partner Publish Knowledge Base Find Transaction
Sales By Promotion SuiteAnalytics Workbook Internal Publisher
Sales Force Automation Track Messages Item Collection
Sales Order Reports Log in using Access Tokens
Subscription Plan Marketing Campaigns
Units Marketing Template
Web Site Report Mass Updates
Web Store Report Mobile Device Access
Work Calendar Notes Tab
Notifications
Online Customer Form
Outlook Integration 2.0
Partners
Perform Search
Phone Calls
Project Tasks
Projects
Promotion
Public Template Categories
Report Scheduling
REST Web Services
Resource
Sales Territory Rule
Set Up Campaign Email
Addresses
Set Up Image Resizing
Setup Campaigns
SOAP Web Services
Subscriptions
Tasks
Template Categories
Upsell Assistant
Upsell Setup
Upsell Wizard
Users & Roles

Partner Center
Cases Export Lists Competitors Deleted Records

Find Transaction Tableau® Workbook Customers Log in using Access Tokens
Notes Tab Export Projects Notifications
Partner Commission Subscriptions Partners
Reports Subscription Change Orders Perform Search
Price Books SuiteAnalytics Workbook Promotion
Price Plans Resource Allocation Approval
Project Templates REST Web Services
Resource Allocations SOAP Web Services
Sales By Partner
Sales By Promotion
Payroll Manager
Employee Compensation Export Lists Email Template Calendar

Employee Confidential Kudos Form W-2 - Wage and Tax Contacts
Employee Public Posting Period on Statement Deleted Records
Employee Reminders Transactions SuiteAnalytics Workbook Documents and Files
Financial History Resource Track Messages Employee Record
Find Transaction Tableau® Workbook Employee Social Security
Form 940 – Employer’s Annual Export Numbers
Federal Unemployment Tax Return Employees
Form 941 – Employer’s Quarterly Enter Year-To-Date Payroll
Federal Tax Return Adjustments
Form W4 – Employee’s Withholding Events
Allowance Certificate Individual Paycheck
Make Journal Entry Log in using Access Tokens
Manage Payroll Mobile Device Access
Notes Tab Notifications
Payroll Hours & Earnings Paychecks
Payroll Check Register Payroll Items
Payroll Journal Report Payroll Liability Payments
Payroll Liability Report Perform Search
Payroll Summary & Detail Reports Phone Calls
Project Profitability Process Payroll
Time Tracking Report Customization
Report Scheduling
REST Web Services
Run Payroll
Set Up Payroll
SOAP Web Services
Tasks
Template Categories
Track Time
Vendors
Workplaces
Payroll Setup
Employee Public Export Lists Email Template Calendar

Employee Reminders Kudos Form W-2 - Wage and Tax Contacts
Financial History Statement Deleted Records
Users & Roles

Payroll Setup

Find Transaction Posting Period on SuiteAnalytics Workbook Documents and Files
Form 940 – Employer’s Annual Transactions Track Messages Employee Record
Federal Unemployment Tax Return Resource Employee Social Security
Form 941 – Employer’s Quarterly Tableau® Workbook Numbers
Federal Tax Return Export Employees
Form W4 – Employee’s Withholding Enter Year-To-Date Payroll
Allowance Certificate Adjustments
Make Journal Entry Events
Manage Payroll Individual Paycheck
Notes Tab Locations
Payroll Check Register Log in using Access Tokens
Payroll Journal Report Mobile Device Access
Payroll Liability Report Notifications
Payroll Summary & Detail Reports Paychecks
Project Profitability Payroll Items
Time Tracking Payroll Liability Payments
Perform Search
Phone Calls
Process Payroll
Report Scheduling
REST Web Services
Run Payroll
Set Up Payroll
SOAP Web Services
Tasks
Template Categories
Track Time
Vendors
Workplaces
PM Manager
Employee Compensation Export Lists Companies Admindocs

Employee Confidential Kudos Contacts
Employee Public Resource CRM Groups Calendar
Employee Record Tableau® Workbook Email Template Cases
Find Transaction Export Issue Reports Competitors
Lead Snapshot/Reminders Issues Customers
Partners Mark Issue As Documents and Files
Project Templates Showstopper Events
Provisioning Opportunity Financial History
Support Perform Search Jobs
Support Case Snapshot/Reminders SuiteAnalytics Workbook Knowledge Base
Work Calendar Track Messages KPI Scoreboards
Mail Merge
Mass Updates
Notes Tab
Notifications
Phone Calls
Project Budget
Project Tasks
Publish Dashboards
Publish Knowledge Base
Users & Roles

PM Manager

Report Scheduling
Resource Allocation
Approval
Resource Allocations
Subscriptions
Tasks
Template Categories
Work Breakdown Structure
Product Manager
Access Payment Audit Log Export Lists Companies Admindocs

Charge Kudos Contacts Calendar
Charge Rule Resource CRM Groups Cases
Credit Memo Tableau® Workbook Email Template Competitors
Employee Public Export Issues Customers
Employee Record Opportunity Deleted Records
Find Transaction Perform Search Documents and Files
Invoice SuiteAnalytics Workbook Events
Lead Snapshot/Reminders Track Messages Financial History
Partners Charge - Run Rules
Price Books Issue Reports
Price Plans Knowledge Base
Project Templates Log in using Access
Provisioning Tokens
Sales Order Mail Merge
Support Mark Issue As
Support Case Snapshot/Reminders Showstopper
View Gateway Asynchronous Mass Updates
Notifications Mobile Device Access
View Payment Events Notes Tab
Work Calendar Notifications
Outlook Integration 2.0
Phone Calls
Project Tasks
Projects
Publish Knowledge Base
Report Scheduling
REST Web Services
SOAP Web Services
Subscriptions
Subscription Change
Orders
Tasks
Template Categories
QA Engineer
Cases Kudos Issue Reports Admindocs

Employee Public Issues Calendar
Employee Record Mark Issue As Showstopper Documents and Files
Perform Search Events
Users & Roles

QA Engineer

SuiteAnalytics Workbook Mobile Device Access
Track Messages Notes Tab
Notifications
System Status
Tasks
QA Manager
Cases Kudos Issues Admindocs

Employee Compensation Perform Search Calendar
Employee Confidential SuiteAnalytics Workbook Documents and Files
Employee Public Track Messages Events
Employee Record Issue Reports
Issue Setup
KPI Scorecards
Notes Tab
Notifications
Publish Dashboards
System Status
Tasks
Resource Manager
Audit Trail Import CSV File Custom Body Customers Deleted Records
Bill of Materials Items Fields Events Documents and Files
Calendar KPI Scorecards Custom Center SuiteAnalytics Employee Record
Contacts Locations Categories Workbook Mobile Device Access
Custom Entity Mass Updates Custom Center Notifications
Fields Notes Tab Links Project Tasks
Custom Entry Other Custom Fields Custom Centers Projects
Forms Outlook Integration Custom Column Resource Allocation Approval
Custom Event 2.0 Fields Resource Allocations
Fields Price Books Custom Review Custom GL Plug-in
Custom Fields Price Plans Transaction Executions
Custom HTML Project Profitability Forms Subscriptions
Layouts Project Templates Kudos Subscription Change Orders
Custom Item Report Customization Perform Search
Fields Report Scheduling Publish Forms
Custom Item Subscription Plan Publish Search
Number Fields Subsidiaries
Custom Lists SuiteScript
Custom PDF SuiteSignOn
Layouts Tasks
Custom Record Template Categories
Entries Time Tracking
Custom Record Two-Factor
Types Authentication
Custom Sublists Two-Factor
Custom Subtabs Authentication base
Email Template Usage
Employee Public Vendors
Users & Roles

Resource Manager

Employee Work Calendar
Reminders Workflow
Employees
Generic
Resources
Retail Clerk (Note that this role cannot be customized. See Retail Clerk Roles.)
Access Payment Audit Log Kudos Contacts Cases

Bill Of Materials Inquiry Phone Calls SuiteAnalytics Workbook Charge
Bill of Materials Charge Rule
Calendar Charge – Run Rules
Deposit Application Credit Memo
Edit Profile Customer Deposit
Employee Public Customer Payment
Employee Record Customer Payment
Employee Reminders Authorization
Events Customer Refund
Fulfill Orders Customers
Item Fulfillment Documents and Files
Items Edit Banking Information
Locations Find Transaction
Print Shipment Documents Invoice
Project Profitability Invoice Approval
Purchase Order Invoice Sales Orders
Requistion Mobile Device Access
Sales Order Fulfillment Reports Notes Tab
Shipping Partner Package Notifications
Shipping Partner Shipment Perform Search
Tasks Sales Order
Time Tracking Transfer Order
Track Messages Transfer Order Approval
Track Time
Transaction Detail
View Gateway Asynchronous
Notifications
View Payment Events
Retail Clerk (Web Services Only) (Note that this role cannot be customized. See Retail Clerk Roles.)
Access Payment Audit Log Kudos SuiteAnalytics Workbook Bill of Materials

Bill Of Materials Inquiry Charge
Currency Charge Rule
Employee Public Charge – Run Rules
Employees Credit Memo
Locations Custom Record Entries
View Gateway Asynchronous Customer Deposit
Notifications Customer Payment
View Payment Events Customer Payment
Authorization
Customer Refund
Customers
Deleted Records
Users & Roles

Retail Clerk (Web Services Only) (Note that this role cannot be customized. See Retail Clerk Roles.)

Deposit Application
Documents and Files
Employee Record
Find Transaction
Invoice
Invoice Approval
Items
Notifications
REST Web Services
Sales Order
SOAP Web Services
Set Up SOAP Web Services
Track Time
Transfer Order
Transfer Order Approval
View Unencrypted Credit
Cards
View SOAP Web Services
Logs
Revenue Accountant
Account Detail Kudos Accounts Amortization Reports Revenue Management

Balance Sheet Resource Accounts Receivable Amortization Schedules VSOE
Bill Of Materials Cash Sale Calendar Revenue Recognition
Billing Schedules Cash Sale Refund Custom Recognition Event Plan
Create Allocation Credit Memo Type Revenue Recognition
Schedules Customers Deferred Expense Reports Reports
Currency Email Template Documents and Files Revenue Recognition
Customer Deposit Fair Value Dimension Employee Record Rule
Customer Payment Fair Value Formula Events Revenue Recognition
Customer Payment Fair Value Price Expense Amortization Schedules
Authorization Invoice Plan Tasks
Customer Refund Invoice Sales Orders Expense Amortization Template Categories
Employee Public ltem Revenue Category Rule
Employee Reminders Non Posting Registers Find Transaction
Employees Recognition Treatment Generate Revenue
Financial Statements Recognition Treatment Commitment
Fulfill Orders Rule Generate Revenue
General Ledger Return Authorization Commitment Reversals
Income Revenue Recognition Make Journal Entry
Income Statement Field Mapping Mass Updates
Item Fulfillment Sales Order Notes Tab
Item Revisions SuiteAnalytics Workbook Notifications
Items Perform Search
Projects Phone Calls
Project Profitability Project Revenue Rules
Purchase Order Project Tasks
Reconcile Reporting Report Customization
Sales Order Fulfillment Report Scheduling
Reports Revenue Arrangement
Sales Order Reports Revenue Arrangement
Tax Details Tab Approval
Time Tracking Revenue Commitment
Users & Roles

Revenue Accountant

Trial Balance Revenue Commitment
Units Reversal
Revenue Element
Revenue Manager
Account Detail Kudos Accounts Accounting Lists Enable Features

Balance Sheet Resource Accounts Receivable Accounting Events
Create Allocation Bill Of Materials Management Expense Amortization Plan
Schedules Billing Schedules Accounting Expense Amortization Rule
Customer Deposit Cash Sale Preferences Fair Value Dimension
Customer Payment Cash Sale Refund Amortization Reports Fair Value Formula
Customer Payment Credit Memo Amortization Fair Value Price
Authorization Currency Schedules Find Transaction
Customer Refund Customers Calendar Generate Revenue
Employee Public Email Template Custom Body Fields Commitment
Employee Reminders Invoice Custom Column Fields Generate Revenue
Employees Invoice Sales Orders Custom Entity Fields Commitment Reversals
Financial Statements Item Revisions Custom Entry Forms Item Revenue Category
Fulfill Orders Items Custom Event Fields Make Journal Entry
General Ledger Non Posting Registers Custom Fields Mass Updates
Income Return Authorization Custom Item Fields Notes Tab
Income Statement Sales Order Custom Lists Notifications
Item Fulfillment SuiteAnalytics Custom PDF Layouts Other Lists
Project Profitability Workbook Custom Recognition Perform Search
Projects Event Type Phone Calls
Purchase Order Custom Record Types Project Revenue Rules
Reconcile Reporting Custom Subtabs Project Tasks
Sales Order Fulfillment Custom Transaction Recognition Treatment
Reports Fields Recognition Treatment Rule
Sales Order Reports Custom Transaction Report Customization
Time Tracking Forms Report Scheduling
Trial Balance Deferred Expense Revenue Arrangement
Units Reports Revenue Arrangement
Documents and Files Approval
Employee Record Revenue Commitment
Revenue Commitment
Reversal
Revenue Element
Revenue Management VSOE
Revenue Recognition Field
Mapping
Revenue Recognition Plan
Revenue Recognition Reports
Revenue Recognition Rule
Revenue Recognition
Schedules
Tasks
Template Categories
Users & Roles

Sales Administrator
Access Payment Audit Export Lists Cash Sale Bulk Manage Roles Find Transaction
Log Kudos CRM Lists Calendar Internal Publisher
Accounts Receivable Resource Custom Body Fields Commission Feature Item Collection
Accounts Receivable Tableau® Custom Column Setup KPI Scorecards
Register Workbook Fields Companies Lead Conversion
Bill Of Materials Inquiry Export Custom Entity Competitors Lead Conversion
Bill of Materials Fields Contact Roles Mapping
Commission Reports Custom Event Contacts Letter Messages
Employee Public Fields CRM Groups Letter Template
Employee Reminders Custom Fields Custom Entry Forms Log in using Access
Financial History Custom Lists Custom Transaction Tokens
Items Custom Subtabs Forms Mail Merge
Lead Snapshot/ Custom Customer Segments Manage Users
Reminders Transaction Fields Manager Marketing Template
Marketing Campaign Mass Updates Customer Status Mobile Device Access
Reports SuiteAnalytics Customers Notes Tab
Non Posting Registers Workbook Deleted Records Notifications
Project Templates Documents and Files Online Customer Form
Quota Reports Duplicate Detection Opportunity
Resource Allocations Setup Outlook Integration 2.0
Sales Duplicate Entity Override Estimated Cost
Sales By Partner Management on Transactions
Sales By Promotion Edit Forecast Partner Authorized
Sales Force Automation Edit Manager Forecast Commission Reports
Sales Order Fulfillment Email Template Partner Commission
Reports Employee Commission Reports
Sales Order Reports Schedules/Plans Partner Commission
Sales Order Transaction Employee Commission Schedules/Plans
Report Transaction Partner Commission
Shipping Items Employee Record Transaction
Shipping Partner Employees Partner Contribution
Registration Establish Quotas PDF Messages
Statistical Account Events PDF Template
Registers Fax Messages Perform Search
Subscription Plan Fax Template Phone Calls
Unbilled Receivable Price Books
Registers Price Plans
Units Project Tasks
Usage Projects
View Gateway Promotion
Asynchronous Publish Dashboards
Notifications Publish Search
View Payment Events Quote
Work Calendar Report Customization
Report Scheduling
Resource Allocation
Approval
REST Web Services
Sales Campaigns
Sales Force Automation
Setup
Sales Order
Sales Order Approval
Sales Territory
Sales Territory Rule
Set Up Domains
SOAP Web Services
Subscriptions
Users & Roles

Sales Administrator

Subscription Change
Orders
Tasks
Team Selling
Contribution
Telephony Integration
Template Categories
Track Messages
Two-Factor
Authentication base
Upsell Assistant
Upsell Setup
Upsell Wizard
Sales Manager
Access Payment Audit Export Lists Campaign History Bill Of Distribution Events
Log Kudos Cash Sale Calendar Find Transaction
Accounts Receivable Resource CRM Lists Commission Feature Global Inventory
Accounts Receivable Tableau® Custom Body Fields Setup Relationship
Register Workbook Custom Column Companies Internal Publisher
Bill Of Materials Inquiry Export Fields Competitors Item Collection
Bill of Materials Custom Entity Contact Roles Lead Conversion
Cases Fields Contacts Lead Conversion
Check Item Availability Custom Event CRM Groups Mapping
Commission Reports Fields Custom Entry Forms Log in using Access
Commit Orders Custom Fields Custom Transaction Tokens
Employee Compensation Custom Lists Forms Marketing Template
Employee Confidential Custom Subtabs Customer Segments Mobile Device Access
Employee Public Custom Manager Notes Tab
Employee Record Transaction Fields Customer Status Notifications
Financial History Fax Messages Customers Online Customer Form
Item Revisions Fax Template Deleted Records Opportunity
Items Letter Messages Distribution Network Outlook Integration 2.0
Lead Snapshot/ Letter Template Documents and Files Override Estimated Cost
Reminders Mail Merge Edit Forecast on Transactions
Marketing Campaigns Mass Updates Edit Manager Forecast Partner Commission
Marketing Campaign Override Payment Email Template Schedules/Plans
Reports Hold Employee Commission Partner Commission
Non Posting Registers PDF Messages Schedules/Plans Transaction
Project Templates PDF Template Employee Commission Partner Contribution
Quota Reports SuiteAnalytics Transaction Perform Search
Resource Allocations Workbook Establish Quotas Phone Calls
Sales Price Books
Sales By Partner Price Plans
Sales By Promotion Projects
Sales Force Automation Project Tasks
Sales Order Fulfillment Promotion
Reports Quote
Sales Order Reports Report Customization
Sales Order Transaction Report Scheduling
Report Resource Allocation
Statistical Account Approval
Registers REST Web Services
Subscription Plan Sales Campaigns
Sales Order
Users & Roles

Sales Manager

Unbilled Receivable Sales Order Approval
Registers Sales Territory
Units Sales Territory Rule
Usage Set Up Image Resizing
View Gateway SOAP Web Services
Asynchronous Subscriptions
Notifications Subscription Change
View Payment Events Orders
Web Site Report Tasks
Web Store Report
Work Calendar Team Selling
Contribution
Template Categories
Track Messages
Upsell Assistant
Upsell Setup
Upsell Wizard
Sales Person
Access Payment Audit Log Export Lists Campaign History Calendar

Bill Of Materials Inquiry Kudos Cash Sale Competitors
Bill of Materials Notes Tab Edit Forecast Contacts
Cases Resource Fax Messages CRM Groups
Commission Reports Tableau® Workbook Fax Template Customers
CRM Lists Export Letter Messages Deleted Records
Duplicate Entity Management Letter Template Documents and Files
Employee Commission Transaction Mail Merge Email Template
Employee Public Mass Updates Events
Employee Record Opportunity Find Transaction
Financial History PDF Messages Lead Conversion
Items PDF Template Lead Conversion Mapping
Lead Snapshot/Reminders Sales Order Log in using Access
Marketing Campaigns SuiteAnalytics Workbook Tokens
Marketing Campaign Reports Marketing Template
Non Posting Registers Mobile Device Access
Project Templates Notifications
Quota Reports Outlook Integration 2.0
Resource Allocations Perform Search
Sales Phone Calls
Sales By Partner Price Books
Sales By Promotion Price Plans
Sales Force Automation Projects
Sales Order Fulfillment Reports Project Tasks
Sales Order Reports Quote
Sales Order Transaction Report Report Customization
Subscription Plan Report Scheduling
Units Resource Allocation
Usage Approval
View Gateway Asynchronous REST Web Services
Notifications Sales Campaigns
View Payment Events SOAP Web Services
Work Calendar Subscriptions
Subscription Change
Orders
Tasks
Users & Roles

Sales Person

Template Categories
Track Messages
Upsell Assistant
Sales Vice President
Access Payment Audit Log Export Lists Campaign History Bill Of Distribution
Accounts Receivable Kudos Cash Sale Calendar
Accounts Receivable Register Tableau® Workbook Fax Messages Companies
Bill Of Materials Inquiry Export Fax Template Competitors
Bill of Materials Letter Messages Contact Roles
Cases Letter Template Contacts
Check Item Availability Mail Merge CRM Groups
Commission Reports Mass Updates Customers
Commit Orders Override Payment Hold Distribution Network
Component Where Used PDF Messages Documents and Files
Costed Bill Of Materials Inquiry PDF Template Edit Forecast
Employee Public SuiteAnalytics Workbook Edit Manager Forecast
Employee Record Email Template
Item Revisions Establish Quotas
Items Events
Lead Snapshot/Reminders Find Transaction
Marketing Campaigns Global Inventory
Non Posting Registers Relationship
Price Books Manufacturing Cost
Price Plans Template
Quota Reports Manufacturing Routing
Sales Mobile Device Access
Sales By Partner Notes Tab
Sales By Promotion Notifications
Sales Force Automation Opportunity
Sales Order Fulfillment Reports Perform Search
Sales Order Reports Phone Calls
Sales Order Transaction Report Quote
Statistical Account Registers Report Customization
Subscription Change Orders Report Scheduling
Subscriptions Sales Campaigns
Subscription Plan Sales Order
Usage Sales Order Approval
View Gateway Asynchronous Subsidiary - Tax Engine
Notifications selection
View Payment Events Tasks
Web Site Report Template Categories
Web Store Report Track Messages
Store Manager
Access Payment Audit Log Export Lists Companies Allow JS / HTML Project Tasks
Accounts Receivable Kudos Competitors Uploads Publish Forms
Bill Of Materials Inquiry Resource Custom Item Fields Bill of Materials Publish RSS Feeds
Employee Compensation Custom Lists Calendar Purchase Order
Employee Confidential Customers Cash Sale Related Items
Employee Public Email Template Cash Sale Refund Report Customization
Users & Roles

Store Manager

Employee Record Tableau® Override Payment Color Themes Report Scheduling
Inventory Workbook Hold Commerce Requisition
Lead Snapshot/Reminders Export Projects Categories Resource Allocation
Non Posting Registers Shipping Items Contacts Approval
Price Books Shipping Partner CRM Groups REST Web Services
Price Plans Registration CRM Lists Sales Order
Project Templates Subscriptions Customer Segments Sales Order Approval
Purchase Order Reports Subscription Change Manager Set Up Domains
Resource Allocations Orders Deleted Records Set Up Image Resizing
Sales SuiteAnalytics Documents and Files Set Up Web Site
Sales By Partner Workbook Duplicate Entity Site Search
Sales By Promotion Track Messages Management SOAP Web Services
Sales Order Fulfillment Vendors Events Store Content Items
Reports Find Transaction Store Tabs
Sales Order Reports Internal Publisher System Email
Sales Order Transaction Item Collection Template
Report Item Demand Plan Tasks
Subscription Plan Item Supply Plan Template Categories
Usage Item/Category Transfer Order
View Gateway Layouts Transfer Order
Asynchronous Notifications Items Approval
View Payment Events Log in using Access Uncategorized
Web Site Report Tokens Presentation Items
Web Store Report Mobile Device Access Units
Work Calendar Notes Tab Upsell Assistant
Notifications Upsell Setup
Online Customer Upsell Wizard
Form Website (External)
Perform Search publisher
Phone Calls Web Site Management
Presentation
Categories
Support Administrator
Access Payment Export Lists Bill of Materials Admindocs Delete Event Publish Search
Audit Log Kudos Classes Audit Trail Deleted Records Record Custom
Bill Of Materials Receive Returns Color Themes Backup Your Documents and Field
Inquiry Refund Returns Departments Data Files Report Customizati
Employee Public Return Auth. Email Template Bulk Manage Duplicate Entity on
Employee Approval Items Roles Management Report Scheduling
Reminders Return Locations Calculate Time Employee Record Resource
Financial History Authorization Marketing Calendar Employees Resource Allocation
Lead Snapshot/ Tableau® Template Case Alerts Escalation Approval
Reminders Workbook Export SuiteAnalytics Cases Assignment REST Web Services
Memorized Workbook Companies Escalation Shortcuts
Transactions Track Messages Competitors Assignment Rule SOAP Web Services
Price Books Units Contact Roles Events Subscriptions
Price Plans Contacts Fax Messages Subscription
Project Templates Create Public Fax Template Change Orders
Promotion Search Find Transaction Support
Quota Reports CRM Groups Import CSV File Support Case Issue
Resource Allocations CRM Lists Internal Publisher Support Case Origin
Return Authorization Custom Body Knowledge Base Support Case
Reports Fields KPI Scoreboards Priority
Sales Force Custom Column Letter Messages
Automation Fields Letter Template
Users & Roles

Support Administrator

Subscription Plan Custom Entity Log in using Support Case
Usage Fields Access Tokens Snapshot/
Vendors Custom Entry Mail Merge Reminders
View Gateway Forms Manage Users Support Case Status
Asynchronous Custom Event Mass Updates Support Case
Notifications Fields Mobile Device Territory
View Payment Custom Fields Access Support Case
Events Custom Item Notes Tab Territory Rule
Web Site Report Fields Notifications Support Case Type
Work Calendar Custom Lists Online Case Form Support Setup
Custom PDF Other Names System Email
Layouts Partners Template
Custom Record PDF Messages Tasks
Entries PDF Template Telephony
Custom Record Perform Search Integration
Types Phone Calls Template
Custom Subtabs Projects Categories
Custom Project Profitability Time Tracking
Transaction Project Tasks Timer
Fields Publish Track Time
Custom Dashboards Two-Factor Authent
Transaction Publish ication base
Forms Knowledge Base Users & Passwords
Customer Profile
Customers
Support Manager
Bill Of Materials Inquiry Export Lists Competitors Admindocs Online Case Form
Bill of Materials Kudos Custom Event Fields Calendar Perform Search
CRM Lists Resource Customers Case Alerts Phone Calls
Employee Compensation Tableau® Email Template Cases Project Tasks
Employee Confidential Workbook Export Fax Messages Companies Publish Knowledge
Employee Public Fax Template Contact Roles Base
Employee Record Issues Contacts Report Customization
Items Letter Messages CRM Groups Report Scheduling
Lead Snapshot/Reminders Letter Template Deleted Records Resource Allocation
Price Books Mail Merge Documents and Files Approval
Price Plans Mass Updates Duplicate Entity REST Web Services
Project Templates PDF Messages Management SOAP Web Services
Resource Allocations PDF Template Escalation Support Case Issue
Sales Projects Assignment Support Case Origin
Sales By Partner Subscriptions Escalation Support Case Priority
Sales By Promotion Subscription Change Assignment Rule Support Case Status
Sales Order Reports Orders Events Support Case Territory
Subscription Plan SuiteAnalytics Find Transaction Support Case Territory
Support Workbook Internal Publisher Rule
Support Case Snapshot/ Track Messages Knowledge Base Support Case Type
Reminders Log in using Access Support Setup
Units Tokens System Email
Usage Mobile Device Access Template
Work Calendar Notes Tab Tasks
Notifications Template Categories
Track Time
Users & Roles

Support Person
Bill Of Materials Inquiry Export Lists Companies Admindocs

Bill of Materials Knowledge Base Competitors Calendar
CRM Lists Kudos Customers Cases
Duplicate Entity Management Notes Tab Email Template Contacts
Employee Public Resource Fax Messages Deleted Records
Employee Record Tableau® Workbook Fax Template Documents and Files
Items Export Issues Events
Lead Snapshot/Reminders Letter Messages Find Transaction
Price Books Letter Template Log in using Access
Price Plans Mail Merge Tokens
Project Templates Mass Updates Mobile Device Access
Publish Knowledge Base PDF Messages Notifications
Publish RSS Feeds PDF Template Perform Search
Resource Allocations Projects Phone Calls
Subscription Plan Subscriptions Project Tasks
Support Subscription Change Report Customization
Support Case Snapshot/Reminders Orders Report Scheduling
Units SuiteAnalytics Workbook Resource Allocation
Usage Track Messages Approval
Website (External) publisher REST Web Services
Work Calendar SOAP Web Services
Tasks
Template Categories
Track Time
System Administrator
Employee Public ■ Kudos Email Template Admindocs Custom Transaction Forms

Employee Override Payment Hold Billing Information Customer Segments Manager
Reminders SuiteAnalytics Bulk Manage Roles Deleted Records
Find Transaction Workbook Classes Departments
Notes Tab Track Messages Credit Card Duplicate Detection Setup
Sent Email Processing Employee Record
System Status Custom Body Fields Employee Social Security
Undelivered Emails Custom Column Numbers
Fields Employees
Custom Entity Fields Enable Features
Custom Entry Forms Events
Custom Event Fields Financial Institution Records
Custom Fields Internal Publisher
Custom Item Fields Item Collection
Custom Lists KPI Scorecards
Custom PDF Layouts Locations
Custom Record Types Log in using Access Tokens
Custom Sublist Manage Custom Permissions
Custom Subtabs Manage Custom Restrictions
Custom Transaction Manage Users
Fields Notifications
Price Books
Price Plans
Publish Dashboards
Publish Search
REST Web Services
Set Up Company
SOAP Web Services
Users & Roles

System Administrator

Subscription Plan
Subscriptions
Tasks
Template Categories
Two-Factor Authentication
base
Usage
Web Services
Tax Engine

Accounts Tax Records
Bills
Cash Sale
Cash Sale Refund
Companies
Credit Card
Credit Card Refund
Credit Memo
Credit Returns
Currency
Customer Deposit
Customer Payment
Customer Refund
Customers
Deposit
Deposit Application
Enter Vendor Credits
Expense Categories
Expense Report
Finance Charge
Find Transaction
Invoice
Item Fulfillment
Item Receipt
Items
Make Journal Entry
Opportunity
Other Names
Perform Search
Posting Period on Transactions
Projects
Promotion
Purchase Order
Quote
Return Authorization
Sales Order
Set Up Company
Shipping Items
Subsidiaries
Subsidiary Tax Registrations Tab
Tax Details Tab
Vendor Return Authorization
Vendors
Users & Roles

Vendor Center

Accounts Payable Register SuiteAnalytics Workbook Deleted Records
Find Transaction Log in using Access Tokens
Non Posting Registers Notifications
Notes Tab REST Web Services
Purchase Order SOAP Web Services
Requisition Track Time
Sales Order Transaction Report User Access Tokens
Warehouse Manager
Access Payment Audit Log Export Lists Bills Adjust Inventory

Bill Of Materials Inquiry Kudos Email Template Bill Of Distribution
Bill of Materials Resource Items Build Work Orders
Check Item Availability Tableau® Workbook Shipping Items Calendar
Commit Orders Export Shipping Partner Close Work Orders
Component Where Used Registration Contacts
Costed Bill Of Materials Inquiry SuiteAnalytics Workbook Count Inventory
Customers Track Messages Create Inventory Counts
Employee Compensation Deleted Records
Employee Confidential Distribution Network
Employee Public Documents and Files
Employee Record Enter Completions
Inventory Events
Item Revisions Find Transaction
Non Posting Registers Fulfill Orders
Notes Tab Global Inventory
Purchase Order Reports Relationship
Price Books Inbound Shipment
Price Plans Inventory Cost Template
Revalue Inventory Cost Issue Components
Sales Order Item Demand Plan
Sales Order Fulfillment Reports Item Fulfillment
Sales Order Reports Item Process Family
Sales Order Transaction Report Item Process Group
Subscription Plan Item Receipt
Units Item Supply Plan
Vendors Log in using Access Tokens
View Gateway Asynchronous Manufacturing Cost
Notifications Template
View Payment Events Manufacturing Routing
Mark Work Orders Built
Mark Work Orders Firmed
Mark Work Orders Released
Notifications
Ownership Transfer
Perform Search
Phone Calls
Pick Strategy
Pick Task
Planned Standard Cost
Print Shipment Documents
Purchase Order
Receive Order
Users & Roles

Warehouse Manager

Receive Returns
Report Scheduling
Requisition
Requisition Approval
REST Web Services
Shipping Partner Package
Shipping Partner Shipment
SOAP Web Services
Standard Cost Version
Tasks
Template Categories
Transfer Order
Transfer Order Approval
Vendor Bill Approval
Wave
Work Order
Work Order Close
Work Order Completion
Work Order Issue
Zone
NetSuite Users Overview

To set up users with access to your NetSuite account, you need to set up records for them, either
employee, vendor, partner, or customer records, depending upon the type of users. To add a user, you
need to set up a record for that user and on that record, explicitly indicate that access to NetSuite should
be provided
On each record, you need to provide an email address, which serves as the user ID. Each record has
an Access tab, where you can enable the Give Access option and assign roles. For users to have access
to NetSuite, they must also have a password. Administrators can send an access notification email that
includes a link that lets users create their own passwords.
For links to instructions for adding NetSuite users, see the topics in Manage Different Types of
Users.
If you assign an additional role to a user who is currently logged in to NetSuite, that user will need to log
out and log back in to NetSuite to see the newly assigned role. The same is true if you add permissions to
an existing role while a user is currently logged in to NetSuite. The user needs to log out and log back in
to exercise the new permissions.
Note: When the Advanced Employee Permissions feature is enabled, the Employee System
Access permission must be assigned to a role to give access and assign roles to employees. For
more information, see the help topic Employee System Access Permission Overview.
The Manage Users Page

To review users' roles, go to Setup > Users/Roles > Manage Users. The Manage Users page lists all users
by name, with their email addresses and default roles.
1. Click a user name to open his or her record. You can then click the Edit button in the record to
make changes.
Users & Roles

NetSuite Users Overview 75
2. Click a user email address to send mail to him or her.
For more information, see Viewing Your NetSuite Users List.
The Login Audit Trail

The Login Audit Trail is a specialized search that returns a list of account login and logout activity, that
can be filtered by date, user, role, or IP address. This search helps keep track of account users, when
they have logged in or logged out, and from where. Search results indicate whether each login or logout
attempt was successful. This search is available at Setup > Users/Roles > View Login Audit Trail.
Note: In some cases, users' login to NetSuite is ended when they have not explicitly logged out
of NetSuite. For example, this situation occurs when a user's NetSuite session times out. If the
logout is not explicit, the system does not create a logout entry in the Login Audit Trail.
For more information, see Login Audit Trail Overview.
Manage Different Types of Users

See the following topics for information about setting up and maintaining access for different types of
NetSuite users.
■ Employee Users
■ Vendor Users
■ Partner Users
■ Customer Users
Note: Only active users with access count against the Full User Count purchased for your
account. Inactive users that have access do not count. For details about making users inactive, see
the help topic Terminating an Employee.
Employee Users
You can give NetSuite access to employees by checking the Give Access box on the Access tab of the
Employee record. You assign roles to an employee on the Roles subtab of the Access tab. Most roles in
the system are available to employees, and you can assign multiple roles to each employee.
■ For instructions for setting up NetSuite access for employees, see the help topic Giving an Employee
Access to NetSuite.
■ For instructions for assigning roles, see the help topic Assigning Roles to an Employee.
■ For instructions for limiting employees' ability to enter time records, see the help topic Restricting
Employee Time Tracking Entries.
■ For instructions for adding employees, see the help topic Adding an Employee.
After you have set up employees with access and one or more roles each, you can return to their records
and make changes to their assigned roles as necessary. The Access tab includes a History subtab that lists
changes made to role assignments.
If the Global Permissions feature is enabled, you also can assign permissions directly to employees,
on a Global Permissions subtab of the Access tab. These permissions supersede permissions for the
Users & Roles

employee's assigned role, in the event of a conflict. Please note that usage of the Global Permissions
feature is not recommended. For more information, see Using the Global Permissions Feature.
You can use employee searches to track employees' roles and changes to them. The following role fields
are available to be used as filters for employee searches: Center Type, Custom, Inactive, Internal ID,
Level, Name, Permission, Permission Change, and Permission Change Date. The following role fields
are available to be displayed as results for employee searches: Center Type, Custom/Standard, From
Bundle, Inactive, Internal ID, Level, Name, Permission, Permission Change, Permission Change Date, and
Permission Change Level.
Important: When an employee leaves your company, you should modify the person’s
record to reflect the termination date and remove any previously granted user roles and
access permissions. You can also inactivate the employee record if you want to prevent it from
appearing in lists or as choices anywhere in your account. For more information, see the help
topic Terminating an Employee.
Vendor Users
Vendor access is supported if you have enabled the Vendor Access option on the Web Presence subtab
at Setup > Company > Setup Tasks > Enable Features. If this feature is disabled, Vendor records do not
include an Access tab.
You can give vendors access by checking the Give Access box on the Access tab of the Vendor record. You
assign roles to a vendor on the Roles subtab of the Access tab. Most roles in the system are available to
vendors, and you can assign multiple roles per vendor. There may be a Vendor Center role available.
After you have set up vendors with access, you can return to their records and make changes to their
assigned roles as necessary. The Access tab includes a History subtab that lists changes made to role
assignments.
For more information about setting up vendors, see the help topics Adding a Vendor Record, Assigning
Roles to Vendors, and Using the Vendor Center.
Partner Users
Partner access to your account is supported if you have enabled the following features at Setup >
Company > Setup Tasks > Enable Features:
■ Partner Relationship Management on the CRM subtab

■ Partner Access and/or Advanced Partner Access on the Web Presence subtab
You can give partners access by checking the Give Access box on the Access tab on the Partner record.
You can assign one role per partner. Available roles may include the Partner Center, the Advanced
Partner Center, or your customized versions of these roles. You also can grant access to individual
partner contacts based on their email addresses.
Customer Users
Customer access to your account is supported if you have enabled the Customer Access option on the
Web Presence subtab at Setup > Company > Setup Tasks > Enable Features. If this feature is disabled,
Customer records do not include an Access tab. For more information, see Giving Customers Access.
Users & Roles

You can give customers access by checking the Give Access box on the Access tab of the Customer
record. You can assign one role per customer, usually the Customer Center role, or your customized
version of it. You also can grant access to individual customer contacts based on their email addresses.
Giving Customers Access

NetSuite provides a standard role for customers. The Customer Center role lets customers view their
estimates, orders, invoices, and payments. You can customize this role to adjust the level of permission
for certain tasks in the center. For example, if you do not want customers to make payments from the
Customer Center, you can set the level for Customer Payments to None instead of Edit.
For more information about giving access to customers, see the following:
■ Enable the Customer Access Feature

■ Provide Access to Individual Customers
■ Use CSV Import to Provide Access to Multiple Customers
■ Set the Customer Center Sales Order Form
Enable the Customer Access Feature

To allow customer access to NetSuite, an administrator must first enable the Customer Access feature.
To enable the Customer Center:

1. Go to Setup > Company > Setup Tasks > Enable Features.
2. On the Enable Features page, click the Web Presence subtab.
3. Check the Customer Access box.
4. Click Save.
When customer access has been enabled, roles can be assigned to customer users individually or by CVS
import to give access to multiple customers.
Provide Access to Individual Customers

You can use customer records in NetSuite to give access to customers and assign roles.
You should use the Send New Access Notification Email feature that lets customers set up a NetSuite
password for themselves. However, if you prefer to set their passwords yourself, use the procedure in Set
a Customer’s Password Manually instead.
To assign a customer a role and provide access to NetSuite:

1. Go to Lists > Relationships > Customers.
2. Click Edit next to the customer that you want to assign a role to.
3. In the Email field, enter the customer's email address.
The customer uses this email address to log in to NetSuite.
4. Click the Access tab.
5. Click the Give Access box.
Users & Roles

6. If you run multiple websites, you can restrict a customer’s login access to a specific website (for
example, the website that the customer registered on). To assign a customer to a website, in
the Assigned Website field, select a website. For more information, see the help topic Assign
Customers to Websites.
7. To assign the standard Customer Center role, in the Role field, select Customer Center. If
you customized the Customer Center role, select the name of the custom role. For more on
customizing this role, see Customizing or Creating NetSuite Roles.
8. Check the Send New Access Notification Email box to notify your customer of this new access.
As of 2018.2, the new access notification email includes the user’s email address (used for logging
in to NetSuite), the administrator’s email address, and explains login procedures. It also contains a
URL so that the customer can set up a NetSuite password. The email containing the link is sent as
secure email, and comes from NetSuite <[email protected]>.
To customize the email message, go to Setup > Company > System Email Templates. Next to
Standard Customer Center Access E-mail, click Edit.
9. To assign individual logins to the customer's contacts, on the Access tab, check the Access box
next to the contacts you want to grant access to.
Note: If this is a new customer, you might need to save the record before you can view
contacts on the Access tab.
a. Make sure that an email address is listed for each of the contacts that you want to assign
login access to.
b. Check the Manually Assign Password box and enter a password for each of the contacts.
c. Check the Notify box for the contacts that you want to notify by email.
For security reasons, the contact’s password is not included in the email message.
10. Click Save.
Set a Customer’s Password Manually

You should use the Send New Access Notification Email feature that lets customers set up a NetSuite
password for themselves. However, if you prefer to set their passwords yourself, use the following
procedure instead.
To set a customer’s password manually:
1. Go to Lists > Relationships > Customers.

2. Click Edit next to the customer that you want to assign a role to.
3. In the Email field, enter the customer's email address.
The customer uses this email address to log in to NetSuite.
5. Check the Give Access box.
6. If you run multiple websites, you can restrict a customer’s login access to a specific website (for
example, the website that the customer registered on). To assign a customer to a website, in
the Assigned Website field, select a website. For more information, see the help topic Assign
Customers to Websites.
7. To assign the standard Customer Center role, in the Role field, select Customer Center. If
you customized the Customer Center role, select the name of the custom role. For more on
customizing this role, see Customizing or Creating NetSuite Roles.
Users & Roles

8. Do not check the Send New Access Notification Email

9. Check the Manually Assign or Change Password box.
10. Enter and confirm the customer's password.
Note: When customers register on your website, the passwords they enter are saved
here.
For details about password requirements, see the help topic NetSuite Password Requirements.
11. Click Save.
12. Next, tell your customer to go to your customer center login page. To find the URL, go to Setup >
Company > Company Information in the Customer Center Login field. Your customer can log in
with the email address and the password you entered on the customer’s record. Do not send the
customer the password by email.
The customer can now use the email address and password to log in to your NetSuite account with
the Customer Center role. Customers can log in to see their own sales orders, invoices, estimates, and
payments.
Use CSV Import to Provide Access to Multiple Customers

You can use the Import Assistant to provide access to your NetSuite account to a large set of customers
at Setup > Import/Export > Import Tasks > Import CSV Records, without needing to individually update
each customer record.
You must have the Import CSV File permission to complete this task. For general instructions for using the
Import Assistant, see the help topic Importing CSV Files with the Import Assistant. For general information
about setting up CSV files for import, see the help topic Guidelines for CSV Import Files. See also Boolean
Values in CSV Files.
Important: There are two procedures in this section. The recommended procedure uses
CSV import to provide access to your NetSuite account to multiple customers without assigning
passwords. The other procedure also uses CSV import to provide access to your NetSuite account,
but requires that you assign a password for each customer.
As of 2018.2, administrators no longer need to create the initial passwords when giving access to users.
You should use the following procedure to provide access, setting the value for the Send New Access
Notification Email field to Yes. The standard access notification email includes a link that lets users create
their own passwords for accessing NetSuite.
To provide access for existing customers:
As of 2018.2, you should follow this procedure to provide access to your NetSuite account for multiple
customers.
1. Create a CSV file of customer data, with (at minimum) the following fields. You can include other
fields in the CSV file, if necessary.
■ Unique ID
You should use the Internal ID for the customer record. For information about obtaining
internal ID values, see the help topic Displaying Internal IDs. However, using the Customer ID is
supported.
■ Email address
Users & Roles

Required for NetSuite access. You can omit the value for customers whose email address is
already populated in their NetSuite records.
■ Give Access
Set the value of this field to Yes for all customers included in your CSV file to which you want to
provide access.
■ Send New Access Notification Email
Set this value to Yes. The notification email includes a link that lets customers create their own
passwords for accessing NetSuite.
■ Role
For most customers, this value should be Customer Center.
2. Go to Setup > Import/Export > Import CSV Records.
3. In the Import Assistant, do the following:
a. Select an Import Type of Relationships.
b. Select a Record Type of Customers Only.
c. Click the Select button and browse to the CSV file you created.
d. Click Next.
4. Choose a Data Handling value of Update and click Next.
5. Map all of the fields listed in step 1 and any other required fields. Click Next.
■ For information about importing customer records, see the help topic Customers Only Import.
■ For information about mapping import fields, see the help topic CSV Field Mapping Tasks.
6. Give the import map a name and click Save & Run.
To provide access and assign passwords for existing customers:
If you prefer to assign passwords to customers, as well as give them access to your NetSuite account,
follow this procedure.
1. Create a CSV file of customer data, with (at minimum) the following fields. You can include other
fields in the CSV file, if necessary.
■ Unique ID
You should use the Internal ID for the customer record. For information about obtaining
internal ID values, see the help topic Displaying Internal IDs. However, using the Customer ID is
supported.
■ Email address
Required for NetSuite access. You can omit the value for customers whose email address is
already populated in their NetSuite records.
■ Give Access
Set the value of this field to Yes for all customers included in your CSV file to which you want to
provide access.
■ Manually Assign or Change Password
Set the value of this field to Yes.
■ Password
The minimum password length for customers is eight characters.
■ Confirm Password
Users & Roles

The value must match the value set for Password.

■ Role
For most customers, this value should be Customer Center.
2. Go to Setup > Import/Export > Import CSV Records.
3. In the Import Assistant, do the following:
a. Select an Import Type of Relationships.
b. Select a Record Type of Customers Only.
c. Click the Select button and browse to the CSV file you created.
d. Click Next.
4. Choose a Data Handling value of Update and click Next.
5. Map all of the fields listed in step 1 and any other required fields. Click Next.
■ For information about importing customer records, see the help topic Customers Only Import.
■ For information about mapping import fields, see the help topic CSV Field Mapping Tasks.
6. Give the import map a name and click Save & Run.
Note: After the CSV import completes successfully, you must tell each customer the
password you assigned. Do not send passwords by email.
Set the Customer Center Sales Order Form

When a customer views a sales order in the Customer Center, the form used to display the order depends
on how the order was originally entered in NetSuite. You can determine the sales order form that is
shown to Customer Center users.
■ For a sales order created in the Customer Center or entered directly into NetSuite, the order is
displayed using the preferred sales order form defined at Customization > Forms > Transaction Forms
at the time the order was saved.
■ For a sales order created through the Web Store, the order is displayed using the form that was
defined at the time the order was saved in the Sales Order Type field at Setup > Site Builder > Set Up
Web Site on the Shopping subtab, Checkout Preferences.
Important: If this form preference is changed, sales orders saved prior to the change are
displayed using the originally saved form.
If your default external form is an invoice form instead of a cash sale, perform the following procedure to
determine which fields show on the form.
To determine which fields show on the form:

1. Go to Customization > Forms > Transaction Forms.
2. Click Customize next to Standard Sales Order — Invoice.
3. Go to the Printing Fields subtab and check (or clear) the Print/Email box for fields you want
to show (or not show.) The Printing Field subtab is displayed if you have the Basic printing type
selected. For information about printing types, see the help topic Creating Custom Entry and
Transaction Forms.
The Screen Fields subtab controls the appearance of the form when it is viewed from an internal
role, such as Administrator.
Users & Roles

4. Click Save.
Note: Be aware of the following about marking a transaction or CRM form Preferred for
Customer Center roles: External forms, meaning forms with names appended with (External),
can be marked Preferred for Customer Center roles, but not for other roles. Forms that are not
external cannot be marked as Preferred for Customer Center roles.
Changing a User’s NetSuite Password

Users can change their own NetSuite passwords, but there are occasions when an administrator must
reset a user’s password. For example, when users forget the answers to their security questions.
The procedures in this section are for Administrators.
■ For instructions written for users to change their own passwords, see the help topic Change Password
Link.
■ For more information written for Administrators about passwords, see the help topic Password Reset
Tips for Administrators. See also Password Requirements and Policies in NetSuite.
To change a user’s NetSuite password with the User Access Reset Tool:
As of 2019.2, the User Access Reset Tool is the preferred method for changing a user’s NetSuite
password. You can also perform other actions to assist users: clear security questions, unlock NetSuite
access, and reset (clear) the user’s two-factor authentication (2FA) settings.
Important: To initiate a password reset for a user who has access to multiple NetSuite
accounts, you must be an Administrator in all of those accounts.
1. In your Administrator role, go to Setup > Users/Roles > User Management > User Access Reset
Tool.
2. On the User Access Reset page, enter the email address of the user who requires your help.
3. Check the appropriate box or boxes. You can check multiple boxes if the user needs help with
more than one thing.
a. Initiate Password Reset: check this box to send an email to the user containing a link so
that the user can reset the NetSuite password.
b. Clear User’s Security Questions: check this box to clear the user’s security questions. The
user will be prompted to set up new security questions and answers after the next login to
NetSuite.
c. Unlock The User’s Access: check this box to unlock NetSuite access for a user who is locked
out of NetSuite after submitting six consecutive incorrect passwords.
d. Reset 2FA Settings: check this box to reset (or clear) the user’s settings for 2FA. The user
will be prompted to enter new 2FA settings after the next login to NetSuite with a 2FA
required role.
4. Click Save.
To manually change a user’s NetSuite password on the entity record:

■ If the user is an employee, go to Lists > Employees > Employees.
Users & Roles

■ If the user is not an employee, go to List > Relationships, and then click Customers, Partners,
or Vendors.
2. Next to the user’s name, click Edit.
4. Verify that the Give Access box is checked.
5. Click the Manually Assign or Change Password box.
6. Enter a password in the Password field. As you type, the characters are validated against password
policy criteria and the results are displayed.
7. Enter the password in the Confirm Password field.
8. Do not check the Send New Access Notification Email box.
9. To require the user to create and save a new password, check the Require Password Change on
Next Login box. For security reasons, you should select this option.
Note: The Require Password Change on Next Login option is not available on Customer
records.
10. Click Save.
Important: If a message appears saying that only the user can change this password,
click OK to close the message. Some users access multiple NetSuite accounts with the
same email address and you might not have management over all of the accounts.
11. You must tell the user the password you created. For security reasons, do not send the password
by email or in a chat application.
NetSuite permits each user a maximum of six failed login attempts. When a user exceeds this maximum
(usually because of an incorrect password), an email message is sent to notify the account administrator,
and the user is locked out of NetSuite for 30 minutes.
Viewing Your NetSuite Users List

Your Users list gives you quick access to records for the customers, vendors, partners or employees who
have access to your NetSuite account.
To view your Users list:
1. Go to Setup > Users/Roles > Manage Users.

2. Here are some procedures you can use with the Users list:
■ Click a column heading to sort the list by that column.
Users & Roles

■ Click a user's name to go to that person's record.

■ Click a user's email address to send email to that user.
■ Select a role from the Role dropdown list at the bottom of the page to list only users for the
selected role.
■ Click Print to print your list.
■ Click Export to export this list as a CSV file or Microsoft Excel file.
Note: Inactive users do not appear in the Users list, but they can appear in the different Entity
Lists if the Show Inactives box is checked. For example, you can get a list of all Employee records at
Lists > Employees > Employees and if you check the Show Inactives box, you can see the inactive
Employee records too.
Login Audit Trail Overview

The Login Audit Trail is a specialized search that helps keep track of account users, when they have
logged in, and from where. It is available at Setup > Users/Roles > View Login Audit Trail.
The Login Audit Trail captures and records the IP address at the beginning of the user’s session. It does
not capture changes in IP addresses that might occur during a session, such as when a user connects to
a Virtual Private Network (VPN) while the session is active. If the user logs out of NetSuite, then logs back
in while the VPN is still open, the IP address of the VPN will be captured for that session.
This search returns a list of login activity, that can include each session listed by date and time of initial
login, the user's name, and the IP address from which the user logged in. When you drill down on
individual login entries, you view a list of the transactions completed during the user's session. If no data
appears, then the user did not complete any transactions during the period you are viewing.
Note: The Login Audit Trail search also is available from general search task links, like Reports >
New Search, and Reports > Saved Searches > All Saved Searches > New.
Login Audit Trail Search Capabilities

The Login Audit Trail offers the same capabilities as other NetSuite searches, including:
■ Simple search mode, where you can select from a limited set of filters, including IP address, user
name, date range, and role.
■ Advanced search mode, with more options, including filtering by formulas and join fields, display of
formula and join fields as results, and sorting and grouping of results. Available join fields include Role,
Employee, and in some cases, Customer, Partner, and Vendor fields.
■ Saved searches that you can define and run repeatedly. Saved searches offer all advanced search
options, and more, including defining audiences and sending emails of search results.
When you open the Login Audit Trail Search page it displays in the mode last used, initially simple
search.
For instructions for using the Login Audit Trail, see the following:
■ Defining a Simple Login Audit Trail Search

■ Defining an Advanced Login Audit Trail Search
Users & Roles

Defining a Simple Login Audit Trail Search
Important: By default, the Administrator role has permission to create, edit and view the Login
Audit Trail Search. You can also add permission to any role that can make changes on the Manage
Roles page.
To define a simple Login Audit Trail search:
1. Go to Setup > Users/Roles > View Login Audit Trail.
2. Define filters for searching login activity:

■ User — select one or more users, holding down the CTRL key to select more than one. To
search by exclusion, change the dropdown list to none of.
■ Role — select one or more roles.
■ Date Range — select a named time period (such as last fiscal year), or enter a start date and
end date to define a custom date range.
■ Email Address — enter an email address in the field.
■ IP Address — select search logic in the dropdown list, and enter an IP address or part of an IP
address.
■ User Agent — select search logic, and enter a value like “Mozilla” to find the client browser
used to access your account.
■ Request URI — select search logic, and then enter a URI (or any part of a URI) for a NetSuite
page used for login.
The list below includes examples you might use to find the services used to access your
account:
□ /app/center/mobile/iphone.nl
□ /app/reporting/webquery.nl
□ /app/site/hosting/restlet.nl
□ /app/webservices/wslogin.nl
□ /internal/admin/acctrepl.nl
Users & Roles

■ Status — select an option: Success, Failure, or Either.
Note: If a user enters an incorrect 2FA verification code, it is counted as a login Failure.
■ Security Challenge — select an option: Success, Failure, or Either. (For details about this
column, see Login Audit Trail Security Challenge Column.
NOTES ABOUT USER AND EMAIL ADDRESS FILTERS FOR CUSTOMER CENTER ROLES:
■ Generally, a user is determined by a combination of email address and password. There is not
necessarily a one-to-one mapping between email addresses and users, because two users
might share the same email address but use different passwords.
■ If an email address is used by only one user, then a login audit trail search filtered by that email
address and a search filtered by the matching user produce the same results.
■ If an email address can be matched to more than one user, then a login audit trail search
filtered by that email address and a search filtered by one of the matching users would produce
different results sets.
3. Choose one of the following actions:
■ Click the Submit button to run the search and open a NetSuite page with a list of results.
■ Click the Reset button to clear the filters you defined.
■ Click the Export button to run the search and save results to a .csv file that you can save to disk
or open on your desktop. For more information about exporting search results, see the help
topic Exporting Search Results.
■ Click the Personalize Search button to open a saved search page with no filters defined, where
you can define a personalized search form to be your default search form for audit trail.
■ Click the Create Saved Search button to open a saved search page that includes the filters you
defined. For more information, see the help topic Saved Searches.
Defining an Advanced Login Audit Trail Search
To define an advanced Login Audit Trail search:

1. Go to Setup > Users/Roles > View Login Audit Trail.
2. Check the Use Advanced Search box.
3. Click the Criteria subtab to define filters.
■ Select a field from the Filter dropdown list, select a value in the field popup, and click Add,
repeating to define additional filter fields.
■ Available filter fields include: Date, formulas, IP Address, Role, User, Employee fields, Role fields,
and in some cases Customer, Partner, and/or Vendor fields.
■ For more information, see the help topic Advanced Search Criteria Filters.
4. Click the Results subtab to define columns to appear in search results.
■ Select a field from the Field dropdown list and click Add, repeating to define additional results
fields.
■ Available results fields include: Date, Email Address, formulas, IP Address, Request URI,
Role, Security Challenge, Status, User, User Agent, Employee fields, Role fields, token-based
Authentication fields (Detail, Token-based Access Token Name, Token-based Application Name)
and in some cases Customer, Partner, and/or Vendor fields.
■ You also can set up sorting and summarizing options for results. For more information, see the
help topic Search Results Display Options.
Users & Roles

5. After you have defined criteria and results display options for an advanced search, you can:
■ Click the Submit button to run the search and open a NetSuite page with a list of results.
■ Click the Reset button to clear the criteria and results options you defined.
■ Click the Export button to run the search and save results to a .csv file that you can save to disk
or open on your desktop. For more information about exporting search results, see the help
topic Exporting Search Results.
■ Click the Personalize Search button to open a saved search page with no criteria or results
options defined, where you can define a personalized search form to be your default search
form for the record type.
■ Click the Create Saved Search button to open a saved search page that includes the criteria
and results options you defined. For more information, see the help topic Saved Searches.
Logout Entries in the Login Audit Trail

The Logout Entries for the Login Audit Trail feature tracks successful logouts of your users. Every time
the users explicitly log out of NetSuite, the Login Audit Trail creates a new entry with one of the following
values in the Detail column:
■ ExplicitLogout – A value in the Detail column that indicates the user clicked the Log Out link in the
NetSuite UI and the active session was terminated.
■ RoleSwitchLogout – A value in the Detail column that indicates the user switched to a different role
in the account, or to a role in a different account. Switching roles terminates the session and is
considered a logout.
■ SAMLIdPInitiatedLogout – A value in the Detail column that indicates the SAML Identity Provider
initiated a logout and the NetSuite UI active session was terminated.
In some cases, a user's NetSuite session is ended even when the user has not explicitly logged out of
NetSuite. For example, this situation occurs when a user's NetSuite session times out. If the logout is not
explicit, the system does not create a logout entry in the Login Audit Trail.
Important: If you use the data from the Login Audit Trail for the purpose of counting the
number of successful logins, you should not include the successful logout entries. You can do this
by filtering out the new values for successful logouts.
For more information about the Login Audit Trail, see Login Audit Trail Overview.
Inactivating Users
If an employee is terminated, or you revoke a customer's access, you might also want to inactivate the
record. Inactive users do not appear in record lists.
Here are some cases in which you would want to inactivate a user record:
■ You do not want to delete the record because it contains information that you might need in the
future for record-keeping or auditing purposes. Also, the user could return (employee might be
rehired or a vendor might sign a new contract) and you could make the record active again.
■ You want to temporarily remove the user’s access to NetSuite and restore it later.
When you inactivate a user:
■ The user’s login credentials and role assignments are saved. If the record is later made active again,
the user can access NetSuite as they did before being inactivated.
Users & Roles

■ If the user set up schedules to run reports, the reports are not run. The schedule definition is still
available, but the task stops running because one part of the schedule was deleted.
■ If the user owns calendar events, those events remain in the calendar.
■ If the user owns saved searches, they remain in the list of saved searches.
Inactive users do not appear in entity lists unless the Show Inactives box is checked.
Any jobs, for example, reports or scripts, that were scheduled by a user who is now inactive are not run.
The jobs are still available, but the schedule is deleted.
Mass Updates process inactive records unless criteria is added to the update to exclude inactive records.
To inactivate a user:
1. Open the record list page.
■ Lists > Employees > Employees
■ Lists > Relationships > Vendors
■ Lists > Relationships > Partners
■ Lists > Relationships > Customers
2. Click Edit beside the user record you want to inactivate.
3. Click the System Information subtab.
4. Check the Inactive box.
5. Click Save.
Restricting an Individual User View

Although an administrator can restrict a users' access to data by department, class, location or for
NetSuite OneWorld, subsidiary, by customizing the roles they use to log in, there are situations when a
user might want to artificially restrict the information seen for a particular login session.
For example, a bookkeeper might want to approve purchase orders for a single location. Restricting her
view allows her to view only the purchase orders for that location. Additionally, reports and search results
only show records and transactions associated with that location.
You can restrict your view for the current login session at Home > Set Preferences. The next time you log
in, the normal restrictions set for your role are restored.
To restrict your view:

1. Go to Home > Set Preferences.
2. Click the Restrict View subtab.
Users & Roles

3. In the Subsidiary, Department, Location, or Class fields, select the classification for which you
want to restrict your view in this login session.
Important: If you restrict your subsidiary view, the departments, locations, and classes
available to you are limited to those associated with the selected subsidiary.
4. Check the Include Sub box if you want to also see records and transactions associated with child
subsidiaries, departments, locations, or classes of the selections.
5. Check the Include Unassigned box if you want to see those records and transactions that have
not been associated with a department, location, or class.
6. Click Save.
NetSuite Permissions Overview

NetSuite provides a large number of permissions that govern the data and interface that users can
access. Role permissions are used to define usage of record types, tasks, and pages. Permissions are
associated with roles, and roles are assigned to users, who can be employees, vendors, partners, or
customers.
Standard roles for specific business functions include predefined sets of permissions. You can create
custom roles to vary from these standard sets. For information about setting up roles, see NetSuite Roles
Overview. For information about assigning roles to users, see NetSuite Users Overview.
You can use the following sources to understand permissions:
■ Each role definition page lists permissions already assigned to that role, and other permissions that
can be assigned. Permissions are divided into different types: Transactions, Reports, Lists, Setup, and
Custom Records. To see this page, go to Setup > Users/Roles > Manage Roles, and click Customize
for a role. For more information, see Reviewing Permissions Assigned to Roles. For many permissions,
different access levels are available. For information, see Access Levels for Permissions.
■ NetSuite provides a page where you can compare the permissions assigned to two or more roles and
identify differences. To access this page, go to Setup > Users/Roles > Show Role Differences.
■ The Help Center provides a link to a spreadsheet listing how permissions are used, meaning the
record types, pages, and/or tasks to which permissions provide access. To access this spreadsheet,
click here: NetSuitePermissionsUsage.xls For more information, see Permissions Documentation.
Be aware of the following:
■ If the Advanced Employee Permissions feature is enabled in your account, you can customize or create
roles to use the Employee Self, Employee Public, Employee Confidential, Employee Compensation,
Employee System Access, Employee Record Full, and Employee Administration permissions. For more
information, see the help topic Advanced Employee Permissions Overview.
■ If the Global Permissions feature is enabled in your account, you can assign permissions directly
to employees. Employees retain these global permissions with all of their roles. If there is a conflict
between role-based permissions and global permissions, global permissions take precedence. Please
note that usage of the Global Permissions feature is not recommended. For more information, see
Using the Global Permissions Feature.
■ A special permission is required to see unmasked credit card numbers, the View Unencrypted Credit
Card Numbers permission. To make this permission available to be assigned to roles in your account,
you need to complete a signed agreement. For information, see the help topic Payment Card Number
Security and Compliance.
■ A special permission is available that masks employee information on financial reports. For more
information, see Hiding Employee Information on Financial Reports.
Users & Roles

NetSuite Permissions Overview 90
■ When you newly enable a feature in your account, you must consider permissions associated with the
added feature. Customized roles that you have already assigned to users may need to be updated
to reflect the proper permissions associated with the added feature. See Customizing or Creating
NetSuite Roles.
Permissions and Restrictions

■ A permission grants access to a specific record type. Some permissions grant access to tasks rather
than record types, but for the purposes of understanding the difference between permissions and
restrictions, only record type access is relevant.
■ A restriction defines, after you have the necessary permissions, which instances of that record type can
be accessed.
Note that users with create or full permissions to a restricted record type are able to create and submit
new instances of that record type. However, these users are not able to view these newly created
restricted records. In other words, users cannot view records to which they are restricted, regardless of
their permissions and levels.
Permissions and Restrictions Example

As the manager of a team of employees your role might be granted the View access level for the
Employees permission. This level would enable you to view, but not edit, all employee records.
In addition, a restriction might be applied to your role so you can only access employee records of
members of your team.
Permissions are generally assigned to roles, and apply to users to which roles are assigned. If the global
permissions feature is enabled, permissions can also be assigned to employees, independently of roles.
For details about NetSuite permissions, see NetSuite Permissions Overview.
Restrictions are defined on roles, and apply to users to which roles are assigned. The following types of
restrictions are available:
■ Employee Restrictions: You can restrict a role's access to transaction, customer, and employee
records, based on values in the employee, sales rep, and supervisor fields on these records. These
restrictions may also limit the values that users logged in with this role can assign to these fields on
records. These restrictions do not affect access to contact records. You can choose an option to allow
viewing of records that are not available for editing due to these restrictions.
■ Department Restrictions: You can restrict this role's access to transaction, employee, partner, and
optionally item records, based on values in the department field on these records. These restrictions
may also limit the values that users logged in with this role can assign to the department field on
records. You can choose an option to allow viewing of records that are not available for editing due to
these restrictions.
■ Class Restrictions: You can restrict this role's access to transaction, employee, partner, and optionally
item records, based on values in the class field on these records. These restrictions may also limit the
values that users logged in with this role can assign to the class field on records. You can choose an
option to allow viewing of records that are not available for editing due to these restrictions.
■ Location Restrictions: You can restrict this role's access to transaction, employee, partner, and
optionally item records, based on values in the location field on these records. These restrictions may
also limit the values that users logged in with this role can assign to the location field on records.
You can choose an option to allow viewing of records that are not available for editing due to these
restrictions.
Users & Roles

■ (OneWorld only) Subsidiary Restrictions: You can limit the subsidiary values that users with
this role can select for customer and vendor records, and to limit the transaction, customer, and
vendor records that users with this role can edit, based on these records' selected subsidiaries.
You can choose an option to allow viewing of records that are not available for editing due to these
restrictions.
For instructions for setting restrictions on a role, see Customizing or Creating NetSuite Roles.
You can audit assigned permissions through searches of role and employee records. You can audit
assigned restrictions through searches of role records.
Reviewing Permissions Assigned to Roles

You can review lists of permissions on any role definition page, including the permissions assigned to
each role, and other available permissions. To review these lists:

2. On the Manage Roles page, click Customize for a role.
The Permissions subtab on each role definition page has four subtabs that list different types of
permissions already assigned to the role: Transactions, Reports, Lists, and Setup.
3. Scroll through the Permissions dropdown list on each of these subtabs to see other available
permissions. Notice that each permission has a level of access selected.
For information about assigning permissions to roles, see Customizing or Creating NetSuite Roles.
Important: When you newly enable a feature in your account, you must consider permissions
associated with the added feature. Customized roles that you have already assigned to users may
need to be updated to reflect the proper permissions associated with the added feature. See the
help topic Enabling Features.
Access Levels for Permissions

The following are general definitions of possible access levels for permissions.
■ VIEW - User has access to view existing files only. The user cannot create new, edit existing, or delete
existing files.
■ CREATE - User can create new and view existing files. The user cannot edit or delete existing files.
■ EDIT - User has access to create new, view existing, and edit existing files. The user cannot delete
existing files.
■ FULL - User has access to create new files and view, edit, and delete existing files.
Note that for some permissions, only the minimum view level is required for usage, and other levels do
not provide any additional capabilities. In the model defined by the above access level definitions, each
successive level (view, create, edit, full) of a permission provides increased usage of the related record
type, task, or page, but the usage of some permissions does not fit exactly into this model. Generally, any
user with at least VIEW access to a record type has the ability to print records of that type.
Permissions Documentation
The following link provides access to a Microsoft Excel worksheet listing the usage of most NetSuite
permissions. You can use this list to understand the implications of assigning a specific permission, or to
find the permission required to provide access to a specific task or page. The spreadsheet format lets you
search and sort fields in the manner most useful for you. Autofilters are provided for each column.
Users & Roles

To access the worksheet, click this link: NetSuitePermissionsUsage.xls.
Note: Most browsers will download this file in “Protected View” mode to your Downloads
folder. If the Autofilters are not working, click the Enable Editing button on the yellow bar in the
worksheet header.
The NetSuitePermissionsUsage.xls file includes the following columns:
■ SUBTAB - Subtab of the Roles page Permissions subtab where each permission is listed: Lists, Reports,
Setup, and Transactions (sorted alphabetically)
■ PERMISSION NAME - Name of each permission (sorted alphabetically)
■ USAGE DESCRIPTION - Description of how each permission is used, meaning the record types, tasks,
and/or pages that each permission makes accessible (sorted alphabetically)
■ MINIMUM SELECTABLE LEVEL - The minimum selectable level (view, create, edit, or full) for each
permission.
■ MINIMUM SYSTEM LEVEL - Contains the minimum valid level of permissions in the system. This level
takes precedence in case it differs from the level in the Minimum Selectable Level column. This column
is blank from most rows.
Note: This worksheet does not detail how different access levels affect each permission usage;
it simply lists the minimum level required. Some permissions fit an access model where each
successive level (view, create, edit, full) provides increased usage of the related record type, task,
or page, as described in Access Levels for Permissions. Note that some permissions do not fit
exactly into this model. For some permissions, only the minimum view level is required for usage,
and other levels do not provide any additional capabilities. Generally, any user with at least VIEW
access to a transaction type on the Transactions subtab, or to a record type on the Lists subtab,
has the ability to print records of that type.
The worksheet lists some permissions multiple times because they provide access to multiple record
types, tasks, and/or pages. Note that usages of some permissions may have dependencies on other
permissions, and this spreadsheet does not include these dependencies.
Important: The contents of NetSuitePermissionsUsage.xls are subject to change. Data is

current as of the date listed in the worksheet footer. This worksheet provides information on how
each permission works individually. However, since most roles include many different permissions,
it is important to assess permission changes in the context of each role and to test permission
changes to roles prior to deploying to users in your account.
For a list of permission IDs to use with SuiteScript, see the help topic Permission Names and IDs.
Two-Factor Authentication (2FA) is Required for Specific

Permissions
Standard and customized roles with specific permissions assigned require 2FA. For more information, see
Permissions Requiring Two-Factor Authentication (2FA).
Core Administration Permissions

SuiteCloud: Core Administration Permissions
Core Administration Permissions is a feature that can be enabled for a role and gives the role access
to a functionality that is currently only accessible to the standard Administrator role. You can use Core
Users & Roles

Administration Permissions to customize a role so that it behaves almost like the Administrator role, while
also restricting access to other areas of NetSuite using role permissions and restrictions. For example,
with Core Administration Permissions you can create a role specifically for an IT administrator who is
responsible for the general administration of the system, but who should not have access to sensitive
employee information.
By default, Core Administration Permissions is not assigned to any roles. Before you can assign the
Core Administration Permissions to a role, you need to enable the Core Administration Permissions
feature on the Enable Features page. For more information, see Customizing or Creating a Role with Core
Administration Permissions.
Important: Use caution when assigning a role with Core Administration Permissions to a user,
because the role will become similar to the standard Administrator role in terms of exclusive
administrator privileges.
Differences Between Core Administration Permissions and

Administrator Role
Although Core Administration Permissions is designed to behave like the standard Administrator role, the
following table outlines some of the differences between these two roles.

Core Administration Permissions Administrator Role
Searches ■ Can only view saved searches through the user ■ Can view, edit, make inactive, and
interface delete ALL saved searches, including:
■ Can only view private and saved searches by □ Shared searches, with or without
entering an URL the Allow Audience to Edit option
enabled, whether or not they
include the administrator as the
audience
□ Public searches, with or without
the Allow Audience to Edit option
enabled
□ Private searches owned by users
other than the administrator
Account ■ Cannot edit employees that are assigned the ■ Can edit employees that are assigned
administration Administrator role the Administrator or role
■ Cannot assign the Administrator role ■ Can assign the Administrator role
■ Role with Core Administration Permissions ■ Administrator role can only be edited
assigned can be edited by users with non- by a user with an Administrator role
administrator roles

Contact Records ■ When the Advanced Employee Permissions
feature is not enabled, any role using Core
Administration Permissions must include the
Lists > Employees permission when the Show
Employees as Contacts box on the General
Preferences page is checked
■ When the Advanced Employee Permissions
feature is enabled, Show Employees as
Contacts is not supported
■ For details, see Advanced Employee Permissions
and Contact Records.
Users & Roles

Customizing or Creating a Role with Core Administration

Permissions
Consider the following when you are customizing or creating a role with Core Administration permissions:
■ Use caution when assigning Core Administration Permissions to a role, because the role will become
similar to the standard Administrator role in terms of exclusive administrative privileges.
■ When you assign Core Administration Permissions to a role, you should consider making two-
factor authentication required for the role. For more information, see the help topic Two-Factor
Authentication (2FA).
To enable Core Administration Permissions:

1. Log in using the Administrator role.
2. Go to Setup > Company > Setup Tasks > Enable Features.
3. On the Company subtab, under Access, check the Core Administration Permissions box.
You can assign Core Administration Permissions to any role, and then configure the role to restrict access
to areas of NetSuite.
Note: To assign Core Administration Permissions to a role, you must be logged in using the
Administrator role or a role with Core Administration Permissions and Manage Roles permissions
assigned.
To assign Core Administration Permissions to a role, you must be logged in using the Administrator role
or a role with Core Administration Permissions and Manage Roles permissions assigned.
To assign Core Administration Permissions to a role:

2. On the Manage Roles list page, next to the role that you want to add Core Administration
Permissions to, click Customize.
3. On the Role record, check the Core Administration Permissions box.
4. To make two-factor authentication required for the role, in the Two-Factor Authentication
Required dropdown list, select 2FA authentication required.
5. Click Save.
Important: If you are logged in with a role where mandatory two-factor authentication
(2FA) is required and you select Not required in the Two-Factor Authentication Required
dropdown list, the mandatory 2FA policy supersedes the role setting. This means that two-
factor authentication is required for the role even though it says two-factor authentication is not
required on the Role record. For more information, see the help topics Mandatory Two-Factor
Authentication (2FA) for NetSuite Access and Two-Factor Authentication (2FA).
Feature Permissions Documentation

The following topics contain information about permissions required to access specific NetSuite
features. The following listings do not represent an exhaustive set of permissions help topics. Additional
permissions documentation is available throughout Help Center, including details about the permissions
required for access to different records or features. For general permissions documentation, see NetSuite
Permissions Overview.
Users & Roles

Accounting (ERP) and Banking

■ Roles and Permissions for Balancing Segments
■ Permissions for Banking Features
■ Setting Fixed Assets Management Permission Levels
■ Roles and Permissions for NFP Financials
■ Roles and Permissions for Period End Journal Entries
■ Assigning Revenue Commitment Permissions
■ Revenue Management Roles and Permissions
■ Required Permissions for Subsidiary Hierarchy Modification
■ Subsidiary Settings Manager Permissions
■ Tax Permissions
■ Intercompany Framework Permissions
■ Intercompany Netting Permissions
Administrator Features
■ Add SAML Single Sign-on Permissions to Roles
■ Required Permissions for CSV Imports
■ Permissions Requiring Two-Factor Authentication (2FA)
Advanced Employee Permissions

■ Before Enabling the Advanced Employee Permissions Feature
■ Advanced Employee Permissions Overview
■ Setting Employee Access for Advanced Employee Permissions
■ Custom Advanced Employee Permissions
■ Custom Restrictions for Advanced Employee Permissions
Country Specific Features

Roles and Permissions for Using Japanese Invoicing
SCM (Supply Chain Management)
Vendors, Purchasing, and Receiving

■ Configuring Vendor Bill Approvals in the Employee Center
■ Configuring Permissions for Vendor Prepayments
SuiteCloud Platform
SuiteBuilder
■ Configuring Permissions by Editing the Role
Users & Roles

■ Granting a Role Permission to Manage Custom Segments

■ Granting Roles Permission to Use Segments in Searches and Reports
■ Required Permissions for Editing Custom Segments
■ Permissions for Custom Transaction Instances
■ Permissions for Managing Custom Segments and Values
SuiteCloud Development Framework

■ Assigning the Developer Role (Admin Only)
■ Roles and Permissions as an XML Definition
■ Setting Roles and Permissions for SuiteScript
SOAP Web Services

■ Assigning the SOAP Web Services Permission to a Role
■ Project Task Permissions
■ Role and Permission Considerations When Developing in SOAP Web Services
■ Roles and Permissions in SOAP Web Services
SuiteFlow
Required Permissions for SuiteFlow
SuiteScript
■ Permission Names and IDs
■ SuiteScript Debugger Metering and Permissions
NetSuite for Mobile

Mobile Device Access Permission
NetSuite for Outlook

Required Permissions for NetSuite for Outlook
Order Management
■ Dunning Permissions and Access
■ Electronic Invoicing Permissions and Access Levels
■ Granting the Override Estimated Costs on Transactions Permission
■ Roles and Permissions for Contract Renewals
■ Roles and Permissions for Grid Order Management
■ Setting Up Payments Tab Permissions
■ Setting Up Electronic Bank Payments
■ SuiteBilling Roles and Permissions
Users & Roles

■ Recurring Billing — this is a PDF. For permissions information in this document, see Roles and
Permissions for Recurring Billing.
Sales, Marketing, and General

■ Roles and Permissions
SuiteAnalytics
■ Access to Reports
■ Permissions for Searches
■ Providing Users with SuiteAnalytics Connect Permissions
■ Publish Dashboards Permission
■ Report Customization Permission
■ Verifying the SuiteAnalytics Connect Permission
SuiteCommerce
■ Set Execute as Role Permissions for .ss and .ssp Files
■ Audience Permissions for Hosted Sites
■ Customer Center Custom Permissions
■ Feature Access Permissions
■ My Account Menu Permissions
■ SCIS Roles and Permissions
■ SuiteCommerce InStore Permissions
SuitePeople
■ SuitePeople Permission Requirements
SuiteSocial
Step 2: Grant Permissions (part of Using the SuiteSocial Admin Setup Assistant)
Using the Global Permissions Feature

The Global Permissions feature allows administrators to assign permissions that apply across all of
assigned roles of employees. With global permissions, administrators can make changes to each
employee's permissions directly on the employee record. Please note that usage of the Global
Permissions feature is not recommended.
Note: Not all permissions that are supported for assignment to roles are available for
assignment as global permissions.
To enable the Global Permissions feature:

1. Go to Setup > Company > Setup Tasks > Enable Features, and on the Employees tab, check the
Global Permissions box.
Users & Roles

When this feature is enabled, each employee record includes the Global Permissions subtab on the
Access tab.
To assign global permissions to an employee:

1. After the Global Permissions feature has been enabled, open an employee record.
2. Click the Access tab, and the Global Permissions subtab.
3. Select a permission from the Permission dropdown list, select an access level for that permission
(View, Create, Edit, Full, None) from the Level dropdown list, and click Add.
4. Repeat step 3 until you have added all desired permissions.
5. Click Save.
You still need to assign one or more role to each employee on the Access subtab's Roles subtab. When
an employee logs in, the applicable permission set is a combination of the employee's global permissions
and the currently used role's permissions. Where conflicts between an employee's role-based permissions
and global permissions occur, global permissions take precedence, even if global permissions are at a
lower level.
The global permissions are not taken into account for the Administrator role. It is not possible to
downgrade access for the Administrator by using the global permissions.
Giving Access to the Transactions Subtab on Entity Records

If a user cannot see the Transactions subtab on customer or vendor records, an administrator can make
this subtab visible by adding the Financial History permission to a role assigned to the user.
The Financial History permission gives a role access to the Transactions subtab. Additionally, the role must
be given access to the specific types of transactions shown on the Transactions subtab.
For examples of where to find the Transactions subtab, see Transactions Subtab on Entity Records.
To create a custom role with access to the Transactions subtab:

2. Click Customize next to the name of the role you want to customize.
3. In the Name field, enter the name for this new role.
This name is selected in employee records on the Access tab.
4. On the Permissions tab, click the Lists subtab.
5. In the Role column, select Financial History.
6. In the Level column, select View (or higher).
7. Click Add.
8. Click the Transactions subtab.
9. Select the name of the type of transaction you would like this role to view.
10. In the Level field, select View.
This level of access allows employees to view the transaction but not edit it.
11. Click Add.
12. Repeat these steps for each type of transaction you want this role to view.
13. Click Save.
Users & Roles

Now, users assigned this customized role can view the Transactions subtab on entity records and click
the links to view those transactions.
To assign employees this custom role:

1. Go to Lists > Employees > Employees.
2. Click Edit beside the employee you want to assign the role.
4. Select the new role in the Role field, and click Add/Edit.
5. Click Save.
When the employee logs in again, they will see the Transactions subtab on entity records.
Transactions Subtab on Entity Records

On Customer records, the Transactions subtab is located on the Sales subtab.
On Vendor records, the Transactions subtab is located on the Financial subtab.
Giving Access to Financial Statements

You can assign one permission, Financial Statements, to grant the ability to run all financial statement
reports. The Financial Statements permission is a Reports type permission with only a View level possible.
Users also must have the Report Customization permission to be able to customize financial statements
in the Financial Report Builder and to rename, delete, or reassign financial statement layouts. The View
level of this permission is sufficient.
For information about assigning permissions, see NetSuite Permissions Overview.
For information about financial statement reports, see the help topic Financial Statements Overview.
Hiding Employee Information on Financial Reports

If a user requires access to financial reports, but should not be able to view personal employee
information on these reports, an administrator can mask this information by adding the Hide Employee
Information on Financial Reports permission to a role assigned to the user. This permission prevents a
role from seeing employee information, such as the employee name on the following financial reports:
■ Financial Statements Overview

■ Expense Account Register
■ Other Current Liability Account Register
■ Income Statement Detail Report
■ Balance Sheet Report
■ General Ledger Report
■ Trial Balance Report
■ Viewing the Chart of Accounts
■ Transaction Detail Report
■ Account Detail Report
Users & Roles

Important: The Payroll feature must be enabled on your account to use the Hide Employee
Information on Financial Reports permission.
To hide employee information on financial reports:

1. Go to Setup > Users/Roles > Manage Roles and select a role from the list.
2. On the Permissions tab, click the Reports subtab.
3. In the Permission column, select Hide Employee Information on Financial Reports, and click
Add.
4. Click Save.
Now users with roles that have this permission will not be able to see personal employee information on
financial reports.
Setting Permissions for Custom Records

Each custom record includes a Permissions subtab where you can restrict access by role to your custom
records and the forms used to enter the records. Setting permissions within custom records themselves
is the most flexible way to provide access to custom records.
1. Go to Customization > Lists, Records, & Fields > Record Types, and select a record type from the
list.
2. On the Permissions subtab, choose a role and set the access level.
3. Repeat to provide access to additional roles, then Save.
You also can add the Custom Record Entries permission to a role, to provide users with that role access to
all custom records.
1. Go to Setup > Users/Roles > Manage Roles, and select a role from the list.
2. Click the Lists subtab, select Custom Record Entries from the dropdown list, set the access level,
and click Save.
you make either of these changes, users may need to log out and log back in for the changes to take
effect.
For more information about custom record permissions, see the help topic Setting Permissions for a
Custom Record Type.
Permissions for Inbound Single Sign-on Methods

The correct permission to assign to a role for single sign-on (SSO) inbound access to NetSuite depends on
the SSO feature enabled in your account.
OpenID Connect (OIDC) Single Sign-on Permission

OpenID Connect (OIDC) Single Sign-on is an inbound single sign-on (SSO) method to access NetSuite.
OIDC is an identity layer on top of the OAuth 2.0 protocol. OIDC uses JavaScript Object Notation (JSON) as
the data format, and uses JSON Web Tokens (JWT) to transfer claims between parties.
If the OIDC configuration is shared between different NetSuite accounts, users can switch between
OpenID Connect (OIDC) Single Sign-on roles without requiring a separate login. User credentials and
policies are managed by the OIDC provider (OP). NetSuite is the client, or relying party (RP).
Users & Roles

When this feature is enabled, you can provide OIDC SSO access to your account users by assigning the
OIDC Single Sign-on permission to their roles.
See the help topics Customize Roles for OpenID Connect and OpenID Connect Permissions for more
information about the OpenID Connect (OIDC) Single Sign-on permission and granting OIDC access to
center roles.
For more information about the OIDC feature in NetSuite, see the help topic OpenID Connect (OIDC)
Single Sign-on.
SAML Single Sign-on Permission

The SAML Single Sign-on feature supports inbound single sign-on access to NetSuite using authentication
from a third-party identity provider. This feature allows users who have logged in to an external
application to go directly to NetSuite. Users do not need to log in separately to NetSuite, because
authentication from the same identity provider is used for login to both the external application and
NetSuite.
When this feature is enabled, you can provide SAML Single Sign-on access to your account users by
assigning the SAML Single Sign-on permission to their roles.
See the help topic Add SAML Single Sign-on Permissions to Roles for more information about the SAML
Single Sign-on permission, granting SAML access to center roles, and limitations and restrictions that
apply to SAML permissions.
For more information about the SAML feature in NetSuite, see the help topic SAML Single Sign-on.
OpenID Single Sign-on Permission

Warning: This OpenID SSO feature is targeted for deprecation. The deprecation schedule is as
follows:
■ As of the 2020.1 upgrade, customers will no longer be permitted to use this OpenID SSO
feature to create new solutions.
■ Targeted to occur before the 2020.2 release, customers should migrate their existing solutions
to a different single sign-on solution:
□ Use the OpenID Connect (OIDC) Single Sign-on feature released with 2019.2. See the help
topic OpenID Connect (OIDC) Single Sign-on.
□ Another alternative is to use the SAML Single Sign-on feature for access to NetSuite. See the
help topic SAML Single Sign-on.
As of 2020.2, any solutions still using the OpenID SSO feature will not work.
The OpenID Single Sign-on feature supports inbound single sign-on to NetSuite from Google Apps,
using Google Account authentication. This feature allows users who have logged in to Google Apps to go
directly to NetSuite. Users do not need to log in separately to NetSuite, because their Google identity is
used to access their NetSuite data.
When this feature is enabled, you can provide Google OpenID access to your account users by assigning
the OpenID Single Sign-on permission to their roles. To access NetSuite from Google Apps, a user must
have at least one role with this permission.
For more information, see the help topic OpenID Single Sign-on.
Users & Roles

Managing Users & Roles: September 9, 2020 2020.2

Uploaded by

Copyright:

Available Formats

Managing Users & Roles: September 9, 2020 2020.2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Managing Users & Roles: September 9, 2020 2020.2

Uploaded by

Copyright:

Available Formats

Managing Users & Roles

September 9, 2020 2020.2

If this document is in public or private pre-General Availability status:

If this document is in private pre-General Availability status:

No Excessive Use of the Service

Send Us Your Feedback

To report software issues, contact NetSuite Customer Support.

NetSuite Users & Roles

NetSuite Access Overview

Users & Roles

NetSuite Account Access

Internal Controls for NetSuite Access

Users & Roles

NetSuite Roles Overview

Users & Roles

□ Changing Custom Roles

Manage Roles Page

Figure 1. Manage Roles Page

Show Permission Differences Between Roles Page

Users & Roles

Figure 2. Role Permission Difference Results

The NetSuite Account Administrator

■ Oversees the initial implementation of the NetSuite application

Key administrator tasks may include:

■ Daily account maintenance and management

Users & Roles

■ Point of contact for end users and NetSuite Support

The NetSuite account administrator uses the The Administrator Role.

The Administrator Role

■ Full visibility into all areas of the NetSuite account

Users & Roles

Separate Administration Permissions

Full Access Role

Users & Roles

Permissions Requiring Two-Factor Authentication (2FA)

Administrative permissions that require 2FA include:

■ Access Token Management (for Token-based Authentication)

■ Set Up OpenID Connect (OIDC) Single Sign-on

■ Administrators: Review Roles NetSuite Designates as Mandatory 2FA

Customizing or Creating NetSuite Roles

Users & Roles

■ Customizing and Creating Roles

Customizing and Creating Roles

Users & Roles

To begin customizing or creating a role:

Entering Basic Role Information

To make a copy of an existing standard or a custom role:

Assigning Core Administration Permissions

Administrator – No HR/Employee Access SuiteApp

Users & Roles

■ Bundle name: Administrator – No HR/Employee Access

Restricting Role Access to Subsidiaries (OneWorld Only)

When you restrict role access to subsidiaries, consider the following:

■ By default, the subsidiary restrictions is set to User Subsidiary.

Setting Employee Restrictions

Users & Roles

Users & Roles

Setting Department, Class, and Location Restrictions

Important: In NetSuite OneWorld, subsidiary restrictions automatically apply to departments.