Advanced Employee Permissions and SuiteFlow
In NetSuite, account administrators have access to all the information on all record types, including the employee record. This can create issues in the following situations:
-
When a user is assigned a role that has permission to create workflows.
-
When a user sets a workflow to run as administrator.
A user could write or deploy a workflow that gains access to employee information that they would normally not have access to. This could potentially be used to compromise employee information.
When Advanced Employee Permissions is enabled, carefully track which roles have permission to create or alter workflows. In addition, track which workflows execute as administrator, and what they do to make sure employee information is not unintentionally leaked.
It is not possible to know what fields or sublists are present on any employee record when Advanced Employee Permissions is enabled. This means that workflows cannot safely perform operations, such as setting a default value on a field. To avoid this, utilize an After Submit workflow as administrator, which gives access to the complete set of fields and sublists on the employee record.
If you have any workflows that add buttons to the employee record, make sure that they appear only when appropriate. Configure scripts so that the action being added respects the restrictions on the employee record.
For more information about workflows, see Working with Workflows.
Related Topics
- Advanced Employee Permissions and Employee Searches
- Advanced Employee Permissions and Saved Searches
- Advanced Employee Permissions and Employee List View Results
- Advanced Employee Permissions and NetSuite Reports
- Advanced Employee Permissions and Employee Templates
- Advanced Employee Permissions and Contact Records
- Advanced Employee Permissions and Subrecords
- Advanced Employee Permissions and SuiteScript
- Advanced Employee Permissions and SuiteAnalytics Connect
- Advanced Employee Permissions and CSV Import
- Advanced Employee Permissions and SOAP Web Services
- Advanced Employee Permissions and Customizations
- Before Enabling the Advanced Employee Permissions Feature