Custom Segment Object Permissions
You can provide roles with access to a custom segment in SuiteCloud Development Framework (SDF) using the permissions
structure in the segment object. In this structure, you can create as many custom permissions as needed by specifying a permission
structure for every permission.
Consider the following information for SDF SuiteApps and SuiteApp projects:
-
For role permissions that exist in the target account but not in the permission field group of the
customsegment
SDF custom objects in the SDF SuiteApp (or SuiteApp project), the permissions in the target account will not be changed or removed. -
For role permissions that exist in both the permission field group of the
customsegment
SDF custom objects in the SDF SuiteApp or SuiteApp project and the target account, the permissions in the target account will be changed to the XML values for the permissions in the SDF SuiteApp or SuiteApp project.
Consider the following information for account customization projects:
-
For role permissions that exist in the target account but not in the permission field group of the
customsegment
SDF custom objects in the account customization project, the permissions in the target account will not be changed or removed. -
For role permissions that exist in both the permission field group of the
customsegment
SDF custom objects in the account customization project and the target account, the permissions in the target account will be changed to the XML values for the permissions from the account customization project.
In the following example, the HUMAN_RESOURCES_GENERALIST
role is given View access to the Record Access Level and Search/Reporting Access Level, and Full access to the Management Access Level.
<customsegment scriptid="cseg_region">
...
<permissions>
<permission>
<recordaccesslevel>VIEW</recordaccesslevel>
<role>HUMAN_RESOURCES_GENERALIST</role>
<searchaccesslevel>VIEW</searchaccesslevel>
<valuemgmtaccesslevel>FULL</valuemgmtaccesslevel>
</permission>
</permissions>
...
</customsegment>
For more information about how user permissions affect custom segments, see User Permissions for a Custom Segment.
If a SuiteCloud project contains an SDF custom object and a custom role that reference each other, the levels of permission and restriction must match in both objects. For example, if a custom record type permits the custom role with the VIEW permission level, that custom role must set the custom record type permission level to VIEW. Projects that contain a level mismatch cannot be deployed to a target NetSuite account. For more information, see Custom Roles as XML Definitions.