Restricting Access to Custom Fields

You can control who can access the information in custom fields, enabling you to maintain the security of your business information. The access you define determines how the field can be accessed both on the record as well as through search results and reports.

Note:

When the Advanced Employee Permissions feature is enabled, use the Employee Access subtab to assign custom fields to custom advanced employee permissions. For more information, see Restricting Access to Employee Custom Fields.

Watch the following help video for information about access control for custom field values:

Access to a field can be based on role, department, or subsidiary. The following custom access levels can be assigned to each department and subsidiary.

For cases when various access levels are defined for a user's role, department, or subsidiary, the highest level of access is granted. For example, an employee is assigned to a department that has Edit access to a custom field, and the employee's role has been granted View access. The employee has the higher level of access – in the preceding example, Edit access.

In addition to search and reporting, the access level granted to a custom field includes instances where it's referenced by online forms, mail merge operations, and when it's sourced by other custom fields, or referred to by formula fields.

Note:

If you remove the administrator role's access to a custom field, the field won't be accessible to scripts that are run by an administrator. To access the field through scripting, you must edit and restore administrator access to the field.

You can set the level of access you want to grant by default to custom fields. The default access level applies to the roles, departments, and subsidiaries, that you don't define on the Role, Department, and Subsidiary subtabs.

To set default access, edit the custom field record, and click the Access subtab. In the Default Access Level, set the level of access you want to give by default. In the Default Level for Search/Reporting field, select the level of access you want to give through search and reporting.

The access you define on the Role, Department, and Subsidiary subtabs overrides the default access levels.

To set role, department, or subsidiary access restrictions:

  1. Edit the custom field record.

  2. Click the Access subtab.

  3. In the Default Access Level field, set the access level you want to grant to roles, departments, and subsidiaries that you don't specifically define in the following steps.

  4. In the Default Level for Search/Reporting field, set the level of access you want to grant through search and reports to roles, departments, and subsidiaries that you don't specifically define in the following steps.

  5. Click the Role, Department, or Subsidiary subtab.

  6. In the first column, select the role, department, or subsidiary you want to define access for.

  7. In the Access Level column, select the level of access you want to grant.

  8. In the Level for Search/Reporting column, select the level of access you want to give the role, department, or subsidiary for search and reporting.

  9. Click Add.

  10. Repeat these steps for each role, department, or subsidiary.

  11. Click Save.

Important:

The preceding procedure describes how to limit access to a custom field. When available, you also can check the Apply Role Restrictions box to limit access to an entire custom record, according to a custom field's values. Applying role restrictions extends access restrictions based on class, department, location, or subsidiary, that are set on role definition pages. For example, if you've set location-based restrictions on roles, and you want to apply these same restrictions to Subscription custom records, you can check Use Role Restrictions for the Subscription record type's custom field that stores location values. For more information, See Applying Role-Based Restrictions to Custom Records.

Watch the following help video for information about access control setup for custom field values:

Access Level History

For auditing purposes, you can view any changes that have been made to custom field access levels.

To view custom field access changes, open the custom field record. Click the Access subtab, and then click the History subtab.

You can view the date and time a change was made, the user who made the change, and the changes that were made.

Bundling Fields With Access Restrictions

Note:

SuiteBundler is still supported, but it won't be updated with any new features.

To take advantage of new features for packaging and distributing customizations, you can use the Copy to Account and SuiteCloud Development (SDF) features instead of SuiteBundler.

Copy to Account is an administrator tool that lets you copy custom objects between your accounts. The tool can copy one custom object at a time, including dependencies and data. For more information, see Copy to Account.

SuiteCloud Development Framework is a development framework that lets you create SuiteApps from an integrated development environment (IDE) on your local computer. For more information, see SuiteCloud Development Framework.

If you include a custom field in a bundle that has access restrictions, custom roles that have access are n't automatically included in the bundle. If, however, you include those custom roles in the same bundle, the access restrictions are preserved.

The access level assigned to standard roles is preserved when you bundle a custom field that has access restrictions.

Custom field restrictions based on subsidiary or departments aren't carried over into the target account because departments and subsidiaries can't be included in a bundle.

Related Topics

General Notices