NetSuite Access Overview

Access to NetSuite data and to the NetSuite user interface is based on users, roles, and permissions:

• Users

• Roles

• NetSuite Account Access

• Internal Controls for NetSuite Access

Users

A user is an individual who has access to a NetSuite account.

• Generally, most users are employees, but vendors, partners, and customers also can be users.

• Users need to be set up in NetSuite by creating employee, vendor, partner, or customer records. To access NetSuite, users' records must include an email address, which acts as their user ID. Users also need a password to access NetSuite. Users with the Administrator role can send an access notification email with a link so users can create their own passwords.

For information about creating and setting up different user types, see Manage Different Types of Users.

Roles

A role is a defined access configuration that can be assigned to users.

• Each role comes with permissions that decide what data users can see and what tasks they can do. For example, the A/P Clerk role lets users enter bills and vendor credits, pay bills and sales tax, and view A/P and inventory reports.

• Each role is linked to a center, which is a set of tabbed pages in the NetSuite interface. Each center is set up to the business needs of users in a specific area, such as accounting or sales. A role's center decides which pages users see when they log into NetSuite.

• One user can have multiple roles. The user can select a default role for logging in. Users can switch between roles and accounts using the Change Roles list in NetSuite. For more information, see Roles and Accounts.

NetSuite Account Access

Whoever signs up for a NetSuite account is automatically assigned the Administrator role. The user with the Administrator role has full privileges to all aspects of the system and usually sets up account access by assigning roles to users.

• The first step for setting up account access is to create roles. See NetSuite Roles Overview to understand the different types of roles, as well as how to create and manage them.

• After you set up roles, you can give users access and assign roles. See NetSuite Users Overview for information about how to manage different types of users and monitor users' login activity using the Login Audit Trail.

• NetSuite has a complex permission structure with permissions divided into different types and different access levels. See NetSuite Permissions Overview to understand the different types of permissions and how to enable the Global Permissions feature. Please note that you should avoid using the Global Permissions feature. For more information, see Using the Global Permissions Feature.

• You can enable the NetSuite’s Advanced Employee Permissions feature which will give you more flexibility and control over the employee information that users with certain roles can access in NetSuite. When this feature is enabled, users with the Administrator role can customize or create roles to use the Employee Self, Employee Public, Employee Confidential, Employee Compensation, Employee System Access, Employee Record Full, and Employee Administration permissions. For more information, see Advanced Employee Permissions Overview. Users with the Administrator role can also create custom employee permissions and custom restrictions when this feature is enabled. For more information, see Custom Advanced Employee Permissions and Custom Restrictions for Advanced Employee Permissions.

• In addition to permissions, NetSuite has role restrictions that control which record instances of a record type can a role access. See Permissions and Restrictions.

Internal Controls for NetSuite Access

To have effective internal controls, you'll need a combination of both automated and manual controls that both prevent and detect misstatements or misappropriation of assets. Companies have several responsibilities for setting up good general controls for NetSuite.

• Make sure logical access and application security are in place. Users should have only the information that they need to do their jobs.

• Segregate duties and transaction processing.

• Make sure your organization has user administration controls in place, including:

  • The process for requesting and approving access. If possible, different people should handle the request, approval, and granting of access to make sure the process is followed correctly.

  • Review access regularly to check for changes in responsibilities, make sure former employees' access is revoked, and confirm that only the right people have sensitive or critical permissions.

  • Make sure you end access quickly when needed.

• Keep a record of which roles go with each job function and job title.

• Audit the permissions in each role regularly to make sure they're still appropriate.

• The Administrator role is powerful, so access to this role should be extremely limited. Ideally, your organization should have one administrator and one back-up administrator.

General Notices