NetSuite Access Overview
Access to NetSuite data and to the NetSuite user interface is based on users, roles, and permissions:
Users
A user is an individual who has access to a NetSuite account.
-
Generally, most users are employees, but vendors, partners, and customers also can be users.
-
Users need to be set up in the NetSuite system through the creation of employee, vendor, partner, or customer records. For users to have access to NetSuite, their records must include an email address, which serves as their user ID. Users must also have a password to access NetSuite. Users with the Administrator role can send an access notification email that includes a link that lets users create their own passwords.
For information about creating and setting up different user types, see Manage Different Types of Users.
Roles
A role is a defined access configuration that can be assigned to users.
-
Each role includes a set of associated permissions that determine the data users can see and the tasks they can perform. For example, the A/P Clerk role lets users enter bills and vendor credits, pay bills and sales tax, and view A/P and inventory reports.
-
Each role is tied to a center, meaning a set of tabbed pages that display as the NetSuite user interface. Each center is tailored to the business needs of users in a specific functional area, such as accounting or sales. A role's center determines the pages that users see when they log into NetSuite.
-
A user may be assigned multiple roles. The user may select a default role in an account used for login. Users can switch among roles and accounts by using the Change Roles list available from the NetSuite user interface. For more information, see Roles and Accounts.
NetSuite Account Access
The person who signs up for a NetSuite account is automatically assigned the Administrator role. The user with the Administrator role has full privileges to all aspects of the system and usually is the person who sets up account access by assigning roles to users.
-
The first step for setting up account access is to set up roles. See NetSuite Roles Overview to understand the different types of roles, as well as how to create and manage them.
-
After roles have been set up, users can be given access and assigned roles. See NetSuite Users Overview for information about how to manage different types of users and monitor users' login activity using the Login Audit Trail.
-
NetSuite has a complex permission structure, with permissions divided into different types and different access levels. See NetSuite Permissions Overview to understand the different types of permissions and how to enable the Global Permissions feature. Please note that usage of the Global Permissions feature is not preferred.
-
NetSuiteās Advanced Employee Permissions feature can be enabled to give you more flexibility and control over the employee information that users with certain roles can access in NetSuite. When this feature is enabled, users with the Administrator role can customize or create roles to use the Employee Self, Employee Public, Employee Confidential, Employee Compensation, Employee System Access, Employee Record Full, and Employee Administration permissions. For more information, see Advanced Employee Permissions Overview. Users with the Administrator role can also create custom employee permissions and custom restrictions when this feature is enabled. For more information, see Custom Advanced Employee Permissions and Custom Restrictions for Advanced Employee Permissions.
-
In addition to permissions, NetSuite has role restrictions that define the record instances of a record type that can be accessed by a role. See Permissions and Restrictions.
Users need the SuiteAnalytics Connect permission for access to the NetSuite SuiteAnalytics Connect schema. See Connect Permissions.
Internal Controls for NetSuite Access
To achieve effective internal controls, you will need a combination of both automated and manual controls that both prevent and detect misstatements or misappropriation of assets. Companies have several responsibilities for establishing good general controls for NetSuite applications.
-
Ensure logical access and application security. Users should have only the information that they need to do their jobs.
-
Segregate duties and transaction processing.
-
Ensure that your organization has user administration controls in place, including:
-
Process for requesting and approving access. If possible, the request, approval, and granting of access should be segregated among different individuals to ensure appropriate application of the process.
-
Access should be reviewed periodically for changes in responsibilities, assurance that terminated employees have had their access revoked, list of users with sensitive/critical access is confirmed that the appropriate individuals have access to these permissions.
-
Process access termination in a timely manner.
-
-
Maintain a mapping of role assignment to job function, and map role assignment to job title.
-
Periodically audit the permissions that make up each role to ensure they are appropriate.
-
The Administrator role is powerful, and access to this role should be extremely limited. Ideally your organization could have one administrator and one back-up administrator.