1. SuiteCloud Platform
  2. Customization
  3. Custom Records
  4. Creating Custom Record Types
  5. Specifying Permission and UI Settings
  6. Setting Permissions for a Custom Record Type

Setting Permissions for a Custom Record Type

To manage access to custom record type data, you can:

Define the Permission Model

You can use the Access Type list on a custom record type page to define a permissions model for a custom record type. This model can be based on any of the following:

  • Custom record entries permissions defined on role records

  • Permissions defined on the Permissions subtab of a custom record type

  • No permissions required for internal roles

    • Permission level defined for external users, such as customers, vendors, and partners.

    • Permission level defined for unauthenticated users (meaning users (for example, anonymous shoppers – online form users) who did not log in to NetSuite).

Note:

The No Permission Required access type has changed to No Permission Required for Internal Roles. For more information, see Changes to "No Permission Required" Access on Custom Record Types.

The Access Type list includes the following options:

  • Require Custom Record Entries Permission

    • This option is the default.

    • Custom record types created prior to 2012.1 that did not have the Use Permissions box checked have this option set.

    • This option indicates that only users logging in with a role with permission granted to the custom record type can access it. This permission can be set on the Lists subtab of the Permissions subtab on each Role page. See Customizing or Creating NetSuite Roles.

      Note that this limitation does not apply to the owner of the custom record type. The owner always has full permission to access the custom record type in any role.

  • Use Permission List

    • Custom record types created prior to 2012.1 that had the Use Permissions box checked have this option set.

    • This option indicates the users logging in with a role with permissions defined on the Permissions subtab of the custom record type can access it. This permission can also be set on the Custom Records subtab of the Permissions subtab on each Role page.

      Note that this limitation does not apply to the owner of the custom record type. The owner always has full permission to access the custom record type in any role.

    • For details about creating a permission list, see Setting Up a Permissions List for a Custom Record Type.

  • No Permission Required for Internal Roles

    • Use this option for non-sensitive custom record types when you want to give all employees create, read, update, and delete access. This option denies external users or unauthenticated users from accessing the custom record type.

    • New roles have immediate access to relevant custom record types without having to explicitly grant access.

    • You can add custom access controls using SuiteFlow or SuiteScript.

    • For more information, see Changes to "No Permission Required" Access on Custom Record Types

  • External Roles Access

    • This option is available only if you selected No Permission Required for Internal Users as the access type. It permits public access to users such as customers, vendors, and partners.

    • None – User doesn’t have access any instance of the custom record type. The user cannot create new, view existing, edit existing, or delete existing instances.

    • View – User has access to view existing instances of the custom record only. The user cannot create new, edit existing, or delete existing instances.

    • Create – User can create new and view existing instances of the custom record type. The user cannot edit or delete existing instances.

    • Edit – User has access to create new, view existing, and edit existing instances of the custom record type. The user cannot delete existing instances.

    • Full – User has access to create new files, and view, edit, and delete existing instances of the custom record type.

  • Unauthenticated Users Access

    • This option is available only if you selected No Permission Required for Internal Users as the access type. It permits public access to users (such as shoppers – online form users) who have not logged in to NetSuite.

    • View – User has access to view existing instances of the custom record only. The user cannot create new, edit existing, or delete existing instances.

    • Create – User can create new and view existing instances of the custom record type. The user cannot edit or delete existing instances.

    • Edit – User has access to create new, view existing, and edit existing instances of the custom record type. The user cannot delete existing instances.

    • Full – User has access to create new files, and view, edit, and delete existing instances of the custom record type.

Changes to "No Permission Required" Access on Custom Record Types

To provide more control over who may access your custom record entries, NetSuite has introduced a more precise setup to users with the required permissions. The access type option of No Permission Required has changed to No Permission Required for Internal Roles. When this option is selected, two additional more granular dropdown list fields will appear from which you can select additional access levels to permit with no permission required:

  • External Roles Access

  • Unauthenticated Users Access

To review and update the access type of your custom records:

If you choose to use No Permission Required for Internal Roles, External Roles Access, or Unauthenticated Users Access, we strongly recommend you provide additional restrictions through the use of scripts or workflows or both to tightly control access to your record instances consistent with your business needs.

Important:

When NetSuite automatically adjusts your No Permission Required custom records to use the best possible setup, some users may have insufficient access to these custom record types and their entries.

  1. Go to Customization > Lists, Records, & Fields > Record Types.

  2. For each unlocked Record Type (no lock icon), review the Access Type setting and consider changing it to either Require Custom Record Entries Permission or Use Permission List.

    • If you select Require Custom Record Entries Permission, on each Role page, go to the Lists subtab of the Permissions subtab and set the appropriate access level.

    • If you select Use Permission List, go to the Permissions subtab and define which roles should have permission to access this custom record type.

    • If you agree with and want to keep the updated settings, no additional changes are needed

Prevent Access through the User Interface

You can clear the Allow UI Access box for a custom record type, to indicate that it can only be accessed programmatically. For example, this could be done through SuiteScript or SOAP web services. By default, the Allow UI Access box is checked.

When this box is cleared:

  • You cannot access the custom record type from the NetSuite user interface.

  • If you attempt to list, search, view, edit, or create a record of this type in the user interface, the following error message appears: Access to that record type from the user interface is not allowed.

  • The following custom record options are locked as disabled: Allow Mobile Access, Allow Quick Search, Allow Quick Add, and Include in Search Menu.

Important:

You need to take additional steps to control access to custom record data through searches. See Limiting Search Access to Custom Records.

Related Topics

General Notices