NetSuite Tip: Testing Permission Role Configurations

This tip is relevant if you are a NetSuite administrator and you are working to setup special privileges to users under user security roles.


During some UserEvent SuiteScript work, I was developing a special security role to avoid using the “Run as Administrator” deployment switch.  After setting up the role and re-running my script, NetSuite continued to give me an error message.  It’s is well understood that NetSuite’s fine grained security switches can be challenging to setup.  So naturally, as I got this error, I kept speculating with trial and error techniques to determine what security permission needed to be granted.

Log Out and Log In

After enough tries without success, I decided to let it rest — I return the next day prepared to tackle the problem.  To my surprise, the script no longer complained and it appeared that I had indeed granted the right security permission.

At that point, I realized that NetSuite must be holding a security definition in memory.  When you log out, you clear that definition.  When you log back in, you pull back in the definition from disk.  Consequently, I now know that anytime I am working with the Role Security Permissions switches, it is best to log out and then log back in to verify work.



Be Sociable, Share!

Marty Zigman

Holding all three official certifications, Marty is Southern California's NetSuite expert and leads a team of senior professionals at Prolecto Resources, Inc. He is a former Deloitte & Touche CPA and has held CTO roles. For over 25 years, Marty has produced leadership in ERP, CRM and eCommerce business systems. Contact Marty to set up a conversation.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

| Tags: , , , | Category: Infrastructure, NetSuite, Technical | 2 Comments


  1. Posted April 24, 2018 at 5:48 pm | Permalink

    There are several outside (partner) firms that have admin access to our NetSuite. It makes me a bit leery that so many folks outside our organization have access to everything about us.

    Is it possible to create a sub-admin role that limits access to anything specifically HR-related? TIA.

  2. Posted April 29, 2018 at 9:08 am | Permalink

    These are good questions. In general, when you limit the access of an expert to assist, they will have greater cost to make assessments and act. The security system can be costly to tweak due to the trial and error nature to get it right. I don’t have a good general guideline except to at least keep outsiders outside of the Production system and only provide access to Sandbox.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>