This article is relevant if you use NetSuite Sandbox accounts and you are concerned about generating emails to the user community.
Background
When working with NetSuite sandbox, a highly used feature is to have an email that would normally be sent to an intended recipient be redirected to the user (sender) who initiated the email. This feature allows administrators and developers to be comfortable that their exploration and NetSuite enhancement efforts will not generate unintended communications.
However, there are cases where the Sandbox may send emails to end-users that may not be expected.
NetSuite Sandbox Email Settings
When you generate a Sandbox, you have the option to control how email is sent from the system. These settings are governed in the Setup –> Company –> Email Preferences page.
Because our firm has multiple consultants doing work in our client systems, we generally go with the default setting “Send Email to Logged In User”. This helps our professionals design email communications in a safe manner. Click the image for an example.
Considerations for NetSuite Sandbox Sending Access Emails
In a not-so-pleasant way, we recently learned that NetSuite will indeed send an email to the intended recipient and not redirect the email to the Logged in User in certain situations. While developing an enhanced Vendor Portal for a client, we configured the system to have NetSuite send a crafted welcome email to allow the Vendor to log in. The general approach is to set up the Access settings on the Vendor record by providing an email address, role, and activating the “Send New Access Notification Email” checkbox.
NetSuite will send the Access Notification Email to the vendor even though the record was created in the sandbox. Consequently, through normal development work, we mistakenly ended up sending emails to our client’s vendors. This was not good and we took responsibility for the situation by helping clean up miscommunications.
We noted that these system-generated emails were not in NetSuite’s “Sent Email List” so it made it difficult to diagnose what happened.
NetSuite Support on Sandbox System Generated Emails
We wanted to understand further how this part of the Sandbox works so we could avoid making future mistakes. NetSuite acknowledged that the system does indeed send emails to end-users despite the email preference setting.
We had some dialog with Support and we asked for some clarifications. Here is an excerpt of their response:
“Emails will only be sent out to the currently “Logged In” user, if it is a general email like transaction emails and it has never changed. However, if the email is related to the sensitive information of other users that can log in to anything related to NetSuite, like Employee Center, Vendor Center, webstore, then the emails will be sent to them instead.
That is why I mentioned the notification email will be sent to a user who “can” log in because that notification email is related to the test vendor who is given access to Vendor Center. I should have also emphasized that the email was sent because it is related to sensitive information, and in this case, it is asking for the test vendor to set their password.
Other sensitive email messages include one time passwords, web store registration etc.. If the email recipient address is specified, then an actual email will be sent out to the address.”
Sandbox Email Summary
In my mind, NetSuite’s Support response is difficult to understand.
In an earlier part of the discussion, they suggested that the system will not send any email if you use the “Do Not Send Emails” setting. However, in our tests, this is NOT true. The system will still send an email no matter what the email preference setting when you set up the vendor to have login access. I suspect this will happen if you set up customers, partners, and other employees.
I suspect, but can not confirm, that NetSuite has user access and authentication infrastructure that is independent of the account that is used to set up the account. This independent infrastructure is used to authenticate the user and then provide a list of all the accounts and respective roles the user can gain access to.
Bottom line, be very careful working with NetSuite’s Access tab for producing communications while in the sandbox.
If you found this article relevant, feel free to sign up for notifications to new articles as I post them. If you would like to work with NetSuite experts that are committed to holding high standards for integrity, let’s have a conversation.
Here’s a clue to update the article:
The same happens if you give access to an employee in sandbox. UNLESS the user that does that does not have Users & Passwords permission. In such a case the notification is sent to the user as per expected sandbox functionality.
Thank you Michael for offering more thinking. If I understand you correctly, if the employee has Users & Passwords permission, they will get the email. Otherwise, the email is redirected as expected.
Marty
Thanks for the heads up
Would have been a nice courtesy for Netsuite to have mentioned this as a user prompt when setting up the vendor access or on the email preferences page as a warning (e.g. on the field level help).
It’s pretty obscure and I would never have made the assumption that is what would happen since for me, Sandbox is supposed to be a safe environment for testing where you can’t break anything