Employee Role Restrictions Configuration in NetSuite

TL;DR

Configuring employee role restrictions in NetSuite allows administrators to control user access to transaction, customer, and employee records based on their role and hierarchy. This feature is crucial for maintaining data security and compliance in organizational operations.

How Can You Set Employee Restrictions?

The Employee Restrictions field enables granular control over user access to vital records. It allows role administrators to impose restrictions based on values from the employee, sales rep, and supervisor fields associated with these records. The restrictions vary as follows:

• none - no default: No restrictions apply, and record access is unrestricted without a default selection.
• none - default to own: Users can access any records, but the default selection is set to their own records.
• own, subordinate, and unassigned: Users can only access records related to themselves and their subordinates. Unassigned records can be left empty.
• own and subordinates only: Allows access strictly to the user’s records and their subordinates', filtering out unassigned records entirely.

Important Note: If a role has both ‘own and subordinates only’ restriction and permissions for processing payroll, the payroll permissions will override the restrictions, allowing access to all employees in the payroll batch.

Access to Custom Records

These restrictions also apply to custom records if the Apply Role Restrictions box is checked for relevant fields. This flexibility allows custom records to adhere to the same restrictions imposed on standard records.

Viewing Options

Check the Allow Viewing box to permit users limited access to view but not edit records of employees outside their restriction scope. However, users cannot view payroll or commission data or non-subordinate records when the setting is own and subordinates only.

Selecting Employees

To empower users with broader selection authority, check the Do Not Restrict Employee Fields box. For instance, a sales manager can select any sales rep, irrespective of which team they belong to.

Time and Expense Restrictions

Checking the Restrict Time and Expenses box ensures employees can only manage their time and expenses, limiting interaction to their subordinates. Reports and searches will reflect access that acknowledges this restriction, ensuring sensitive data is kept secure.

Clearing the Restrict Time and Expenses box facilitates broader entry and editing rights, permitting the role to manage time and expense reports for all employees.

Sales and Support Role Filters

Check the Sales Role box for restrictions based on the Sales Rep field if applicable. In contexts where support is provided, the Support Role box should be checked to reflect case assignments accurately based on employee restrictions.

Recommended Practices

Establish clear guidelines for managing user roles with restrictions. Consider potential overlaps with other permissions, especially concerning payroll functions, to maintain operational efficiency and security.

Who This Affects

• Administrators: Responsible for setting up and managing user roles.
• Developers: May need to implement or modify the role restrictions in NetSuite.
• HR Managers: Require oversight on employee data security and access.

Key Takeaways

• Set employee restrictions to control access to records based on roles, enhancing data security.
• Utilize custom records and field-specific restrictions for tailored applications.
• Always check permissions for payroll and sales roles to avoid unintended access issues.