Set Execute as Role Permissions for SuiteScript Files

Execute as Role permissions are a crucial feature for administrators and users with SuiteScript privileges in configuring a secure environment for .ssp and .ss files within an SSP application. By setting these permissions, you can designate how scripts are executed by different roles, which dramatically influences how they perform in various circumstances.

What Are Execute as Role Permissions?

Execute as Role permissions allow scripts to run with privileges defined by a specified role, regardless of the actual user triggering the script. This capability not only enhances security but also allows for tailored access control, essential when creating user-specific features on websites hosted through NetSuite.

Types of Permissions

1. Execute as Role: Associates a script with a specific role. For instance, if you specify a role with certain permissions, the script will operate under those limitations.
2. User-Specific Permissions: You can further refine who can trigger the script by either allowing all users or selecting specific individuals or roles, departments, subsidiaries, groups, employees, or partners.

Enhanced Permissions for Customization

With enhanced permissions enabled, a script can be triggered by actions of specific users, making it particularly useful for designing a personalized interface for customers on a website. For example, you can configure scripts that activate when a customer navigates to certain pages.

Steps to Set Permissions

To apply Execute as Role permissions on an .ssp or .ss file, follow these steps:

1. Navigate to a folder within your SSP application:

   • Example Path: Web Site Hosting Files > Live Hosting Files > SSP Applications > My SSP Application > My Script Files.

   Note: Permissions can only be applied to SuiteScript and SSP files within the specified folder.

2. Click Edit next to the file you want to modify.

3. Select the Permissions subtab.

4. Check the Enable box.

5. In the Execute as Role dropdown, choose the appropriate role. The script executed will have the permissions associated with this role.

   Note: The Administrator role cannot be selected for this.

6. Choose the audience permitted to execute the script:

   1. (Optional) For allowing all visitors, check the Run Script Without Login or Roles Select All boxes. If you prefer more specific control, leave these unchecked.
   2. (Optional) To target specific groups, select options from these categories:
      • Roles
      • Departments
      • Subsidiaries
      • Groups
      • Employees
      • Partners

7. Click Save to apply these changes.

Best Practices

When configuring permissions, consider creating a custom role specifically for the script's needs. This role should have only the permissions necessary for the operation intended, reducing the risk of unauthorized access while allowing the script to function correctly.

Who This Affects

This feature is particularly relevant for:

• Administrators: Oversee permissions settings for security and compliance.
• Developers: Implement custom scripts that enhance website user experience.
• Business Analysts: Evaluate and audit script performance across various user roles and scenarios.

Key Takeaways

• Execute as Role permissions allow for controlled script execution based on specified roles.
• Administrators can refine access through custom roles to ensure appropriate permissions.
• Enhanced permissions provide flexibility for personalized customer web experiences.

Source: This article is based on Oracle's official NetSuite documentation.