Execute as Role Permissions for SuiteScript Files

Starting in NetSuite, administrators and users with SuiteScript privileges can set Execute as Role permissions for .ss and .ssp files associated with an SSP application. This functionality allows scripts to run with the permissions of a specified role, regardless of the user's actual role, creating a robust control mechanism for script execution.

What Are Execute as Role Permissions?

Execute as Role permissions enable the assignment of a specific role to .ssp and .ss files. This means that when a script is triggered (regardless of the triggering user's role), it executes with the permissions defined for the selected role. This is particularly useful in scenarios where tighter control over script access is necessary.

Types of Permissions

There are two primary types of permissions available:

• Execute as Role Permissions: Specify which role the script executes under, impacting the permissions available during its run.
• User-specific or Generic Access: You can select specific users or roles allowed to trigger a script, or generically allow all users from a certain department.

Benefits of Enhanced Permissions

Enhanced permissions facilitate custom website experiences. For example, you could personalize a user interface for customers, triggering scripts based on their interactions with your website.

How to Set Permissions on .ssp or .ss Files

To configure permissions on an .ssp or .ss file, follow these steps:

1. Navigate to the folder in your SSP application (e.g., Web Site Hosting Files > Live Hosting Files > SSP Applications > My SSP Application > My Script Files).
   • Note: Permissions can only be applied to SuiteScript and SSP files within an SSP application folder.
2. Click Edit next to the desired .ssp or .ss file.
3. Go to the Permissions subtab.
4. Check the Enable checkbox.
5. From the Execute as Role list, select the appropriate role for execution. The script will utilize this role's permissions during its execution.
   • Note: The Administrator role cannot be used.
6. Choose who can trigger the script:
   1. To allow all visitors to execute the script, check Run Script Without Login or Roles Select All. Clear these if you want to specify particular access criteria.
   2. For specific audience permissions, select appropriate entities from the multi-select boxes:
      • Roles
      • Departments
      • Subsidiaries
      • Groups
      • Employees
      • Partners
7. Click Save.

Best Practices for Configuring Permissions

When setting permissions, consider creating a custom role specifically for the Execute as Role list. This role should have only the necessary privileges for the script to achieve its intended functionality—no more, no less. This tailored approach is especially effective for custom website features.

Related Topics

• Creating a SuiteScript 2.0 SSP Application Record
• Uploading SSP Application Files to the File Cabinet
• Selecting Default SSP Files
• Making SSP Applications Available on System Domain
• Deploying and Undeploying SSP Applications
• Sample SSP Application Code (SuiteScript 2.0)
• Debugging a SuiteScript 2.0 SSP Application
• Using SSP Applications

Key Takeaways

• Execute as Role permissions allow scripts to run with the selected role's permissions.
• Custom roles can enhance security and functionality of scripts.
• Enhanced permissions support user-specific access and create tailored experiences.

Source: This article is based on Oracle's official NetSuite documentation.