Forbidden Access Control in NetSuite My Account Menu
Understand how access restrictions in the My Account application ensure user roles dictate feature visibility and prevent unauthorized access.
The My Account application in NetSuite dynamically generates menus based on user permissions. Access to features is governed primarily by the roles assigned to each user, meaning that links to certain functionalities, such as Order History, will only appear if the user has the requisite permissions. This setup enhances security by preventing users from accessing restricted areas.
How Are Menus Generated?
Menues are generated differently for the header and account overview sections:
Header Menu
The header menu is constructed using the header_menu_myaccount.tpl template, which is responsible for rendering the menu based on user permissions. The HTML structure incorporates data-permissions attributes that specify which user permissions must be matched for the menu items to be visible.
Example of Header Menu HTML:
<a class="header-menu-myaccount-anchor-level3" href="#" data-touchpoint="customercenter" data-hashtag="#returns" data-permissions="transactions.tranFind.1,transactions.tranRtnAuth.1" name="returns"> {{translate 'Returns'}}</a>In this snippet, the link to returns will only display if the logged-in user possesses the appropriate permissions.
Account Overview Menu
In contrast, the Account Overview menu is generated automatically upon loading the My Account application. The relevant modules return MenuItems objects that define each menu's entries.
Example of MenuItems Definition in JavaScript:
1MenuItems: {2 parent: 'orders',3 id: 'quotes',4 name: _('Quotes').translate(),5 url: 'quotes',6 index: 5,7 permission: 'transactions.tranFind.1,transactions.tranEstimate.1'8}Here, the 'Quotes' entries are only shown if the user has the necessary transaction permissions.
Managing Forbidden Access
Despite these permissions, users may attempt to access restricted pages directly. The application uses the ErrorManagement.ForbiddenError.View module to display an error message for unauthorized access. By default, this message reads:
"Sorry! You have no permission to view this page. Please contact the website administrator, click here to continue."
This error template can be customized to better fit the branding and communication needs of your web store.
Customization Considerations
When setting up permissions in the My Account application, ensure that:
- The customer center role has the right permissions assigned to its users.
- Test combinations of permissions to confirm they function as intended across different modules and features.
Who This Affects
- Administrators: Responsible for managing user permissions.
- Developers: Involved in customizing menu displays and error messages.
- Accountants: May need to access specific financial information linked to their roles.
Key Takeaways
- Menu visibility in My Account is controlled by user permissions.
- Different templates manage headers and account overview menus.
- Unauthorized access results in a default error message that can be customized.
Source: This article is based on Oracle's official NetSuite documentation.
Frequently Asked Questions (4)
How are user permissions applied to the My Account menu in NetSuite?
What happens if a user tries to directly access a restricted page in the My Account application?
Can the error message shown for unauthorized access be customized?
Do I need to set permissions manually for both the header and account overview menus in My Account?
Was this article helpful?
More in Commerce
- Available Items Only Feature in NetSuite 2026.1
Available items only filtering boosts sales efficiency in NetSuite 2026.1 with Intelligent Item Recommendations.
- Commerce Extensions in NetSuite 2026.1
Commerce Extensions in NetSuite 2026.1 enhance performance and user experience in eCommerce.
- Convert Multiple Transaction Line Items into Configured Items in
Enhance transaction processing in NetSuite by converting multiple line items into configured items with improved session handling.
- New SuiteCommerce Features in NetSuite 2026.1
New SuiteCommerce features in NetSuite 2026.1 enhance user experience and improve eCommerce efficiency.
