Web Services Only Role Configuration...

TL;DR Opening

Designating a role as a Web Services Only role in NetSuite restricts user interface (UI) access while allowing programmatic access via web services. This enhances security for integrations by preventing users from interacting with the UI using privileges meant for web services development.

What is a Web Services Only Role?

A Web Services Only Role is a specific type of role in NetSuite designed for users who need to interact with the platform through web services instead of the UI. When this setting is enabled, users cannot access the UI, which mitigates risks associated with unauthorized data manipulation.

Benefits of Using a Web Services Only Role

Using the Web Services Only role provides several security advantages:

Eliminates UI Access: Users assigned this role cannot access the NetSuite UI, reducing the risk of data leaks or unauthorized modifications.
Secure Integrations: Ensures that integrations via web services can operate securely without exposing the UI paths.
Role Control: Allows you to grant web service permissions while restricting UI functionality, which is essential for sensitive operations.

How to Designate a Role as Web Services Only

To set a role as a Web Services Only role, follow these steps:

Navigate to Setup > Users/Roles > Manage Roles.
Locate the role you wish to modify from the Manage Roles list page.
Click Edit or Customize next to the role.
Check the Web Services Only Role box.
Click Save.

Note: Ensure your account has the SOAP web services feature enabled to access this setting.

Important Considerations

Assigning a role as Web Services Only doesn't restrict other non-UI access methods, so be mindful of combined permissions.
This role does not appear in the Change Role list, meaning users assigned to it cannot switch to it through the UI. This ensures the intended access restrictions are maintained.
Use caution when designating roles as Web Services Only. It is advisable to implement such a setting only after thorough testing to ensure it meets your integration requirements.

Key Takeaways

The Web Services Only role restricts UI access, enhancing data security for API integrations.
This role supports secure data access through SOAP web services without granting unnecessary UI permissions.
Users cannot switch roles within the UI once assigned to a Web Services Only role, maintaining the integrity of the security model.

Source: This article is based on Oracle's official NetSuite documentation.

Frequently Asked Questions (4)

What permissions are required to set up a Web Services Only role in NetSuite?

To set up a Web Services Only role, you need permission to navigate to and manage roles under Setup > Users/Roles > Manage Roles. Additionally, the SOAP web services feature must be enabled in your NetSuite account.

How can I verify if a role has been successfully designated as Web Services Only?

You can verify by locating the role in the Manage Roles list, clicking Edit or Customize, and ensuring the Web Services Only Role box is checked. Once saved, this setting ensures the role does not appear in the Change Role list.

Does assigning a Web Services Only role restrict all forms of access except web services?

Assigning a role as Web Services Only restricts UI access but does not limit other non-UI access methods, so you should review any combined permissions that might be assigned to this role.

Will designating a role as Web Services Only affect existing integrations in NetSuite?

Designating a role as Web Services Only should not affect existing integrations if they solely rely on web services. However, thorough testing is advised to ensure that integrations work as expected without UI access.

Web Services Only Role Configuration in NetSuite