NetSuite Roles and Permissions

In the realm of cloud-based ERP solutions, NetSuite stands as a beacon of efficiency and flexibility, especially for charities and social enterprises.

The key to harnessing its full potential lies in mastering NetSuite's roles and permissions.

This guide delves into how these roles and permissions can be optimised to support the unique needs of non-profit organisations.

Understanding NetSuite's Role-Based System

NetSuite operates on a role-based access control system, which is crucial for defining user access and capabilities.

With over 600 distinct permissions governing a variety of tasks, the configuration possibilities are extensive.

However, the challenge lies in managing these roles and permissions effectively to ensure operational efficiency, security, and compliance.

The Pillars of NetSuite Roles and Permissions

1) General Configuration:

    In NetSuite, each role should have a unique name that clearly defines its purpose, streamlining role management and user understanding.

    Consistency in the user interface, such as using a standard 'Center Type' like the 'Classic Center', simplifies navigation and training, making the system more accessible to all users.

    2) Subsidiary Configuration:

      Effective management of subsidiary restrictions is crucial, especially when charities rapidly grow.

      Regular updates to these settings ensure that users access only the data relevant to their specific subsidiary, maintaining data integrity and security.

      3) Permissions:

        Permissions in NetSuite are divided into categories like Transactions, Reports, Lists, Setup, and Custom Records, each with levels from 'View' to 'Full'.

        The 'Full' level, which includes record deletion capabilities, should be assigned judiciously to minimise risks and maintain system security.

        4) Restrictions and Forms:

          Tailoring restrictions and forms to specific roles enhances system efficiency.

          By limiting user access to relevant data based on department or subsidiary and customising forms to show only necessary information, organisations can streamline operations and reduce the potential for errors.

          Talk to us if you want to find out more about how Cloud Doing Good configures roles and permissions.

          Types of Roles in NetSuite

          There are two types of roles in NetSuite:

          Standard Roles

          Standard roles come with predefined permissions offered by NetSuite. For the most part, these roles are linked to standard employee positions like Accountant, A/P Clerk, Sales Rep, etc. These roles are available to Vendors, Partners, and Customers, depending on if they have access to NetSuite.

          Custom Roles

          Custom roles give you the ability to create and modify roles with any permissions you choose. In practice, it is normally easier to start with a standard role and then customize it to better meet your needs.

          Tailoring NetSuite for Non-Profit Organisations

          NetSuite's adaptability and comprehensive feature set make it an exceptionally suitable choice for non-profits, offering several key advantages:

          1. Grant Management and Charity Finance Reporting:

          • Configurable tools for effective grant tracking, ensuring compliance and accountability.
          • Advanced finance reporting capabilities to accurately showcase financial performance and health, are crucial for transparency and donor trust.

          2. Cloud-Based Accessibility:

          • Offers essential remote access, allowing team members to work from anywhere, a necessity in a post COVID world where employees aren’t always in the office.
          • Scalable solutions that grow with the organisation, accommodating expansion into new locations or program areas without the need for additional infrastructure.

          3. Integration Capabilities:

            • Seamless integration with a range of tools and systems, from accounting software to fundraising platforms, streamlining operations and ensuring cohesive data management.
            • Simplifies data sharing and reporting, reducing administrative overhead and improving decision-making processes.

            4. Customisation Options:

            • Flexibility to tailor the software to meet specific organisational needs, whether it's customising dashboards, reports, or workflows.
            • Adaptable to various non-profit models, from small local charities to large, international NGOs, ensuring that each organisation's unique requirements are met.

            5. Robust Donor Management with CRM Functionalities:

            • Comprehensive tools for managing donor information, and keeping track of donor interactions, preferences, and history.
            • Effective management of donations, including tracking, reporting, and acknowledging contributions.
            • Development of targeted donor engagement strategies, leveraging data to build stronger relationships and foster long-term support.

            Best Practices for Managing NetSuite Roles and Permissions

            Applying the principle of least privilege is crucial in granting users only the permissions necessary for their job functions. Regular monitoring and auditing of transactional changes are essential, especially for organisations concerned with SOX compliance.

            Role cleanup and optimisation involve identifying and removing unassigned or unused roles to simplify access management.

            Continuous review and adjustment of roles and permissions are necessary to align with changing organisational needs and compliance requirements.

            Providing adequate training and support to users is crucial for effective system utilisation, especially in non-profits with varying levels of tech-savviness among staff.

            Four FAQs About User Permissions


            What permissions does the Admin role have?

            Administrators have all permissions and the ability to grant access to anyone and the ability to delete your entire account. So you should be very careful about who you give Admin access to. One key thing that needs to be remembered is that almost all the capabilities included in the Administrator role are available as separate permissions. The best way to think about a permission is as a shortcut that enables Administrators to give a role a group of capabilities in one step.

            What is a task?

            Many permissions are described in relation to a task. This relationship is one of the main sources of confusion around permissions. So what is a task?

            A task is basically a path to doing something in NetSuite. It is always represented by one or more interface elements. These elements may be something in the navigation or in a record or transaction interface.

            For example, the Sales Order Approval permission turns on and off the Sales Order Approval task. Without this permission, a user cannot approve a sales order.

            How do permissions affect navigation?

            The “View” permission level controls the navigation and, in some cases, the ability to add a reminder to a dashboard. The other levels control the ability to create, change or delete data in records, transactions or settings, which in turn may change the functionality of an interface by adding a button or enabling an approval status.

            This is true not just of data and transactions, but also of all of the configuration permissions noted above. Additionally, it doesn’t really matter whether the capability is called a task or a record — the functional relationship to the permission is the same.

            What are the different categories for NetSuite roles and permissions?

            • Transactions: These permissions control access to NetSuite transaction records and the ability to approve them. It’s important to assign limited permissions based on specific roles to ensure proper segregation of duties. Consider whether certain roles require permissions for configuring SuiteFlow workflows related to transactions.
            • Reports: These permissions determine access to broader financial reporting within NetSuite. Roles involved in financial reporting typically have most of these permissions assigned to them.
            • Lists: This category covers access to all non-transaction records in NetSuite, such as customers, vendors, and employees. Keep in mind that not all permissions in this category may be intuitively named, so carefully review each permission to understand its purpose. Certain administrative permissions, like “Mass Updates,” should be restricted to a small subset of users.
            • Setup: These permissions are mostly administrative in nature. However, some permissions in this category may be relevant for a broader range of roles. For example, the “Import CSV File” permission allows end users to process their own CSV imports for records they have access to. Additionally, the “SAML Single Sign-on” permission is essential for roles using single sign-on authentication.
            • Custom Record: This category pertains to SuiteApps or custom records within NetSuite. Access to specific records or groups of records can be granted to users based on their roles. During the implementation of a new SuiteApp, these permissions are often adjusted to allow users to interact with the solution as needed.

            Final Notes

            For charities and social enterprises, optimising NetSuite roles and permissions is about aligning the ERP solution with the organisation's mission and operational needs.

            By understanding and implementing NetSuite roles and permissions effectively, non-profits can leverage this powerful tool to enhance their financial management, donor engagement, and overall operational efficiency.

            Get in touch with our NetSuite consultants at Cloud Doing Good for expert advice and guidance.

            Talk to a systems accountant today to find out how NetSuite can maintain your security.

            Speak to a systems accountant today

            Search Insights