Configure role-based permissions for Salesforce-NetSuite (IO) integration app in NetSuite



  • Kenneth Welling

    Could you please explain the purpose of this Document? Is it intended to detail the Celigo IO Integration Admin role that comes with Bundle 20038?  Is it the permissions I should have in order to install the Integrator App? Is it the set of permissions users should have to work in NetSuite once I have the integrator App installed?

    And, what is the purpose of the of the Celigo IO Integration Admin Role that came with Bundle 20038?

    FYI, I had to add many permissions to the " Celigo IO Integration Admin Role " in order to align with this document.

    More importantly:

    Lists: Sales Campaigns does not exist

    Lists: Ship Items is actually Shipping Items

    Setup: Web Services does not exist (this also ripples to )


  • Docs Support

    Purpose of the document is to list the permissions required in NetSuite to manage the integration application, in case you wish to set up a custom role. You may use Celigo Full Access role w/o 2FA role available with bundle 20038 as a reference. 

    Celigo IO integration Admin is an old role which has basic permissions required for managing integration app. We recommend you to use Celigo Full Access role w/o 2FA role because it excludes the 2FA privilege. 

    Please feel free to ignore Sale Campaigns and Web Services if it is not available in your NetSuite account. 

  • Kenneth Welling

    Thank you so much for your response. It is super helpful. 

    I looked through the permissions in the 'Celigo Full Access w/o 2FA’ role.

    It appears that the ‘Celigo Full Access w/o 2FA’ role is missing (according to the list above):

    ^Lists-> ‘Billing Schedules’, ‘Subsidiaries’, ‘Tax Schedules’

    ^Setup-> ‘Access Token Management’, 

               -> 'Custom Fields' and 'Custom Lists' were only enabled for View, not Full

    ^Custom Record -> Celigo SFDC Lookups

    Are these not important, or should I add them?

  • Docs Support

    'Subsidiaries' and 'Tax Schedules' are important for Salesforce-NetSuite IA.
    'Billing Schedule' is usually not required. 

    We recommend 'Custom Fields' and 'Custom Lists' to be changed to Full. 

    Our recommendation is to use ‘Celigo Full Access w/o 2FA’ role as a base, and add all available permissions in this article to ensure no issues in your setup.
    Some of these field permissions depend on your requirements, i.e. it depends on what you use or do not use in NetSuite. The above list is exhaustive, it assumes you are using all features.
    On the other hand, ‘Celigo Full Access w/o 2FA’ role encompasses the mandatory permissions required across all Celigo integrations. 

  • METER Group
    Celigo University Level 1: Skilled

    You claim  ‘Celigo Full Access w/o 2FA’ role encompasses the mandatory permissions required across all Celigo integrations. This was, and still is, false. I just got an error due to the newly missing "Currency" permission when I refreshed the Currencies in the General configuration of IA (My connector uses a clone of this role via the access Token). 

    I have   Celigo Salesforce Connector [IO] 1.6.0
    and       Celigo 20038   v      

    It been 6 months and Celigo Still has not fixed this in the ‘Celigo Full Access w/o 2FA’ role you provide, yet instead it has gotten worse.  The following permissions are listed as necessary in this document, but are not in the role:

    ^Lists-> ‘Billing Schedules’, ‘Subsidiaries’, ‘Tax Schedules’,  NEWLY MISSING PERMISSION: 'Currency'

    ^Setup-> ‘Access Token Management’, NEWLY MISSING PERMISSION: 'User Access Tokens'

               -> 'Custom Fields' and 'Custom Lists' were only enabled for View, not Full  (this document recommends FULL, but the role only has "View")

    It is very tedious to have to go through and verify every one of these permissions.

  • Artem Sedov

    Celigo Team: please correct me if I'm wrong, but it seems that Publish Search is needed in Lists section, with at least Edit access. Otherwise when changes locked Saved Searches created by the SuiteApp, it will change them to be Private and eventually won't be able to access them afterwards. This may happen, for example, when you're enabling Test Mode - it modifies saved searches with additional criteria and makes them private, which then causes an error stating that Saved Search does not exist.
    UPD: I now see that the locked role from the bundle has this permission as well as a few others not mentioned in this article.


Please sign in to leave a comment.