Skip to main content
Articles in this section

Configure role-based permissions for Salesforce-NetSuite (IO) integration app in NetSuite

You may use the Celigo integrator.io Full Access role w/o 2FA role available in our Celigo integrator.io 20038 bundle to manage your integration application as a reference. This is a locked role and cannot be changed. 

If you wish to customize the role or reuse an existing role, you may use the below-listed permissions to configure the custom role used to manage the integration application. 

The custom role can be then used to set up a NetSuite connection.

The custom role is not required for all the business users creating or editing the records in NetSuite. 

Contents

Permissions

Additional References

Transactions

Permission Level

Credit Memo

Edit

Customer Deposit

Edit

Customer Payment

Edit

Customer Refund

Edit

Find Transaction

Full

Fulfill Orders

View

Invoice

Edit

Item Fulfillment

Edit

Opportunity

Edit

Estimate

Edit

Sales Order

Full

Adjust Inventory

Full

Cash Sale

Edit

Cash Sale Refund

Edit

Item Receipt

Edit

Return Authorization

Edit

Sales Order Approval

Edit

Return Auth. Approval

Edit

Refund Returns

Edit

Reports

Permissions Level

SuiteAnalytics Workbook

Edit

Lists

Permissions Level

Billing Schedules

Edit

Cases

Edit

Contact Roles

View

Contacts

Edit

Currency

View

Custom Record Entries

Full

Customers

Edit

Documents and Files

Full

Employee Record

Edit

Employees

Edit

Items

Edit

Locations

Edit

Notes Tab

Edit

Perform Search

Full

Project Tasks

Full

Projects

Edit

Sales Campaigns

View

Subsidiaries

Full

Track Messages

Full

Bins

Edit

Tax Records

View

Tax Schedules

View

Ship Items

View

Setup

Permissions Level

Access Token Management

Full

Accounting Lists

Edit

Allow JS / HTML Uploads

Full

CRM Lists

Full

Custom Fields

Full

Custom Lists

Full

Custom Record Types

Full

Delete Event

Full

Set Up Company

Full

SuiteApp Marketplace

Full

SuiteBundler Audit Trail

Full

SuiteScript

Full

User Access Tokens

Full

Users & Passwords

Full

Web Services

Full

Accounting Preferences

View

Custom Record

Permissions Level

Celigo SFDC Lookups

View

If you’re using the Contract Renewal Module you’ll need to provide the custom-record permissions    

Permissions Level

Contract Item

Full

Contract Renewal Preferences

Full

Contract

Full

Contract Renewal Action

Full

Forms

Enable the following forms for a role

  • Transaction
  • Item
  • Custom Record
  • Bill of Materials
  • Time
  • Entity
  • CRM
  • Other Record
  • Inventory Detail

Preferences

Permissions Level

Global Search Includes Transaction Numbers

True

Download PDF file

Was this article helpful?
0 out of 0 found this helpful

Comments

6 comments
Date Votes
  • Could you please explain the purpose of this Document? Is it intended to detail the Celigo IO Integration Admin role that comes with Bundle 20038?  Is it the permissions I should have in order to install the Integrator App? Is it the set of permissions users should have to work in NetSuite once I have the integrator App installed?

    And, what is the purpose of the of the Celigo IO Integration Admin Role that came with Bundle 20038?

    FYI, I had to add many permissions to the " Celigo IO Integration Admin Role " in order to align with this document.

    More importantly:

    Lists: Sales Campaigns does not exist

    Lists: Ship Items is actually Shipping Items

    Setup: Web Services does not exist (this also ripples to https://docs.celigo.com/hc/en-us/articles/115000389172-Pre-installation-tasks )

     

    0
  • Purpose of the document is to list the permissions required in NetSuite to manage the integration application, in case you wish to set up a custom role. You may use Celigo integrator.io Full Access role w/o 2FA role available with bundle 20038 as a reference. 

    Celigo IO integration Admin is an old role which has basic permissions required for managing integration app. We recommend you to use Celigo integrator.io Full Access role w/o 2FA role because it excludes the 2FA privilege. 

    Please feel free to ignore Sale Campaigns and Web Services if it is not available in your NetSuite account. 

    0
  • Thank you so much for your response. It is super helpful. 

    I looked through the permissions in the 'Celigo integrator.io Full Access w/o 2FA’ role.

    It appears that the ‘Celigo integrator.io Full Access w/o 2FA’ role is missing (according to the list above):

    ^Lists-> ‘Billing Schedules’, ‘Subsidiaries’, ‘Tax Schedules’

    ^Setup-> ‘Access Token Management’, 

               -> 'Custom Fields' and 'Custom Lists' were only enabled for View, not Full

    ^Custom Record -> Celigo SFDC Lookups

    Are these not important, or should I add them?

    0
  • 'Subsidiaries' and 'Tax Schedules' are important for Salesforce-NetSuite IA.
    'Billing Schedule' is usually not required. 

    We recommend 'Custom Fields' and 'Custom Lists' to be changed to Full. 

    Our recommendation is to use ‘Celigo integrator.io Full Access w/o 2FA’ role as a base, and add all available permissions in this article to ensure no issues in your setup.
    Some of these field permissions depend on your requirements, i.e. it depends on what you use or do not use in NetSuite. The above list is exhaustive, it assumes you are using all features.
    On the other hand, ‘Celigo integrator.io Full Access w/o 2FA’ role encompasses the mandatory permissions required across all Celigo integrations. 

    -1
  • You claim  ‘Celigo integrator.io Full Access w/o 2FA’ role encompasses the mandatory permissions required across all Celigo integrations. This was, and still is, false. I just got an error due to the newly missing "Currency" permission when I refreshed the Currencies in the General configuration of IA (My connector uses a clone of this role via the access Token). 

    I have   Celigo Salesforce Connector [IO] 1.6.0
    and       Celigo integrator.io 20038   v 1.15.0.0      

    It been 6 months and Celigo Still has not fixed this in the ‘Celigo integrator.io Full Access w/o 2FA’ role you provide, yet instead it has gotten worse.  The following permissions are listed as necessary in this document, but are not in the role:

    ^Lists-> ‘Billing Schedules’, ‘Subsidiaries’, ‘Tax Schedules’,  NEWLY MISSING PERMISSION: 'Currency'

    ^Setup-> ‘Access Token Management’, NEWLY MISSING PERMISSION: 'User Access Tokens'

               -> 'Custom Fields' and 'Custom Lists' were only enabled for View, not Full  (this document recommends FULL, but the role only has "View")

    It is very tedious to have to go through and verify every one of these permissions.

    0
  • Celigo Team: please correct me if I'm wrong, but it seems that Publish Search is needed in Lists section, with at least Edit access. Otherwise when integrator.io changes locked Saved Searches created by the SuiteApp, it will change them to be Private and eventually won't be able to access them afterwards. This may happen, for example, when you're enabling Test Mode - it modifies saved searches with additional criteria and makes them private, which then causes an error stating that Saved Search does not exist.
    UPD: I now see that the locked role from the bundle has this permission as well as a few others not mentioned in this article.

    0

Please sign in to leave a comment.