NetSuite’s role-based architecture gives you the ability to control which users can perform each of the various functions and view related data within your environment with laser precision. This level of customization is extremely powerful when used correctly, but can cause inefficiencies, employee frustration, and even erroneous data when configured poorly. In this article, I’ll share five of my best practices when working with user roles in NetSuite.
- Avoid roles that are highly segmented and restrictive.
Roles can become roadblocks when a user who has permission to perform a specific task has to change out of their primary role every time they need to do it. In extreme cases, I’ve seen roles limited to a single core permission (along with any permission dependencies), meaning that a user would complete 95% of a process in one role and would then switch roles to complete the last 5%. This can quickly lead to significant slow-downs in your business process, as staff will often wait to complete tasks in batches knowing that they need to change roles in order to do so. A good rule of thumb is that an employee should be able to complete all steps for any process that they are responsible for within a single role. Exceptions to this are approval processes and, in some cases, employees who perform multiple job functions (i.e. procurement and accounting).
- Avoid catch-all roles.
Just as it can be problematic to create roles that are very limited in their capabilities, roles that are very open and intended to span multiple job functions can also cause unexpected issues. Dashboards, navigation paths, and KPI scorecards are driven by the “Center Type” that the role is associated with. A role is only assigned to a single Center Type and the Center Type cannot be changed. This can lead to limited visibility and unintuitive navigation when a person performing accounting functions is using a role that is actually a sales role with accounting permissions added. Also, these broad roles can lead to permission conflicts, since they are often shared across multiple users in different functional groups and might give users access to functionality that they haven’t been trained on and aren’t intended to use. Finally, properly segmented roles can actually improve employee efficiency through their distinct user dashboards, which highlight important metrics and actionable items based on job function. Blended roles tend to reduce visibility of key responsibilities, since the same dashboard is being used to display a wider array of information.
- Start from an existing role when creating new roles.
If you’ve ever reviewed the NetSuite permissions documentation in SuiteAnswers, then you know the breadth of the distinct permissions that can be assigned in NetSuite. Beyond the permissions themselves, there are also four access levels that can be assigned for most permissions – making for a complex array of potential combinations and interdependencies. In some cases, two seemingly distinct permissions may be required in order to perform a particular function. For this reason, I always recommend starting from the closest existing role and using the “Save As” option to create a copy that can be adjusted as needed. While you can start from scratch and build a new role from the ground up, adding all of the individual permissions necessary and doing sufficient end-to-end testing is extremely time-consuming, especially since there is not currently a way to import role changes.
- Publish default dashboards for your team.
There are generally three cases in which I find businesses assigning a new role to a user – 1) a new employee is joining the team, 2) an employee is taking on a new role/responsibility within the organization, or 3) the business is going through a NetSuite implementation. In all three cases, having a pre-configured dashboard published for each role is an invaluable tool for guiding an employee to the metrics and actions that are most critical to their job function. Whether they’re new to NetSuite, new to a role/responsibility, or both, a well-configured dashboard can drive action and dramatically improve navigation with minimal ongoing effort.
- Take advantage of global permissions.
In my experience, global permissions are one of the most underused aspects of role configuration. Global permissions allow you to assign a permission to a user, which allows them to perform the granted function in any role that is assigned to them. This is especially handy when it comes to temporarily transferring responsibilities when a staff member goes on vacation, since you can grant access to one specific function to a user without opening up all permissions that are part of a particular role. Additionally, global permissions are also useful for top-level employees who perform approvals since they can complete the necessary approvals in any of their roles without having the disruption of navigating to a distinct role.
Want to learn more about configuring user roles in NetSuite, or get guided support on creating a role in your environment? Contact Concentrus today to discuss your user role needs.
About Us
Concentrus is a complete NetSuite solutions provider that guides organizations through how to use NetSuite to reach highly focused business goals and objectives. We provide NetSuite implementation, developer, integration, and customization services to ensure that you have a long-term solution that is tailored to fit your systems, people, and processes.
Read About Our Implementation Methodology
Want more NetSuite Tips and Tricks? Check out our Short & 'Suite videos