[JMUnderwood]

It appears that ONLY users with the Administrator role have access to create and install SuiteBundles? Is this correct?

I hope not. Because it’s a major limitation and opens a major security hole.

As we all know, Administrators can do anything, including DELETION of all data in the account. Thus, we want to restrict this role to the absolutely minimum number of people.

But if I have a NetSuite development team, I want selected people on that team to be able to create and install bundles. But I don’t want them to be able to do most of the data-related things an Administrator can do, like DELETE everything, delete selected records, change records in closed periods, … The list goes on.

I don’t see any role permissions that deal with SuiteBundler.

I tried Full Access role, and this allows ONLY the capability to LIST bundles that have been Created or Installed. It also violates a fundamental rule of UI: Don’t give the user the ability to select an option that he/she doesn’t have permission to execute. When I click on the [New] button for either Creating or Installing a new bundle, I get an error msg “Permission Violation: only the administrator may access this page”. This also happens when I click on any of the links in the list of Saved Bundles. If the role doesn’t allow the action, then remove the buttons and links.

So NetSuite, in your design of the SuiteBundler system, how did you consider handling this issue/restriction?
This is a cached copy. Click here to see the original post.

[JMUnderwood]

RE: Access to SuiteBundler — Roles & Permissions?

Would someone from NetSuite please comment on this issue.

[Author]

Posts