This topic contains 2 replies, has 0 voices, and was last updated by egrubaugh 8 years, 2 months ago.

  • Author
    Posts
  • #5151

    jalarson1

    I have a list of records that are view only for two roles. These records all have a location field. I want the users with these roles to only see the records for the location they are assigned to. This is a custom record. Changing the Location Restrictions at the top of the Role form from ‘none’ to ‘owner and subordinates only’ didn’t affect the view of this record at all. The only solution I can think of is to make a view that filters out all but one location and then assign that view to a separate role for each location. That solution seems very clunky to me. I don’t want to have to create a bunch of new roles just to restrict the view of this record. Is there a way to check a users location dynamically and filter a view of a custom record list based on that? Is there another solution I’m not seeing?
    This is a cached copy. Click here to see the original post.

  • #5152

    Voltron

    I did something kinda like this awhile back for the Advanced Partner Center and custom records; found I had to do it with code, and a cursory review of your desires tells me you need to do the same thing. There’s a native context API, nlapiGetLocation(), that you would use as your starting point, assuming that’s what you’re setting on their employee records.

    Basically, the code should say “before record load, if the location of the employee doesn’t match the location on the record, send them elsewhere.” Maybe send them to the home page or a “unauthorized access” Suitelet page. You need this to prevent them from accidentally or intentionally navigating to the URL of the restricted records. The saved search issue is challenging because there’s no good way to permit them easy-moving freedom with searches, including on their own records, while preventing them from building searches that view into restricted records. You can offered a “restricted view,” set on the custom record definition; that works okay. You could also build a Suitelet search form; I’ve done lots of those that provide visibility into very specific areas.

    I’d love to be proved wrong on this (or even shown that I misunderstand your challenge). I’ve presented this challenge of security around custom records to NS Support, product managers, NS partners, and general audiences at SuiteWorld, but no one has had a solution. Plenty think they do, some have offered something, but no one follows thru with an actual solution.


    jalarson1 replied on 08/30/2016, 10:58 AM: Thanks, Voltron, you confirmed my suspicions.

  • #5153

    egrubaugh

    Originally posted by Voltron

    View Post

    There’s a native context API, nlapiGetLocation(), …

    Very interesting; I was not aware of that function!

    Seems like you will have to do this with a script like Voltron describes. A User Event deployed to your custom record that, on Before Load, compares the user location to the record location.

    You could redirect them somewhere like the homepage, but that might be a bit confusing if there’s no message as to why. I would suggest your User Event throw an error, something like:

    Code:
    throw nlapiCreateError(‘INSUFFICIENT_PERMISSION’, ‘You do not have permission to view this record.’);
    The user will be shown NetSuite’s typical error page with whatever messaging you specify.

You must be logged in to reply to this topic.