You've unlocked a free consultation with HouseBlend CEO and former Olympian Nicolas Bean.
Limiting transaction subsidiary access in NetSuite is something that is bound to come up when setting up OneWorld and the more knowledge you have about how it works, the better you will be able to manage NetSuite. Limiting transaction subsidiary access is used to restrict access to information for specific roles when setting up OneWorld.
Welcome to OneWorld! You’re starting to get set up in your account and are creating the various roles required in your organization. Everything looks great but then you notice that a specific role you have created (say: role ABC) seems to be able to create transactions for not only the Parent subsidiary but also the Children. What gives? The goal of role ABC was to only give the user access to the Parent subsidiary. So, how is it possible that this role is able to create transactions with other subsidiaries?
Well, in the case outlined above, it is most likely the case that the role has been granted “All” access in the “Accessible Subsidiary” radio button selection as shown below:
As you can see above, there are 4 options to select from when creating a role in NetSuite.
When granting “All” as a permission, proceed with caution. This option is usually reserved for Administrator type roles that need oversight on all consolidated data and requires quite a bit of freedom in NetSuite.
When granting “Active” as a permission, it is essentially the same permission as the “All” except that it does not include inactive subsidiaries. This role may be useful if there is an oversight type role that would not need to see historical transactions (for example a subsidiary that has been inactivated but still contains data).
When granting “User Subsidiary” as a permission, it is pulling the Subsidiary from the Employee record. This is the most common way of setting up a role as you can then manage the Subsidiary the Employee belongs to on the Employee record itself. This lends itself to potentially easier maintenance depending on the use case.
When granting “Selected” as a permission, it is a role that has access to a specific subset of Subsidiaries. This method could also lend itself to potentially easier maintenance as you could change the access of a specific role in one place but affect multiple users using that role.
Special mention to the permission “Allow Cross-Subsidiary Record Viewing”, which allows users logged in with this role to see, but not edit, records for subsidiaries to which the role does not have access.