Security is an extremely important and complex topic that affects every organization differently. The hardest part of security is getting the design right. Too many companies try to do this on the fly, often with incomplete results. The NetSuite Security Matrix was created by Fastpath’s team of NetSuite experts and developers to aid in designing NetSuite security. It’s built on the foundation of NetSuite’s Permission Usage List Worksheet and includes modifiable standard roles to help with security design.
When using the NetSuite Security Matrix to aid in designing roles, it is important to remember that it will not actually make changes within the system. The matrix is simply a tool to assist in better role design.
The first step in designing a role is understanding permissions and how they affect each role. Inherently, permissions are assigned to roles and then one or more roles are assigned to specific users. This then shapes the information that users have access to, based on their specific role assignment. There are also four access levels that can be used to additionally control permissions.
The four levels are:
- View: User has access to view existing files only. The User cannot create new, edit existing, or delete existing files.
- Create: User can create new and view existing files. The user cannot edit or delete existing files.
- Edit: User has access to create new, view existing, and edit existing files. The user cannot delete existing files.
- Full: User has access to create new files and view, edit, and delete existing files.
With that quick look at permissions, we are able to take a look at how roles and permissions tie together with the help of our security matrix. NetSuite recommends against using the included, standard roles. Instead NetSuite recommends using standard roles as a starting point for building custom roles. The NetSuite Security Matrix contains the NetSuite standard roles and it’s easy to copy from the list of standard roles into a new custom role. From there users can add permissions to a role by selecting the permission and selecting a level (view, create, edit, or full). To completely remove a permission from a role, simply leave the permission blank.
Once NetSuite roles have been customized and permissions assigned to roles in the security matrix, all of the security for a role is in one place, making it reasonable to at least scan for potential segregation of duties conflicts. Also, designing security with the NetSuite Security Matrix makes security review and signoff much easier with security all in one place.
While NetSuite security objects are generally assigned by role, NetSuite also offers global permissions which override role based security at the user level. Global permissions can increase or restrict security for a user. The NetSuite Security Matrix also include a sheet to identify global permissions as part of the design.
When using the NetSuite Security Matrix to assist in security design, it’s important to remember that the matrix is a tool. It is there to help, but users still need to keep in mind the security needs of their organization and their instance of NetSuite.
If you would like to give the NetSuite Security Matrix a try, the tool is available for download at: http://www.gofastpath.com/netsuite-security-matrix