Welcome to Part 3 of NetSuite Segregation of Duties, Filtering Permissions for Key Attributes. In NetSuite, for us to see all the users along with the roles and the permissions and the levels they have, we need to run a search. In the previous session, in part two, we showed you how to do the custom search, so that we can pull out the users, permissions, the roles, and the permission levels.
Here’s what we will cover in this article;
I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.
How to Export Reports and Filter Permissions Levels
Once you’ve run the permissions roles and users reports and their levels, we want to then export this report into an excel file, so that we can do the analysis.
If the report is in excel and you see the exact field that you’ve added in your custom search; the person’s name, their different roles in NetSuite, their permissions and the level of permission they have in each role. As you notice, permissions repeat frequently because the person may have multiple roles or the permissions may be given in multiple places.
When doing the Segregation of Duties Analysis, the first thing we want to do is reduce all the data down to a small as possible in terms of data set to analyze. This report now includes everything we need. We will slowly filter out the criteria we don’t want to narrow down our data for analysis.
This is really important. NetSuite has 5 permission levels for each role. Create means that the permission or that role can create a transaction or item. Edit means that they create and they can change the transaction. Full is the most powerful, which means they can create and change and delete the transaction. None means they don’t have that permission. View means that they can see the transaction or item, but not do anything with it.
Once we have the report exported out, we want to now filter for only the levels that we’re interested in.
For our Segregation of Duties Analysis, we want to zero in on the “Create”, “Full”, and “Edit” permission levels. We can filter out the “None” and “View” because if they only have view access, they can’t change anything or impact our financial statements.
We want to filter the excel file to show only the 3 permissions for “Edit”, “Full”, and “Create”. We will copy everything in the original source file and paste it into a new tab that we’ve created. This is so that we can preserve the original source data in case we have to go to it for some reason or we have to check for batch totals and completeness.
In our new tab is where we’re going to start filtering out those permissions or permission levels we don’t want. For our Segregation of Duties Analysis, we’re only concerned with these 3 permission levels.
Here as mentioned, we are going to copy a new tab and we’re going to call these tab lists of SOD analysis.
This is where we copy our filtered tab. In this case, we’ll remove view and none because they don’t have the impact to change our financial statements if they don’t have access to it or if they can only view it. If you look on here, you can see the permission in column D and the permission level in column E. It tells you whether it’s “Full”, “Edit”, or “Create”.
That’s how we filter, we export the report out of NetSuite into excel, and we filter it, so that we only zero in on the permissions that could cause us problems.
To wrap up, here’s the topics that we have just discussed in this post;