Discussions
Stay up-to-date with the latest news from NetSuite. You’ll be in the know about how to connect with peers and take your business to new heights at our virtual, in-person, on demand events, and much more.
Now is the time to ask your NetSuite-savvy friends and colleagues to join the NetSuite Support Community! Refer now! Click here to watch and learn more!
Update your Profile with your Support type to get your Support Type badge.
Uncover the power of data with the Analytics Hub —your ultimate guide to mastering NetSuite Saved Searches and Reports. Simplify the complex and unlock your organization's true potential. Dive into the Analytics Hub now and soar to new heights!
Nominate Your Peers for NetSuite Support Community's Choice of the Quarter! Submit your nomination today.
Intelligent Payment Automation version 1.0.3 is now available in the SuiteApp Marketplace. The SuiteApp, powered by BILL, lets you automate payments, manage vendor details, and bank account information within NetSuite. Learn more
No Limits. Just possibilities.
Join us for complimentary one-day events around the world and step into a future fueled by AI and limitless potential. Explore new breakthroughs, sharpen your skills, and connect with experts who are shaping what’s next. Experience bold keynotes, interactive learning, and connections that span the global NetSuite community. Discover what's next at SuiteConnect Tour 2026.

Too many security holes in NetSuite

edited Dec 3, 2019 2:58PM in General 5 comments

This is unbelievable. I can't believe the lack of security applied to NetSuite when it comes to permissions and roles. Here's a couple of examples:

1. Set up a saved search to lookup customers with specific fields set (to ensure that the user can only see customers with these fields set). Restrict the saved search for 'Customers' to the user's role.

Result: Run the saved search under the specified role and only the customer's you expect show in the list. HOWEVER, in the lower right is the 'Edit View' button to allow them to edit the view. In other words, you CANNOT prevent the user from editing a saved search! You can stop them from saving it under the same name but they can edit it, remove the criteria that prevents them from seeing other customers, hit the preview button and voila, they have view and access to the list of customers you don't want them to see. SAVED SEARCHES ARE

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!

Leaderboard

Community Whiz

Quarter 4 (Oct-Dec 2025)

This Week's Leaders

This Month's Leaders

All Time Leaders