- Apply the principle of least privilege when assigning user role permissions.
- Review all custom record permissions for each user role to ensure all necessary permissions are granted (or removed).
- Take the time to understand any potential conflicts in segregation of duties between the custom roles in your NetSuite environment and document user role combinations that should not be granted to a single user.
- Leverage custom form restrictions to ensure users are interacting with NetSuite in the UI with the forms that allow them to navigate efficiently.
- After performing a Sandbox refresh, create non-SSO user roles for each SSO user role, which can then be assigned to NetSuite Administrators for testing.
- Establish user role types and align NetSuite customization to role types instead of specific roles. This is a great way to future-proof NetSuite customization that should only be leveraged by a specific group of user roles.
- Prior to creating a new user role, double-check that the center type is accurate, otherwise you run the risk of needing to repeat the process under the correct center type.
- Double-check that all user roles that need the ability to modify transaction exchange rates have “Edit” level permission on the “Currency” role permission.
- Utilize the “Show Role Differences” screen to export all user roles and permissions to Excel for quick comparison between multiple roles.
- With the exception of the “Administrator” and “NetSuite Support Center” roles, never assign NetSuite out-of-the-box roles to users.