Core Administration Permissions is a feature that can be enabled for a role and gives the role access to a functionality that is currently only accessible to the standard Administrator role. You can use Core Administration Permissions to customize a role so that it behaves almost like the Administrator role, while also restricting access to other areas of NetSuite using role permissions and restrictions. For example, with Core Administration Permissions you can create a role specifically for an IT administrator who is responsible for the general administration of the system, but who should not have access to sensitive employee information.
By default, Core Administration Permissions is not assigned to any roles. The Core Administration Permissions feature is enabled by default.
Use caution when assigning a role with Core Administration Permissions to a user, because the role will become similar to the standard Administrator role in terms of exclusive administrator privileges.
Differences Between Core Administration Permissions and Administrator Role
Although Core Administration Permissions is designed to behave like the standard Administrator role, the following table outlines some of the differences between these two roles.
| Core Administration Permissions | Administrator Role | |
|---|---|---|
| Searches | Can only view saved searches through the user interface Can only view private and saved searches by entering a URL | Can view, edit, make inactive, and delete ALL saved searches, including: – Shared searches, with or without the Allow Audience to Edit option enabled, whether or not they include the administrator as the audience – Public searches, with or without the Allow Audience to Edit option enabled – Private searches owned by users other than the administrator |
| Account administration | Cannot edit employees who are assigned the Administrator role Cannot approve the Employee change request Cannot assign the Administrator role Cannot close a NetSuite account Cannot provide access to a demo account Cannot create payment instruments Role with Core Administration Permissions assigned can be edited by users with non-administrator roles | Can edit employees who are assigned the Administrator role Can approve the Employee change request Can assign the Administrator role Can close a NetSuite account Can provide access to a demo account Can create payment instruments Administrator role can only be edited by a user with an Administrator role |
| Contact Records | When the Advanced Employee Permissions feature is not enabled, any role using Core Administration Permissions must include the Lists > Employees permission when the Show Employees as Contacts box on the General Preferences page is checked When the Advanced Employee Permissions feature is enabled, Show Employees as Contacts is not supported. | — |
Customizing or Creating a Role with Core Administration Permissions
Consider the following when you are customizing or creating a role with Core Administration permissions:
- Use caution when assigning Core Administration Permissions to a role, because the role will become similar to the standard Administrator role in terms of exclusive administrative privileges.
- When you assign Core Administration Permissions to a role, you should consider making two-factor authentication required for the role.
The Core Administration Permissions feature is enabled on all accounts by default.
You can assign Core Administration Permissions to any role, and then configure the role to restrict access to areas of NetSuite.
To assign Core Administration Permissions to a role, you must be logged in using the Administrator role or a role with Core Administration Permissions and Manage Roles permissions assigned.
To assign Core Administration Permissions to a role:
- Go to Setup > Users/Roles > Manage Roles.
- On the Manage Roles list page, next to the role that you want to add Core Administration Permissions to, click Customize.
- On the Role record, check the Core Administration Permissions box.
- To make two-factor authentication required for the role, in the Two-Factor Authentication Required dropdown list, select 2FA authentication required.
- Click Save.
Note: If you are logged in with a role where mandatory two-factor authentication (2FA) is required and you select Not required in the Two-Factor Authentication Required dropdown list, the mandatory 2FA policy supersedes the role setting. This means that two-factor authentication is required for the role even though it says two-factor authentication is not required on the Role record