Access Controls & Permissions
Role-based access control for your NetSuite customer portal. User authentication, API security, and permission management to control who sees what data.
SuitePortal gives you control over who can access your portal and what they can do.
User Authentication
Every user must prove who they are before accessing the portal.
Authentication Features
| Feature | What It Does |
|---|---|
| Email verification | Confirms the user owns their email |
| Password requirements | Strong passwords required |
| Session management | Automatic logout after inactivity |
| Multi-factor authentication | Additional security layer (enterprise) |
Role-Based Access
What users can do depends on their role.
Role Capabilities
| Role | View Data | Take Actions | Manage Users | Configure Settings |
|---|---|---|---|---|
| Admin | ✓ | ✓ | ✓ | ✓ |
| Member | ✓ | ✓ | — | — |
| Viewer | ✓ | — | — | — |
What "Take Actions" Means
Actions include things like:
- Making payments
- Downloading documents
- Submitting requests
Viewers can see information but cannot make changes or take actions.
API Access Controls
If you use the API extension.
API Security Features
| Control | What It Does |
|---|---|
| API keys | Each integration gets its own key |
| Scoped permissions | Keys can be limited to specific data |
| Rate limiting | Prevents abuse and ensures fair usage |
| Revocation | Instantly disable compromised keys |
Managing Access
How to manage user access in your portal.
Changing User Roles
- Go to Users
- Click on the user's name
- Select a new role
- Save changes
Changes take effect immediately.
Removing a User
- Go to Users
- Find the user
- Click Remove
- Confirm
The user loses access immediately but their historical data remains for your records.
Best Practices
Tips for managing access securely.
Principle of Least Privilege
- Use the least privilege necessary — Start users with Viewer access and upgrade as needed
- Review access regularly — Remove users who no longer need access
Credential Security
- Use strong passwords — Enforce password requirements
- Monitor API keys — Rotate keys periodically and revoke unused ones
Related
- Organizations & Users — Understanding roles
- Data Isolation — How data is separated
Data Encryption & Security
Enterprise-grade encryption for your NetSuite customer portal. TLS 1.2+ in transit, AES-256 at rest, and secure key management for all portal data.
Roles & Permissions Reference
Complete guide to SuitePortal user roles and permissions. Admin, Member, and Viewer capabilities, custom roles, and role assignment for your NetSuite portal.