Administrator Role
Managing the most powerful role in NetSuite.
What is the Administrator Role?
The Administrator role has complete access to everything:
ADMINISTRATOR = FULL ACCESS
===============================================================================
Can do:
├── Access all records and transactions
├── Create and modify users
├── Change any system setting
├── Install scripts and apps
├── Delete any record
├── Access all subsidiaries (OneWorld)
└── Everything else
Cannot do:
├── Nothing is restricted
└── That's the point!
Who Should Be an Administrator?
ADMIN ROLE RECOMMENDATIONS
===============================================================================
SHOULD have Admin:
├── IT/System administrator (primary)
├── Backup admin (in case primary unavailable)
├── Implementation consultant (during setup)
└── That's it! 2-3 people maximum
SHOULD NOT have Admin:
├── Department managers
├── Power users who "need everything"
├── Anyone who says "just give me admin"
├── More than 3 people
└── Temporary users/contractors
Admin Security Best Practices
Password & 2FA
SECURING ADMIN ACCOUNTS
===============================================================================
□ Strong password (16+ characters)
□ Enable Two-Factor Authentication (2FA)
└── Required, not optional
□ Never share credentials
□ Change password regularly
□ Use password manager
Limit Admin Usage
DAILY WORK RECOMMENDATION
===============================================================================
Wrong approach:
├── Log in as Administrator for everything
├── "It's easier that way"
└── Creates security risk
Right approach:
├── Admin has TWO roles:
│ ├── Administrator (for admin tasks)
│ └── Regular role (for daily work)
├── Log in with regular role for daily work
├── Switch to Admin only when needed
└── Reduces accident risk and improves audit
Admin Responsibilities
Regular Tasks
| Task | Frequency |
|---|---|
| Review login audit | Weekly |
| Check for failed logins | Weekly |
| Review user access | Monthly |
| Audit role changes | Monthly |
| Review admin actions | Monthly |
| Full security review | Quarterly |
When to Use Admin Role
| Use Admin For | Don't Use Admin For |
|---|---|
| User/role management | Daily data entry |
| System configuration | Running reports |
| Script deployment | Viewing records |
| Feature enablement | Normal transactions |
| Troubleshooting | "Just in case" access |
Creating Additional Admins
ADDING A NEW ADMINISTRATOR
===============================================================================
Step 1: Carefully consider if needed
├── Do they really need full admin?
├── Can a limited role work instead?
└── Document the business reason
Step 2: Create the access
├── Employee record > Access tab
├── Give Access: ✓
├── Add Administrator role
└── REQUIRE 2FA before saving
Step 3: Train the new admin
├── Security responsibilities
├── Audit expectations
├── When to use admin vs daily role
└── Escalation procedures
Step 4: Document
├── Note who has admin access
├── Record approval
└── Set review date
Delegating Admin Tasks
Instead of giving full admin, create limited admin roles:
DELEGATED ADMINISTRATION
===============================================================================
Instead of: Create:
Full Administrator → User Administrator
├── Can manage users
├── Can assign roles
└── Cannot change settings
Full Administrator → Customization Admin
├── Can create custom fields
├── Can edit forms
└── Cannot manage users
Full Administrator → Report Administrator
├── Can create reports
├── Can schedule reports
└── Cannot edit data
Auditing Admin Activity
MONITORING ADMINISTRATOR ACTIONS
===============================================================================
What to monitor:
├── Login times and locations
├── Role changes made
├── User access changes
├── System setting changes
└── Unusual activity patterns
Where to look:
├── Login Audit: Setup > Users/Roles > View Login Audit
├── Role Audit: Setup > Users/Roles > Role Audit Trail
├── System Notes: On any record > System Notes subtab
└── Script Logs: Setup > Scripting > Script Execution Logs
Quick Reference
| I want to... | Go to |
|---|---|
| See who is admin | Setup > Users/Roles > Manage Roles > Administrator > Users |
| Review admin logins | Setup > Users/Roles > View Login Audit |
| Enable 2FA for admins | Setup > Company > Two-Factor Authentication |
| Create limited admin | Setup > Users/Roles > Manage Roles > New |
Admin Checklist
ADMINISTRATOR SECURITY CHECKLIST
===============================================================================
□ Only 2-3 administrators
□ All admins have 2FA enabled
□ Admins have daily work role too
□ Admin activity reviewed monthly
□ Admin list documented
□ Admin access justified
Key Takeaways
- Limit to 2-3 admins - fewer = safer
- Require 2FA - no exceptions for admins
- Use daily work role - don't live in admin
- Audit regularly - know what admins do
- Delegate when possible - create limited admin roles
Related Topics
- Security Considerations - Security setup
- Administrator Role Setup - Initial setup
- Auditing - Monitoring activity