web-service-netsuite: can different type of users access salesorder record in netsuite?

NetSuite provides many standard roles with predefined permissions. A role is a set of permissions that allows customers, vendors, partners and employees access to specific aspects of your data. Each role grants access at a certain level for each permission. When logging in using Web services you may provide a role id along with your credentials.

The role id that you provide must have Web services permissions, otherwise an INSUFFICIENT_PERMISSION error is returned. If no role id is provided, then the user´s default role is used. If the default role does NOT have Web services permissions, then a ROLE_REQUIRED fault is returned.



Assigning the Web Services Permission to a Role:
-----------------------------------------------------------------------------------
All standard NetSuite roles have Web services permissions by default. For security reasons, it is recommended that you restrict permissions levels and access allowing only the most restricted permissions necessary to perform a given set of operations.

For non-standard or custom roles, use these steps to assign the Web Services permission to the role.
To assign the Web Services permission to a role follow the following steps:

1. Go to Setup > Users/Roles > Manage Roles.
2. Click either Edit or Customize next to the role.
3. On the Setup subtab, choose Web Services from the Permissions drop-down list.
4. Select the Full permission level in the Level drop-down list.

*** Note:
===================
Users with a Web Services permission level other than Full (View, Create, Edit) cannot log in to Web services. The Full level is required. Also note that the Web Services permission does not provide access to the Web Services Usage Log; only administrators can access this log.

5. Next, click Done.
6. Click Save.

**** Additional Notes:
=================================
* If you are building an integrated application, it is best to create a new role or customize an existing role and grant the minimum set of permissions that are necessary for the client to carry out its functions. It is not recommended that users are granted the Full Access role or that a user should be assigned administrator privileges in your Web services.

* If your role has permission to view credit card data on the user interface, you can also retrieve this information through Web Services calls. This is beneficial to integrated applications that use an external credit card processor. Based on your role, you may be able to retrieve the credit card on file for your customers.


***Note:
-----------------------------------
All standard roles have the Web services permission by default when the Web services feature is enabled. Custom roles, however, must be explicitly set to have Web services permissions.

To set a specific default role for a Web services user kindly follow the following steps:
1. Click Setup > Integration > Web Services Preferences.
2. Select the desired user from the Name drop-down list.
3. Select the default role to use for Web services requests for this user.
The internal ID for the selected role automatically populates the ID field.
4. Click Add.
5. Click Save.



Setting a Web Services Only Role for a User:
----------------------------------------------------------------------
In NetSuite you can designate a user´s role as Web Services Only. When a user logs in with a role that has been designated as Web Services Only, validation is performed to ensure that the user is logging in through Web services and not through the UI.

*** Note:
==================
Your account must have the Web services feature enabled for the Web Services Only check box to appear. See Enabling the Web Services Feature for steps on enabling this feature.

The Web Services Only role increases the security of an integrated application by prohibiting a UI user from accessing the system with permissions and privileges that are specifically created for a Web services applications. For example, you may have a Web services application that requires certain employees to have write access to several records. However, you want to prohibit the employees from being able to edit these records directly from within the NetSuite UI. If you assign the Web Services Only role to specified employees, the employees can log in to NetSuite and access the application through Web services, however, the employees cannot switch to their other roles within the system and write/edit/delete these any data-sensitive records.


**** The Web Services Only role does not appear in the Change Role drop-down list. Therefore, users cannot change their roles from their original UI login role (A/P clerk, for example) to their Web Services Only role from within the UI.

To designate a role as Web Services Only Follow the following steps:
-------------------------------------------------------------------------------------------------
1. Click Setup > Users/Roles > Manage Roles.
2. On the Manage Roles list page, select Customize next to the role you want to set as
Web Services Only.
3. Select the Web Services Only Role check box.
4. Click Save.

*****When to Set the Web Services Only Role:
====================================================
A role should not be designated as Web Services Only until the developers building and testing the integrated application have completed the application. Waiting to designate a role as Web Services Only allows developers to go back and forth during design and development time to test the permissions for the role that is designed specifically for an integrated application. Once the development and testing is complete, the developer can set the Web Services Only role to TRUE for a specified role to prevent users with this role access to the UI with this set of permissions and privileges.

*** Note:
-------------------
External roles such as Customer Center, Partner Center, Advanced Partner Center,
Vendor Center, and Employee Center should not be customized to have Web
Services Only permissions.