Real People, 24/7

Required Level of Permissions for NetSuite Integration


Learn how to solve the most common permissions-related challenges with your NetSuite integration and sync procedures?



Be sure to check out the latest NetSuite Permissions in this article to review each if you get errors in the integration which states you need specific permissions for a role or person.

If you do not receive any errors yet records are still not being synced then please check if you have set your NetSuite Role to view all or only the selected subsidiaries in your NetSuite Account.


Let's check out a few typical subscriber's questions below. The following might help shed some light on your question too:

What level of permission does my NetSuite integration account need?

If I am going to use the Enterprise plan and need to integrate Salesforce for NetSuite too what permissions do I need to add? 

These are some good questions when you are implementing NetSuite with another system like Salesforce or others.


  • As of NetSuite release 2019.1, NetSuite has deprecated the Full Access role.

  • While using Token-Based Authentication you will be unable to create and update users with Administrator and Full Access roles due to NetSuite security parameters.

  • NetSuite will still allow the use of a custom role with Full permissions on some objects (Contacts, Customers, etc.).

NetSuite permissions added to a role or employee can take up to 24 hours to take effect in NetSuite.

Try out the Best Practice for SyncApps integration setup for NetSuite role/permissions below:

1. Create a NetSuite Custom Role

2. Assign required permissions to the NetSuite Custom Role (Permissions List based on integration)

3. Assign the role to the NetSuite username used in your SyncApps integration

4. Specify the Role ID in Sync Profile configuration (This step is not needed if using Token Based Authentication)

Getting the hang of it?

Now you need to have the specific PERMISSIONS LIST for the role:

Please assign the following permissions (Full) to the NetSuite Custom Role.

After adding new permissions in NetSuite, they can take up to 24 hours to take effect.


1) Lists - Customers

2) Lists - Contacts

3) Lists - Marketing Campaigns

4) Setup - Customer Status

5) Setup - Custom Fields

6) Setup - Custom Body Fields

7) Setup - Custom Entity Fields

8) Setup - Custom Record Types

For accessing any custom field with custom record reference please make sure you also assign Lists > Custom Record Entries permission.


9) Setup - Custom Lists

10) Setup - CRM Lists

11) Setup - Deleted Records (for Deleted Customer/Contact sync)

12) Setup - Setup Campaigns (for Subscription sync)

13) Setup - SOAP Web Services

14) Setup - User Access Token (for Token-Based Authentication)

15) Find Transaction - Transactions (if using this type of Saved Search)


16) Transactions - Sales Order, Return Authorization, Quotes, Estimates, Invoices, etc. (if using these type of Saved Searches)

Note -- you must also add additional permissions to access any objects that are used in your Saved Search criteria for Transaction Saved Searches.


17) Lists - Partners (if using this type of Saved Search) 

18) Lists - Vendors (if using this type of Saved Search)

19) Lists - Employees (if using this type of Saved Search) and Lists -> Employee Record if accessing the Sales Rep field in NetSuite.

Please continue scrolling down as you might have other integrations with SyncApps that require more permissions.

For Zendesk and NetSuite or Freshdesk and NetSuite integrations, you will also need to assign the following NetSuite Permissions to Full:

1) Lists - Case

2) Lists - Employees

3) Lists - Employee Record

4) Setup - Support Case Status

5) Setup - Support Case Type

6) Setup - Support Case Origin

7) Setup - Support Case Priority

8) Lists - Events

9) Setup - Custom Event Fields

10) Lists - Track Messages (for Comment sync)

For the Zendesk App for NetSuite and Freshdesk for NetSuite, you will also need to assign the following NetSuite Permissions to Full:

1) Transactions - Sales Order

2) Transactions - Cash Sale (for some Customized apps)

3) Transactions - Item Fulfillment

4) Transactions - Fulfill Sales Orders

5) Transactions - Return Authorization (for RMA creation feature)

For NetSuite to Handshake SyncApps and Mailchimp eCommerce Sync Feature, the following NetSuite Permissions are also needed:

1) Transactions - Sales Order

2) Lists - Items

3) Setup - Custom Item Fields

4) Setup - Custom Transaction Fields

5) Transactions - Find Transactions

6) Setup Accounting Lists

7) Custom Record - Customer type 

8) Lists - Currency 

9) Lists - Locations 

10) Lists - Documents and Files

Note -- For Handshake SyncApps, "Standard Customer Form" should be enabled for the NetSuite role that is used for SyncApps connection. SyncApps uses the standard form only for updating Handshake external id fields so the Standard Form should not be disabled. You can always use a custom form as your preferred form as in NetSuite, you can have more than one enabled form.

All custom fields that need to be updated by SyncApps such as Handshake Customer/Product ID must be displayed and editable in the preferred form. If the custom field default access is View please add Edit permission to the role that is used for integration.

Also, SyncApps will not integrate NetSuite inactive or Soft Opt-Out records.

Field Mapping:

Do you have custom fields to map between NetSuite and Zendesk?

Additional Field Mapping is optional in your Sync Profile as basic ticket fields such as subject, description, type, status, priority is already mapped.

Try out in edit mode in your Sync Profile in step 4 which is Field Mapping.

Check out this video on How Field Mapping Works:

Enable Additional Field Mappings

If you happen to get an error like the one below, then please add 'Custom Event Fields' permission to your NetSuite record to get around this hurdle.

  • Permission Violation: You need the 'Custom Event Fields' permission to access this page. Please contact your account administrator. (Error code: INSUFFICIENT_PERMISSION)

Need NetSuite Customer to Zendesk Organization fields to map over? See here…

Saved Search Error

If your NetSuite SyncApps is unable to get a specific saved search ID, which you entered in your profile setup or you have any Custom Record creation issues, then the SyncApps will produce the following errors:

  • Marketing Metrics related error (ERROR Unable to get or create a custom record for email marketing history)
  • A saved search with the internal ID xxx does not exist. (Error code: INVALID_SAVEDSEARCH)

These errors are returned by SyncApps due to one of the following cases:

  • The specified Saved Search is not a Contact or Customer or Transaction Saved Search.
  • The invalid/wrong Object Type is selected in the configuration.
  • The specified ID is not a Saved Search Internal ID (Internal ID must be a number). To find the Saved Search internal ID (numeric), just look for the ID which is at the end of the NetSuite Saved Search URL in your browser when you run it.
  • The Saved Search is not set to "Public".
  • Insufficient Permissions for saved search or custom records.

NetSuite Check:

To quickly resolve this issue with your NetSuite Administrator or on your own, please try the following steps:

1. Make sure that the Saved Search Type is correct.

2. The Saved Search Object Type in the configuration must match the one in NetSuite; otherwise, you will get an invalid Saved Search error.

3. In the Saved Search definition, please make sure the "Public" checkbox is checked for the specified NetSuite Saved Search. Please also change the Saved Search owner to the NetSuite username used in your SyncApps setup on Cazoomi.

4. Please try to run the sync to see if it works, if the error still persists, please proceed with the next steps.

5. Please assign NetSuite "Publish Search” global permission to the username that is used in SyncApps. Once the permission has been assigned, try to re-run the sync.

If you still get the same error, please try to recreate a new Saved Search based on the current Saved Search criteria in your NetSuite account.

You can also try to use another NetSuite username to test.

Employee Error

Please add "Employee Record" permission.

The Employee Record permission is a part of the Advanced Employee Permissions Enhancements for release 2018.1. The Employee Record permission replaces the Employee Search and Employee Navigation permissions introduced in NetSuite 2017.2.

Roles assigned with this permission, in combination with employee-specific permission, can search for employees and see employee menus (List > Employees) within NetSuite. 

03 Nov 2019 14:08:09


Unable to find support employees for You cannot perform this search because you do not have permission to access employee data. For more information,  contact your system administrator. (Error code: USER_ERROR)

Note -- Adding permissions to a NetSuite role might not apply immediately so to remove the permission cache you will need to remove the role from the NetSuite user.

Next, save the user then re-add the NetSuite role permission again. Please note it takes up to 24 hours for new permissions in NetSuite to take effect. 

"Unable to log in to NetSuite" Error

Have you encountered an ‘Unable to log in to NetSuite’ error when trying to update/modify your Sync Profile?

When trying to modify your Sync Profile, please make sure that your email, account number, and password are correct. Make your default NetSuite login the role as Admin, and make Admin as Web Services preferred role. Moreover, you can add Full Web Services permissions to the User in NetSuite.

If you did all these and still get this error, kindly take a look here, the error is different yet seems related. Just follow the steps from that article to solve the error.

Please assign the following Global Permissions (set to Full) on the NetSuite user used in SyncApps:

1) Customers

2) Contacts

3) Custom Fields

4) Custom Body Fields

5) Custom Entity Fields

6) Custom Record Types

7) Custom Lists

8) Web Services

9) Transactions (if using this type of Saved Search)

10) Partners (if using this type of Saved Search)

If the error persists after you have changed the password, please also make sure that Chrome Password Saver or PasswordSafe is disabled.  Also, try Chrome Incognito mode if needed.

Check out our blog on How to Avoid the Most Common Permissions Challenges in Integrating with NetSuite

Need some help?

Check out the options below on how you can contact our Support Team and find the answers you need to help you with your SyncApps integrations.

Help Center & Email is 24/7 to | Live Chat & Phone is scheduled.



Check out these Help Desk articles for answers to frequently asked questions.

Get Started | Login Issues | Pricing

Check out our subscriber's story here on how SyncApps helped them save hundreds of hours per year!


Have more questions? Submit a request