What level of user permissions does my NetSuite integration need?

Hi there!

Do you have any questions regarding the integration options?

Are you encountering challenges with your NetSuite integration and sync procedures?

Well, we are super delighted to inform you that we provide our NetSuite integration platform for any inquiries and guarantee our implementation solutions.

In case you are encountering any challenges, please feel free to send us your question(s) and our team will help out.

In the meantime, this inquiry sample with one of our subscribers might help you shed some light on your question too:


What level of permission does this account need? It does not update customer/contact/transaction info, so I assume view only for those records is fine. For case records probably edit permission?

If I am going to use the Enterprise plan and need to integrate Salesforce for NetSuite too what permissions do I need to add?


NetSuite will not allow using Administrator/Full access role for API starting 2019.1 but still allow the use of a custom role with Full permissions on some objects (Contacts, Customers, etc.).

Try out below the Best Practice for SyncApps integration setup for NetSuite role/permissions:

  1. Create a NetSuite Custom Role
  2. Assign required permissions to the NetSuite Custom Role (Permissions List based on integration)
  3. Assign the role to NetSuite username used in your SyncApps integration


Getting the hang of it? Now you get to have the specific PERMISSIONS LIST:

Please assign the following Global Permissions (Full) to the NetSuite employee's record for the user credentials, NetSuite Custom Role, used in SyncApps for Salesforce, Zendesk, and Handshake.  If you have not selected Global Permissions in NetSuite, then please enable this feature.

If using multiple roles in NetSuite:

If the NetSuite user configured in SyncApps has more than one role, please set the default role to be used for web service to your NetSuite Custom Role.


1) Customers

2) Contacts

3) Customer Status

4) Custom Fields

5) Custom Body Fields

6) Custom Entity Fields

7) Custom Record Types

8) Custom Lists

9) Setup Campaigns (for Subscription sync)

10) Web Services

11) User Access Token (for Token-Based Authentication)

12) Transactions (if using this type of Saved Search)

13) Partners (if using this type of Saved Search)

Please continue scrolling down, you might have other integrations with SyncApps and might need to permit more lists.


For Zendesk for NetSuite SyncApps you will also need to assign the following NetSuite Permissions to Full:

1) Case

2) Employees

3) Support Case Status

4) Support Case Type

5) Support Case Origin

6) Support Case Priority

7) Events

8) Custom Event Fields

9) Track Messages (for Comment sync)


For the Zendesk App for NetSuite you will also need to assign the following NetSuite Permissions to Full:

1) Transactions - Sales Order

2) Transactions - Cash Sale (for some Customized apps)

3) Transactions - Item Fulfillment

4) Transactions - Fulfill Sales Orders

5) Transactions - Return Authorization (for RMA creation feature): Full


For NetSuite to Handshake SyncApps the following NetSuite Permissions are also needed:

1) Sales Order

2) Items

3) Custom Item Fields

4) Custom Transaction Fields

5) Find Transactions

6) Accounting Lists

7) Custom Record -> Customer type 

8) Lists -> Currency 

9) Lists -> Locations 

10) Lists -> Documents and Files


For Handshake SyncApps "Standard Customer Form" should be enabled for NetSuite role that is used for SyncApps connection. 

SyncApps uses standard form only for updating Handshake external id field so the Standard Form should not be disabled.

You can always use a custom form as your preferred form as in NetSuite you can have more than one enabled forms.

Also, SyncApps will not integrate NetSuite inactive or Soft Opt-Out records.

Field Mapping:

Do you have custom fields to map between NetSuite & Zendesk?

Additional Field Mapping is optional in your Sync Profile as basic ticket fields such as subject, description, type, status, priority is already mapped.

Try out in edit mode in your Sync Profile in step 4 which is Field Mapping.

Enable Additional Field Mappings

If you happen to get an error like below, then please add 'Custom Event Fields' permission to your NetSuite record to get around this hurdle.

  • Permission Violation: You need the 'Custom Event Fields' permission to access this page. Please contact your account administrator. (Error code: INSUFFICIENT_PERMISSION)

Need NetSuite Customer to Zendesk Organization fields to map over?

See here…


Saved Search Error:

If your NetSuite SyncApps is unable to get a specific saved search ID which you entered in your profile setup or you have any Custom Record creation issues then the SyncApps will produce the following errors:

  • Marketing Metrics related error (ERROR Unable to get or create a custom record for email marketing history)
  • A saved search with the internal ID xxx does not exist. (Error code: INVALID_SAVEDSEARCH)


These errors are returned by SyncApps due to one of the following cases:

  • The specified saved search is not a Contact or Customer or Transaction Saved Search
  • Invalid object type is selected in the configuration
  • The specified id is not a saved search Internal ID (Internal ID must be a number)
  • The saved search is not set to public
  • Insufficient permission for saved search or custom records


NetSuite Check:

To quickly resolve this issue with your NetSuite Administrator or on your own please try these following steps:

  1. Make sure that the saved search type is either Contact or Customer
  2. The saved search object type in the configuration must match object type of the saved search object Type in NetSuite; otherwise, you will get invalid saved search error.
  3. In the saved search definition, please make sure the "Public" checkbox is checked and "Available as List View " is unchecked for the specified saved search. Please also change the saved search owner to the NetSuite username used in your SyncApps setup on Cazoomi.
  4. Please try to run the sync to see if it works, if the error still persists, please proceed with next steps.
  5. Please assign NetSuite "Publish Search” global permission to the username that is used in SyncApps then try to re-run the sync after the permission is assigned.
  6. If the NetSuite user configured in SyncApps has more than one role, please set the default role to be used for web service. The role to be used should have access to saved searches custom fields, customers, contact objects. If possible, please use your NetSuite Administrator role for testing then you can change to another role if the test runs successfully.

If you still get the same error, please try to recreate a new saved search based on the current saved search in your NetSuite account.

You can also try to use another NetSuite username to test.

Employee Error:

Please add "Employee Record" permission.

The Employee Record permission is a part of the Advanced Employee Permissions Enhancements for release 2018.1. The Employee Record permission replaces the Employee Search and Employee Navigation permissions introduced in NetSuite 2017.2.

Roles assigned with this permission, in combination with an employee specific permission, can search for employees and see employee menus (List > Employees) within NetSuite.

12 Dec 2018 14:08:09 ERROR Unable to find support employee for xyz@me.com. You cannot perform this search because you do not have permission to access employee data. For more information,  contact your system administrator. (Error code: USER_ERROR)


Setting a Default Role for a Web Services User

*This is not applicable for Token Based Authentication

If a username has more than one role and default web service role is not specified for the user, SyncApps cannot be sure which role will be taken so the username will work if you set Administrator (or specific role created for SyncApps) for the role to default web service role.

To set a specific default role for a Web services user:

  1. Click Setup > Integration > Web Services Preferences.
  2. Select the desired user from the Name drop-down list.
  3. Select the default role to use for Web services requests for this user.
  4. The internal ID for the selected role automatically populates the ID field.
  5. Click Done.
  6. Click Save.

If you still have a permission issue after setting the web service default role, please contact support@cazoomi.com to enable a setting that will allow specifying Role ID explicitly in SyncApps like in the following screenshot.

Role ID for Administrator is: 3

save image


Note: Adding permissions to a NetSuite role might not apply immediately so to remove the permission cache you will need to remove the role from the NetSuite user. Next, save the user then re-add the NetSuite role permission again.

Please do not forget to give us some feedback if our support was helpful. We strive to provide the best user experience from your feedback.

Have more questions? Submit a request