NetSuite ToolsTips and Tricks

Who’s Who Administration

By December 17, 2019 No Comments

We were recently asked by a new client to review the users and roles on their NetSuite system. Simple questions like how many users have access to the system? Who are the active users and what roles are they using? And we added some basic security inquiries.

You can use the admin “SETUP->Users/Roles->View Login Audit Trail” to get basic information. But it’s simple to create a set of repeatable custom saved searches for ongoing user administration and real insights into your system’s usage. Following are 4 example saved searches and best practices that answer the basic Who’s Who of user administration. 

1. Login Audit (admins)

Best Practice:

Use the “SETUP->Users/Roles->View Login Audit Trail” to initiate this saved search. Click the “Create Saved Search” button to create a new saved search with the CRITERIA and RESULTS settings below. Save and Run with the name of your choice. 

This report provides the LAST LOGIN of all of your NetSuite administrators. Rarely should there be more than a few Administrators, and they should be recent users! This report lets you determine which admins to potentially deactivate. 

What about the CFO and developers? Create custom roles for them like a CFO Role and Admin/Developer Role!  And there shouldn’t be any “long lost” logins, like “Consultant” here. Review and remove access to anyone that doesn’t really need Administrator access.

Example REPORT:

LAST LOGIN USER EMAIL ADDRESS
4/15/2019 10:14 AM Consultant consultant@numusgroup.com
12/5/2019 7:25 PM Cash Shurley cash@numusgroup.com
11/25/2019 9:30 PM Barry Price bpriceless@numusgroup.com

(note: For the sake of illustration all of the names and emails here are Numusgroup staff)

Saved Search CRITERIA

Saved Search RESULTS

2. Login Audit (active users & roles)

Best Practices:

This provides active roles, a count of usage, and the list of users logging in with that role. This lets you know what roles are being used and if the right staff is using them. In this example, a NetSuite standard role was used (CFO). It is best practice to customize every role you use (making it easier to change and maintain). Also there is one role with many, many logins. This is likely an integration interface but should be validated. Best practice is to have a single role per user, with multiple roles only for backup or special limited access (ie Admin) so that usage is auditable.

This saved search has a bit of formula/SQL wizardry to get the list of users per role. Also adjust the date time criteria to what you want to look at. 

Example REPORT

Count of Logins

ROLE

USERS

1

CFO Consultant

10

Administrator Cash Shurley, Barry Price

53

NG Development Manager Andrew Fehler, Sterling Rose, Dan Wilson, Barry Price

2,326

SPS Commerce Automation SPS Commerce

2,390

Total

Saved Search CRITERIA

Saved Search RESULTS

3. Login Audit (last logins)

Best Practices:

This saved search provides insights into the last time each user and role logged in. This is key to identifying Users and Roles that may need to be removed from the system. Finding users that haven’t used your NetSuite system for a month should probably have user access removed – or do a performance review! Columns for “Login Access” and “Inactive” are included so that users that have been removed from the system are also visible.

Example REPORT:

LAST LOGIN USER ROLE Login Access Inactive
4/1/2019 12:00pm Former Employee NG Develment Manager No Yes
4/15/2019 10:14 AM Consultant CFO Yes No
12/5/2019 7:25 AM Cash Shurley Administrator Yes No
11/25/2019 9:30 AM Barry Price Administrator Yes No
12/4/2019 7:51 PM Barry Price NG Development Manager Yes No

Saved Search CRITERIA


Saved Search RESULTS

4. Login Audit (failures by IP)

Best Practices:

This is my favorite report. Of course it’s amusing to see how staff fat fingered their login credentials, but what’s important is if there is a very large count of failed logins on a particular IP address. That is likely an indication of someone hacking your system. And you should immediately change that users password. This is an important audit that we recommend be scheduled to email admins reports on at least a monthly basis.

Example REPORT

FAILED LOGINS USER IP ADDRESS
10 Consultant 73.192.147.32
4 Cash Shurley 13.216.42.130
2 Barry Price 13.216.42.130
16 Total

Saved Search CRITERIA

Saved Search RESULTS

These simple Login Audit saved searches let an administrator quickly see Who’s Who in a NetSuite system. As consultants, we deal with multiple NetSuite instances on a daily basis, and have lots of tips and tricks to help out.  Got a question, or need general NetSuite help? Let’s talk! Also check out our SuiteMates™ offering. For a low commitment you can have experts on call.

Leave a Reply