Employees and Users
In this video we take a look at Employees, Users, Permissions and Roles. We cover how each of these components interact with the others. We go over creating new employees and users, and some best practices when creating them. We talk about expense and purchasing limits, enabling commissions on the employee record, and storing sensitive data in the employee record. We cover turning employees into users, and notifying those employees of the change in a way that will help them get started working immediately. We talk about customer and vendor login accounts. We talk about roles and billing, and how the two interact. Finally we talk about how roles and permissions work, and where to get some more help with them if you need it.
Transcript
In this video we are going to look at employees, users and permissions, and how they relate. This will only be a high-level overview, since this is an intro course, however it should provide a solid foundation upon which to continue building your knowledge.
Before we dive into NetSuite, let’s take a look at how the concepts of employees, users and roles work. The first part that we start with are the employee records here on the left. The next part are the roles which we have here on the right. In our case we are looking at the Accounting and the Shipping Role. Notice that each of these starts out blank, that is how all new roles start. Each of these roles can be given permissions to access certain types of records, or perform certain functions. NetSuite also has several built-in roles, that do have permissions applied to them by default.
Right now, nothing yet connects the employees to the roles. The connection is made through the use of the user account or record. The user record is secured by an email and password login. Each employee typically only has one user account tied to their employee record. Most administrators consider the employee record to have become a user record once access has been granted.
Each user record must have at least one role that it is associated with, however it can have more than one. Multiple user records can be setup to access the same role. So, while this first user might be able to access both the accounting and shipping role, this second one might only be able to access accounting. Likewise, the third user might only be able to access shipping. Employees are not the only records that can be used to access NetSuite. Vendors and Customers can be setup for access as well. But since employees are the records that are used most often, we will start by looking at them.
Now that we understand how this works conceptually, let’s take a look at NetSuite and see how it works in practice. If we go to Lists, then Employees, we get a list of all the employees we have. Let’s create a new one by clicking New Employee.
The first thing we need to fill in is the name. I’ll go ahead and type in John Newguy. And this isn’t immediately clear here, but on the standard form, the name fields are organized, First Name, Middle Initial, and Last Name. The Initials and employee ID automatically populate, based on the name.
In my instance of NetSuite, the name and the subsidiary are the only two fields that are actually required, however I recommend getting into the practice of filling in at least a few basic pieces of information for each employee. At a minimum you should have the phone number, their job title, their supervisor, their subsidiary, which is required anyway, their department and their location. The phone number is so you, or someone else, administering NetSuite can contact them if needed. I recommend the other fields due to how they are used in the system. The supervisor is used when viewing the organizational hierarchy, and for purchase and expense routing if another method is not in place. The Subsidiary, Department and Location are used in numerous reports, and with other functionality throughout the system.
If we click the Human Resources tab, and scroll down a little further, we see check boxes for Sales Rep, Support Rep and Project Resource. The sales rep checkbox controls whether this employee can be selected for things like being a sales rep on a sales order. The support and project do the same things for support and project resources. For example, if the support rep box was not checked, you could never assign a case to this employee.
A little further down, we have expense and purchasing information. Purchases are for things you are asking the company to purchase directly, usually through a purchase order. A purchase might be an order of a thousand promotional shirts to give away at a tradeshow. Expenses are for things you have purchased on your own, and the company will be reimbursing you for them. An expense might be a meal you ate with a potential customer at the tradeshow. Each of these can have an approver, a limit, and an approval limit. The approver will default to the employees’ supervisor, if nothing else is filled in. Let’s fill this out for John.
We can set his purchase approver to be Amy Nguyen, rather than his direct supervisor. We can also set his purchase limit to be $500, which means anything above $500 would need to be approved by Amy before it is purchased. Since John might have people that work for him, and he might need to approve their purchases, we can also set a purchase approval limit for him of $5,000. So, if one of John’s subordinates orders something that is under this amount, but over their limit, he will need to approve it. If it is over this amount, Amy might need to approve it. We can fill in similar information for expenses as well, and it works the same way, except for expenses rather than purchases. I recommend coming up with both an approval, and a limit structure document that you can come back to as a reference.
If we scroll back up a little bit, and click on the Time Tracking subtab, we have one last approver to set, and that is the time approver. This is the person responsible for approving the time entries for John. If nothing is selected here, the default is his supervisor.
The commission subtab allows us to select if the person is eligible for commissions or not. This works similarly to the sales and support rep checkboxes.
Before we save this record, I want to come back over and check out a few places that contain sensitive data. Here in the Human Resources tab, there is an option to include things like their social security number and birth date. Scrolling down there are also fields for the employees work status, emergency contacts and education. There isn’t a problem with collecting this information, or storing it in a system like NetSuite. The biggest issue is which people inside the company can see the data. Anyone with administrator permissions can see all of this data, and there are other roles that can see it too. So just make sure you know who can see what before you populate this information.
Let’s scroll back up to the top and save this record. After a moment we get the green bar telling us that it saved the record successfully.
Creating an employee record is just the first step to granting access. The next step is to turn the employee into a user, and assign the appropriate permissions with a role. While this can all be done in one step, my experience has been that HR usually creates the employees and IT usually turns them into users of the system.
If we click edit, then scroll down to the access subtab, we can begin turning this employee into a user. The first thing we want to do is click this, give access, checkbox. I'll also select to send a notification email. Normally, I wouldn’t check this, because I don’t like how this email looks, but for this example, I want us to be able to take a look at this email. I will also show you an email template outline that I use, that you can as well. We need to provide a default password, and confirm it, for this user, so let’s do that. Lastly, I always recommend that you check the require password change check box when setting up a new user.
For every user we setup, we must select a role. Like we talked about earlier, this role determines what the user is, and is not, allowed to do, and how they see the system. I’ll go ahead and choose Inside Sales. We can choose multiple roles. So if, in this case, John also did some purchasing in the system, I could add that role. If there was another permission that this user needed, that he didn’t get through the roles we had already assigned, we could assign him that permission as well. This means that we don’t have to give him a third role, or customize a duplicate role for John only. We do that over here in the global permissions subtab. I’ll go ahead and give him permission to access the payment audit log. I can select what level of permission I want to provide, but view is fine for this.
We also have a history subtab. Since this is a brand new user, there won’t be any history to show, however if you have an existing user, this is where you could see changes that were made to their account. One last thing we need to do is add an email address for John; since that is both what is used to login with, and since we are having the system send him an email. Now we can scroll back down, and click save. John has now been changed into a user, and given access.
When we setup access we selected to send a notification email. I’ll go ahead and open up my Gmail account and we can take a look at how that email looks. Reading through this email, it is not too informative, and this is why I usually don’t send an email from the system. Whether you should send passwords through internal email, even when they are really only temporary passwords is a hotly debated topic. I tend to send them, but verify that the recipient received the email and successfully changed the password. But you should do whatever you or your business feels comfortable with.
This is an example of a typical email that I might send out, however in many cases the emails that I send contain a little more information than this anyway. I might include information about contacting my company’s internal IT helpdesk, and might include links to some of NetSuite’s getting started videos and help articles for example.
At this point, John should be able to login to NetSuite, just as we saw in one of the first videos in this course. One of the most important things I would do is follow up with John to make sure he was able to get into the system. I would also follow up again in a few days to see if he had any questions, or needed help with the system.
In addition to being able to provide access to employees, we can also provide it to vendors and customers. If setup correctly, this is useful for both. Vendors can see finalized purchase orders and get them shipped sooner. They can also see potential orders and use this information to alert you to any problems fulfilling those orders. This helps your business be better integrated with your suppliers. For customers, this works similarly to an extranet. Customers can login and purchase products, or alert you to future purchases they may have coming down the line. This allows you to better prepare for large orders. They can also pay their bills and view invoices, among other actions.
To do this for vendors, we first need to pull up the vendor we want to give access to. I’ll go ahead and chose AL Systems here at the top of our vendors list. Let’s click the System Information then the Access subtabs. From here we can select to give access to the vendor, provide a password, and select a role the vendor should have. For most vendors this will be either the Vendor Center, or a modified version of that role. You can probably tell this works very similarly to the way in which employees are granted access. The email the system generates is also very similar. When setting up vendors I also use a custom email, however since the email itself is no longer internal, I usually don’t send the password with it.
We can also grant a customer access to the system. Let’s bring up our Colorado Rockies customer. Again we scroll down to the System Information subtab, then to the Access subtab. This looks similar to, but not exactly like the vendor. For roles, we can only select ones that have the customer center type. In my case there are two, Customer Center itself, which is default out of the box, and Customer Portal which is custom to my instance of NetSuite. Setting this information works similar to vendors and employees.
The last thing I want us to take a look at are roles. We have been talking a lot about them, but have not really covered too much of what they are until now. Roles control how users, such as employees, vendors and customers, access NetSuite. They also, to some extent, deal with how NetSuite is billed. We won’t talk about billing much, but suffice it to say, you are generally charged based on the number of users who can access your NetSuite instance. But how you are charged for each user depends on what type of role they have, the Employee Center for example costs about a fifth as much as most other roles. The customer and vendor centers are often less expensive than others as well.
We get to roles by going to Setup, then Users/Roles, and clicking Manage Roles. This popup box is just letting me know that I have not saved this customer since making changes to them. This list shows all of our roles, there are seventy four of them right now, and we would see the rest if we scrolled down. We can tell if these are standard or custom by looking in the Custom/Standard column. Standard Roles are generally those delivered with NetSuite, whereas Custom ones are generally those that are created or modified by your administrator. If a third party bundle or app, installs a role, it can be either custom or standard, and it will depend on how the developer configured it.
We could view the role and how it is setup by clicking on its name. We can edit or customize it by clicking the edit or customize link. For the most part, standard roles will have this customize link whereas custom ones will have the edit link next to them. If you click Edit next to one with an Edit link, you are making changes to that role. If you save the changes you made, you will be changing that role for anyone who uses it. If it instead has a customize link, clicking that link will open the role up to be modified, however you can only save it as a copy, which will create a new custom role. In a sense you can’t ever really change standard roles. For this reason, many companies create a copy of all the standard roles, then disable the original ones. This way, any they have someone use, can be customized.
Let’s go ahead and click Edit, next to machine shop, and we can take a look at what customizing and editing a role looks like. This one does not have very many permissions, and that’s actually why I picked it. Because this is only an intro course, we are not going to spend time looking at the different permissions and what they do, however you can look through these options at your leisure. To add permissions, all you need to do is select the drop down and select the permission. Once selected, you can change the permission level, or just add it. If you need to come back and modify a permission level, you can do so easily by selecting the permission and clicking to change the permission level. When all your changes are made, you can scroll to the top or bottom and click save to save the changes to the role. We only looked at the permissions tab, but most of the other tabs work very similarly.
There are literally thousands of permissions to manage across all the different tabs for roles, and knowing what permission you need to provide to someone, so they can perform a specific action can be difficult. NetSuite has a spreadsheet that details many of the permissions, and most importantly it is searchable. You can find this under article ID 9911, it’s titled Permissions Documentation. There are also some other tools, like role comparisons, that can help you figure out why one role can do something that another one can’t.
There is a lot more to cover for users, roles and permissions, but you should now have a general understanding of how they work.