We were recently asked by a new client to review the users and roles on their NetSuite system. Simple questions like how many users have access to the system? Who are the active users and what roles are they using? And we added some basic security inquiries.
You can use the admin “SETUP->Users/Roles->View Login Audit Trail” to get basic information. But it’s simple to create a set of repeatable custom saved searches for ongoing user administration and real insights into your system’s usage. Following are 4 example saved searches and best practices that answer the basic Who’s Who of user administration.
1. Login Audit (admins)
Best Practice:
Use the “SETUP->Users/Roles->View Login Audit Trail” to initiate this saved search. Click the “Create Saved Search” button to create a new saved search with the CRITERIA and RESULTS settings below. Save and Run with the name of your choice.
This report provides the LAST LOGIN of all of your NetSuite administrators. Rarely should there be more than a few Administrators, and they should be recent users! This report lets you determine which admins to potentially deactivate.
What about the CFO and developers? Create custom roles for them like a CFO Role and Admin/Developer Role! And there shouldn’t be any “long lost” logins, like “Consultant” here. Review and remove access to anyone that doesn’t really need Administrator access.
Example REPORT:
Saved Search CRITERIA:
Saved Search RESULTS:
2. Login Audit (active users & roles)
Best Practices:
This provides active roles, a count of usage, and the list of users logging in with that role. This lets you know what roles are being used and if the right staff is using them. In this example, a NetSuite standard role was used (CFO). It is best practice to customize every role you use (making it easier to change and maintain). Also there is one role with many, many logins. This is likely an integration interface but should be validated. Best practice is to have a single role per user, with multiple roles only for backup or special limited access (ie Admin) so that usage is auditable.
This saved search has a bit of formula/SQL wizardry to get the list of users per role. Also adjust the date time criteria to what you want to look at.
Example REPORT:
Saved Search CRITERIA:
Saved Search RESULTS:
3. Login Audit (last logins)
Best Practices:
This saved search provides insights into the last time each user and role logged in. This is key to identifying Users and Roles that may need to be removed from the system. Finding users that haven’t used your NetSuite system for a month should probably have user access removed – or do a performance review! Columns for “Login Access” and “Inactive” are included so that users that have been removed from the system are also visible.
Example REPORT:
Saved Search CRITERIA:
Saved Search RESULTS:
4. Login Audit (failures by IP)
Best Practices:
This is my favorite report. Of course it’s amusing to see how staff fat fingered their login credentials, but what’s important is if there is a very large count of failed logins on a particular IP address. That is likely an indication of someone hacking your system. And you should immediately change that users password. This is an important audit that we recommend be scheduled to email admins reports on at least a monthly basis.
Example REPORT:
Saved Search CRITERIA:
Saved Search RESULTS:
