Does anyone know if there is a way to post to an internal suitelet from a RESTlet? I need to lock down permissions for a role and want to be able to search for some transactions from an internal suitelet run as admin, but give the user basically no permissions and have the role with stripped down permissions get the data from the RESTlet. I didn't have any luck unless I make the suitelet available without login, which kind of defeats the purpose

you will probably have to revise your approach.

Is it not possible to just grant View only permissions to the role for the transactions? That would prevent unauthorized modifications. Or is there some additional security concern apart from that?

Why does the Restlet need the Suitelet at all? It's very likely you could just move the logic that is common to both scripts into a custom module

Sounds like he is proxying through suitelet to get permission elevation

Thanks for the input. I don't think JSESSIONID will work since I need to access transactions that the role making the call to the initial RESTlet doesn't have. I am trying to utilize the Suitelet for exactly the purpose mentioned by jkabot above. I am thinking of utilizing a second RESTlet that would have a role with slightly more permissions and just pass in credentials to the first RESTlet that will be used to post to the second RESTlet from script parameters since that seems like the only viable option at this point?

User events also have an "execute as role" setting so you could process the search through a user event on a custom record that you can give permission for

@jkabot Thank you for the additional ideas...I think a UE might work well in this scenario actually