Good morning! I’m trying to create a custom role with the minimum permissions needed for a script. Does anyone know what permissions I need to run the following?

var result = search.lookupFields({
    type: 'customer',
    id: customerId,
    columns: [
        'taxable',
        'taxitem'
    ]
});

I’ve tried Lists->Customer->View/Edit, Lists->PerformSearch->View/Full. In my custom role, it’s returning an empty object. With the Admin role, it correctly returns the field values.

One thing I have found is that SuiteScript 1.0 tends to give helpful errors when permissions are preventing something, where SS 2.x often does not (either just doesn't work, or you get a generic error). you could try a simple SS1 script with

var result = nlapiLookupField('customer', customerId, ['taxable', 'taxitem']);

to see what error gets thrown.

@Mike Robbins This is a long shot, but does granting the role Lists > Customer Profile help?

@scottvonduhn Good idea. SS1 returns null for this request with the custom role as well. @tdietrich Still not working after adding Customer Profile. Since it works in 2020.1, I’m going to open a support case. Thanks for the ideas, guys!

strange that it works in 20.1, but not in 20.2 - but I have seen a general tightening of permissions with each major release, requiring us to grant pre-existing roles permissions they didn't need before.

FYI, this ended up being the subsidiary restriction on the role in 2020.2 which wasn’t on that same role in the 2020.1 environment. Thanks again for your ideas, guys! I feel a bit silly after seeing this.