Has anyone explored the `rolepermissions` analytic...
# suitescript
m
Has anyone explored the
rolepermissions
analytics data source at all using SuiteQL. Out of curiosity, I tried a
SELECT * FROM rolepermissions where role='3'
to see a list of all the permissions assigned to the admin role and noticed a ton of permissions weren't actually listed. I am in fact running this query as an admin, so there shouldn't be any risk that there are permissions I'm just not allowed to see. Very strange results
b
you can now finally answer the age old question: Does an Administrator have all permissions, or is it unaffected by permissions
m
The funny thing is I'm still stumped lol. My admin role has 74 permissions, but they seem to be pretty random. I have many other roles with well over a hundred permissions
I would've expected the admin to have all permissions, or maybe just a few special ones
It's disappointing that it doesn't even align with the UI (you can now view the list of admin permissions in the UI interestingly enough)
b
i believe you missed the point
administrator probably doesnt use permissions
any permissions it has was probably generically added to all roles
m
No I gotcha. I just expected that if the administrator role didn't use permissions, then it would just have none, not just some random ones
@battk so you don't know of a way to effectively get a list of all possible permissions, do you? I don't see another table that has a list of all permissions
b
Permissions Documentation is the mostly complete version
the suitescript version is Permission Names and IDs
m
Ah so suitescript, not via suiteql
b
a quick look through the Records Catalog suggests you may also want the PermissionType table
m
ah that looks intriguing! Checking that out right now
Thanks as always @battk
@battk I was trying to create a role that essentially has read only access to everything. In the past, I've dealt with manually clicking through and assigning every possible permission, but wanted to come up with a solution using code. I was going to have a simple script that queries all available permissions and create a new role with all of the permissions, but I just am now seeing that the role record is only searchable with suitescript. So there is literally no way to programmatically created a "READ ONLY - ALL" role?
b
you can run code in the console while creating the role in the ui
m
lol just like suitescript + jquery?
the problem is that I would need to do this for netsuite accounts that I don't actually have direct access to (so I was trying to bundle up some restlets etc.)
b
you can include roles in bundles
or sdf
m
yup, that's what I do today (include roles in bundles). The problem is that if I put a role in a bundle, I am limited to the permissions I have available in my own developer account. So if I create a "Read Only - All" role in my own account, it wouldn't necessarily be the equivalent of a "Read Only - All" role in any NetSuite account. Any client that downloaded the role would have to then search through all available permissions in their own NetSuite account and add any missing ones to the role. Bleh
b
obviously enable all the features
alternatively sdf
m
I have tried enabling all the features lol. NetSuite doesn't make them all available though in developer accounts
Essentially just a huge rabbit hole
b
i believe you can ask for an account with access to more features
m
Yeah I've done that and generally they will add the feature. I've had some issues though getting other features enabled.
The reality is that NetSuite should have an "Admin - Read Only" style role. They just don't and it's unfortunate
These are honestly such insane workarounds
And of course even if I had a NetSuite account with literally every feature enabled, many NetSuite accounts have custom transaction types configured, so I'd still need to have users manually edit the role to add those permissions
b
if you are desperate, you can try experimenting with the record anyways in serverside suitescript
lots of records that dont have full support have limited undocumented levels of support
m
ah interesting will check that out. I'd say I'm more frustrated than desperate 🙂