https://netsuiteprofessionals.com logo
Join Slack
Powered by
I have user for integration (TBA) and associated R...
# suitescript
z
I have user for integration (TBA) and associated ROLE with VIEW permission for Employee record. At this moment we are in testing stage, just review incoming SOAP XML from external system. Later, in production stage, one UserEvent script with Before and AfterSubmit functions should be triggered, but in testing stage not. I am very surprised with log for UserEvent script, where I found that BEFORE SUBMIT is triggered even user doesn't have SAVE permission. An error is generated, as expected, (INSUFFICIENT PERMISSIONS) but is it normal that BeforeSubmit event is triggered??????
b
they dont
something else is triggering it
z
Only one role has access to script Only SOAP execution context ROLE has VIEW permission I know, sound strange but it's true > Before Submit is triggered before SAVE. NetSuite return Error INSUFFICIENT PERMISSION as SOAP response, we force that error, just track log for UserEvent
b
have you found the matching web service usage log from that time?
z
yes
b
what did the request look like
z
Copy code
<writeResponse>
                <platformCore:status isSuccess="false" xmlns:platformCore="urn:core_2019_2.platform.webservices.netsuite.com">
                    <platformCore:statusDetail type="ERROR">
                        <platformCore:code>INSUFFICIENT_PERMISSION</platformCore:code>
                        <platformCore:message>Permission Violation: You need a higher level of the 'Lists -> Employee Record' permission to access this page. Please contact your account administrator.</platformCore:message>
                    </platformCore:statusDetail>
                </platformCore:status>
                <baseRef xsi:type="platformCore:RecordRef" type="employee" internalId="1953" xmlns:platformCore="urn:core_2019_2.platform.webservices.netsuite.com"/>
</writeResponse>
message has been deleted
SOAP Service LOG, 12:03 timestamp for SOAP and BeforeSubmit log
Here is code ... IF statement is not relevant, filtering only CREATE. But log.AUDIT is always executed
b
its the request i wanted
not the response
although in this case, you should customize your script notes with a formula so that you can get the seconds
you made multiple requests in the same minute
z
the last one is update employee. Other requests are from other side, they retrieve some internal IDs from NetSuite
b
you havent shared enough of your script or your request to exclude that havent written the user event properly
so the basics are to do proper matching
the suspicion is that the update is not what is causing your logs
so you really want to make sure that you are matching those timestamps properly
z
Just to summarize: we have sandbox enviroments, both NetSuite and third-party HR. Everything works perfect, without any issue. Our plan is going live with production enviroments. Just the last one test is : set integration role to have VIEW instead EDIT permissions to prevent any accidentally changes in production account. From HR software we triggered SOAP request and we've investigated SOAP XML content.. Everything is as expected. Even the error INSUFFICIENT PERMISSION, that's why we set VIEW, and then f*ound these BeforeSubmit logs*. Everything is in the real time test... Someone make changes and we watch log ...
the same log from sandbox ... audit is from beforeSubmit, debug is from afterSubmit
b
and at this point, you want to resend the same request to reproduce the behavior
in this case, being extra sure you get the correct request since you made multiple requests in the same minute
which is why you wanted to customize your script notes view to include seconds
z
message has been deleted
message has been deleted
And finally, once again my question : User Service HiBOB has the only one ROLE and that ROLE has VIEW permission for Employee entity. Whatever happened outside of my script, how is possible that user without create/edit/full permission is ALLOWED to trigger BeforeSubmit event?
UserEvent deployment is restricted only to • View-only integration ROLE (audience) • WEBSERVICE execution context
3 Views
Open in Slack
PreviousNext
Powered by