Project goal: The primary goal of the analysis is to determine which users have roles, or combinations of roles, that cause a segregation of duties issue in NetSuite.
Tech used: Python
Datasets: The data structure is extracted from NetSuite using the native Saved Search Functionality
Create a new saved search on the Employee search type.
Do not include any Criteria.
Include Name and Role in the Results.
Click Save & Run and export the resulting report to Excel.
Create a new saved search on the Role search type.
Do not include any Criteria.
Include Name, Permission, and Level in the Results.
Click Save & Run and export the resulting report to Excel.
Use the Employee File and the Permissions File from steps #1 and #2 above as the inputs to the analysis and run the code in the SOD Analysis to find the users that have a segregation of duties issue. This analysis focuses on standard NetSuite permissions that could cause segregation of duties issues (e.g. what could go wrong) if not addressed.
- Users that can create journal entries (Make Journal Entry) and approve journal entries (Journal Approval)
- Users that can create customer invoices (Invoice) and can either receive customer payments (Customer Deposit) or record customer payments (Customer Payment)
- Users that can create vendors (Vendors) and pay vendors (Pay Bills)
- Users that can create credit memos (Credit Memo) and can either receive customer payments (Customer Deposit) or record customer payments (Customer Payment)
- Users that can create customers (Customers) and issue customer refunds (Customer Refund)
- Users that can create customers (Customers) and credit memos (Credit Memo)
Please note that each NetSuite instance can be configured either via Suite Script or Workflows to have different transaction routing for different transaction types, so a segregation of duties issue in one environment may not be a segregation of duties issue in a different environment. The data you see in the SOD Analysis was obfuscated using Faker so as not to give away any PII.