Netsuite - Assign User Role

Netsuite - Assign User Role assigns roles to employee records in NetSuite directly from Axonius for:

• Assets returned by the selected query or assets selected on the relevant asset page.

When triggered, this action:

• Connects to your NetSuite instance using the REST API.
• Identifies the target employee using their User ID from the configuration.
• Assigns one or more roles to the employee by updating their Roles field.
• Reports success or failure for the role assignment operation.

Required Fields

These fields must be configured to run the Enforcement Action.

• Use stored credentials from the Oracle NetSuite adapter - Select this option to use credentials from the adapter connection. By default, the first connection is selected.

  • When you select this option, the Select Adapter Connection drop-down becomes available. Select the adapter connection to use for this Enforcement Action.

    📘

    Note

    To use this option, you must successfully configure a Oracle NetSuite adapter connection.

• User ID - The NetSuite employee ID to delete.
• Role IDs - List of NetSuite role IDs to assign to the employee. Enter one or more role IDs separated by a comma (,).

• Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.

Additional Fields

These fields are optional.

💡

Connection and Credentials

When Use stored credentials from the adapter is toggled off, some of the connection fields below are required to create the connection, while other fields are optional.

• Company ID - Your NetSuite Company ID (for example: COMPANY_ID from https://COMPANY_ID.netsuite.com).
• Client ID - The OAuth 2.0 Client ID for API access.
• Certificate ID - The Certificate ID for authentication.
• Private Key - Upload the private key file for authentication.
• Private Key Algorithm - Select the algorithm used for the private key.

• Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

• HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

• HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

• HTTPS Proxy User Name (optional) - The user name to use when connecting to the server using the HTTPS Proxy.

• Gateway Name - Select the Gateway through which to connect to perform the action.

How the Action Works

When this action is triggered:

1. Axonius validates that both User ID and Role IDs parameters are provided.
2. The action connects to the NetSuite REST API using the provided credentials or stored adapter connection.
3. It calls the API endpoint: PATCH /services/rest/record/v1/employee/{user_id}
4. The request body includes:
   • Roles.selectedRole.ID: Array of role IDs from the EC configuration
5. The NetSuite API updates the employee record with the assigned roles.
6. Axonius records the result (success/failure) for the operation.

APIs

Axonius uses the Oracle NetSuite API.

API Endpoint: PATCH /services/rest/record/v1/employee/{user_id}

URL Parameters:

• user_id - The NetSuite employee ID from the EC configuration

Request Body:

{
  "Roles": {
    "selectedRole": {
      "ID": ["role_id_1", "role_id_2"]
    }
  }
}

Response: Returns the updated employee record with the assigned roles.

Testing the Connection

Before using this action in a production enforcement, you can test the connection:

1. Configure all required parameters (or select a stored adapter connection).
2. Click Test Connection.
3. Verify that the connection to NetSuite is successful.