The file cabinet in NetSuite is a handy tool that lets you store files and attach them to transactions or records. But here’s the thing—if you don’t set restrictions, any file in the cabinet can be accessed by most users who have system access. That’s why securing sensitive folders is so important.
Our Scenario: Securing the Payroll Folder
Imagine you’ve been asked to create a payroll folder that only employees in the Star Wars Fan (SWF) subsidiary with the role of Controller or CEO can access. We’ve already created a group for this in a previous video. Now, it’s time to assign file cabinet restrictions based on that group.
Step 1: Navigate to the File Cabinet
Head over to Documents > Files > File Cabinet.
This is where all your files and folders live. To create a new folder, click the New Folder button.
Step 2: Name and Set Restrictions on Your Folder
Name your folder something clear and specific. For this example, I’m naming it SWF Payroll File — to identify it easily by subsidiary and purpose.
Now, here’s where the magic happens: you can restrict access to this folder by subsidiary, class, department, or location. These restrictions work inclusively, so users must meet all assigned criteria to access the folder.
But since we already created a group for payroll controllers and CEOs, we’ll restrict this folder by that group. Simply select your group under the “Restrict by Group” option.
You can also add a description to your folder. NetSuite’s enhanced text editor can help clean up or polish your notes if you want a little AI assist.
Secure Your Data, Simplify Your Process
Step 3: Additional Options and Important Notes
- You can make this folder a subfolder of another if you want.
- The folder type should be set to store documents and files.
- If you mark the folder private, only you and admins will see it.
- You can also inactivate the folder if it’s no longer needed.
Important: If you use a dynamic group (one driven by a saved search), remember that NetSuite updates these group memberships twice daily. So, if you make changes to employee roles or assignments, those changes might not take effect immediately for access.
Step 3: Additional Options and Important Notes
- You can make this folder a subfolder of another if you want.
- The folder type should be set to store documents and files.
- If you mark the folder private, only you and admins will see it.
- You can also inactivate the folder if it’s no longer needed.
Important: If you use a dynamic group (one driven by a saved search), remember that NetSuite updates these group memberships twice daily. So, if you make changes to employee roles or assignments, those changes might not take effect immediately for access.
Ready to Strengthen Your NetSuite Security?
Step 4: Save and Inherit Restrictions
Once you save the folder, any new folders you create inside it will automatically inherit these restrictions. This helps keep your file cabinet organized and secure without having to set permissions repeatedly.
Step 5: Upload Files and Verify Access
Now you can upload payroll files directly into this folder. Anyone who isn’t part of the assigned group won’t be able to see the folder or its contents.
You can always double-check the permissions on the folder to confirm the restrictions are applied correctly.
Protect Your Business Data
Frequently Asked Questions (FAQs)
The File Cabinet is a centralized storage area where you can upload, organize, and attach files to records, transactions, and workflows.
Without restrictions, most users with access to the system can view files—creating a potential security risk for sensitive data like payroll or HR documents.
Only users who meet all assigned criteria—such as belonging to a specific subsidiary, role, or dynamic group—will be able to access the folder or its contents.
Subsidiary-based restrictions control access by company entity, while group-based restrictions give you more flexibility by targeting specific users or roles across subsidiaries.
Yes. Dynamic groups automatically update based on saved searches, ensuring permissions stay current as employees change roles or subsidiaries.
NetSuite updates dynamic group memberships twice daily, so new access changes may take up to 12 hours to reflect.
Subfolders automatically inherit the same restrictions as the parent folder, keeping your file structure organized and secure.
Yes. Private folders are visible only to the creator and admins, while inactive folders are hidden but retained for record-keeping or audit purposes.
Check the folder’s permission settings or log in as another user to verify whether the restricted folder is hidden or inaccessible.
Yes. Once restrictions are applied, all files within that folder immediately follow the same visibility and access rules keeping sensitive content secure.
