Part Three: Scripts, Workflows, and CSV Import Security

Now that we discussed why and how to use the CSV Import function – as well as some common limitations and mistakes to avoid – we are going to look at scripts and workflows affecting the imported data and how it interacts with the security parameters established in your NetSuite environment. These two sections will help you use this function while preserving the structure already in use.

 

Scripts, Workflows, and CSV Imports

Remember, when using the CSV import engine, you are actually creating/updating real records in NetSuite, just as if you were doing so via the user interface.  As a result, it is important that you verify any scripts and workflows operating against the record type in question will function correctly when records are created/updated via import. For instance, it is important to make sure that, if the record type in question would ordinarily go through an approval process when created via the UI, it will also go through that approval process when created via import.

Here are a few more things to consider when using this process:

1. “CSV Import” is considered a scripting and workflow “Context.”
   • Scripts and workflows only fire for designated Contexts (user interface, CSV import, etc.). This means that a script or workflow that fires when a user interacts with a record type via the UI might not fire when records of that type are created/updated via CSV import. It is important to understand for what contexts the various scripts and workflows operating against the record type in question are set to fire, and to make sure that those contexts are appropriate prior to processing import jobs. An appropriate technical resource can help you make this determination.
2. Consider CSV Imports When Designing Workflows and Scripts
   • While this may not apply to the average user, it is important that those employees involved in designing and implementing scripts and workflows consider whether the records affected are regularly created or updated via CSV import. When designing a robust approval process, check to see if the record type in question is created via import before establishing the scripts/workflows governing that process. This will ensure the scripts and workflows fire correctly for those contexts.
3. The CSV Import “Advanced Options” menu can be used to turn scripts and workflows on or off.
   • This option can be useful if you are updating historical records and do not want to re-trigger scripts and workflows that would ordinarily fire if such records were edited via the UI. Note that access to this setting is governed by a specific permission, separate from the general CSV import permission, pictured below:

Security and CSV Imports

While the CSV import engine is a powerful and useful tool, it does allow users to create or modify records quickly and in bulk – Access to this functionality should be restricted to specific users. Below are a few things to consider when thinking about security measures surrounding CSV Imports:

To access these settings, go to “SetUp” -> “Users/Roles” -> “Manage Roles,” and choose “Import CSV File” from the list of permission settings under Setup, pictured below:

1. The general ability to import or update records via CSV is controlled by the “Import CSV File” permission found in the Setup permissions list on the Role form.
   • Note that the only level available to this permission is “Full.”
2. Users with the “Import CSV File” permission are still restricted based on the record types to which they have access.
   • For instance, a user with the permission to import CSV files but without the permission to create or edit sales orders will not be able to create/edit sales orders via CSV.
3. Access to the option to disable workflows and scripts per import is controlled separately via the “Control SuiteScript and Workflow Trigger per CSV Import” permission.
   • Note that the company-wide default for this option is set under CSV Import Preferences.

By establishing security permissions, you can restrict who has the ability to create certain record types while still giving them access to the CSV Import function. This is one way to enable your team’s use of the function while maintaining the current security parameters. Ensure you’ve enabled your team’s success by monitoring scripts, workflows, and security restrictions before deploying this function to avoid incorrect records.

Tune in next week for part four of the CSV Imports Series featuring a list of best practices, a real world example, and the conclusion of the series.