Is it possible to find the role of a netsuite employee using TBA as authentication method?

Question

To generate the needed tokens - consumer key, consumer secret, token ID, token secret - we are creating an integration, and access tokens, and assigning them to an employee with a specific role that has access to TBA. (Refer to https://medium.com/@morrisdev/netsuite-token-based-authentication-tba-342c7df56386)

Isn't it possible then, to get that employee's specific role, without little to no hassle?

I'm trying to do so, but I couldn't find a way, so I just started listing all possible employees and require that the person authenticating, other than supplying their 4 tokens (along with their account Id), to also supply their role, which seems stupid. (Once I have the employees, I can pretty much find the one with the needed role, granted they are the only one using it.)

private static void GetEmployees()
{
    EmployeeSearch search = new EmployeeSearch();
    EmployeeSearchBasic esb = new EmployeeSearchBasic();

    esb.isInactive = new SearchBooleanField();
    esb.isInactive.searchValue = false;
    esb.isInactive.searchValueSpecified = true;

    search.basic = esb;
    SearchResult res = Client.Service.search(search);
    res.pageSize = 2000;
    res.pageSizeSpecified = true;

    if (res.status.isSuccess)
    {
        Record[] searchRecords = res.recordList;
        if (searchRecords != null && searchRecords.Length >= 1)
        {
            //Do something...
        }
        else
        {
            //Do something...
        }
    }
    else
    {
        throw new Exception("Couldn't find any employees.");
    }
}

The reason I'm searching for their role, is to make sure it has the needed permissions I'll be using. If I don't need their role to do this task, because it is again tied to the tokens in some way, please let me know how and I'll edit the context where needed.

I'm using the following webservices - https://webservices.netsuite.com/wsdl/v2017_2_0/netsuite.wsdl

Answer 1

You cannot get this information using only SuiteTalk calls. One user can have many roles. In addition Netsuite roles are pretty malleable so unless you are dealing with a standard role they are not much use in determining permissions.

So rather than getting a role you need to check specific permissions.

Your better option would be to create a companion RESTlet that you can query using the same tokens as you are querying SuiteTalk with. Then you can query the RESTlet for permissions ( or just get it to give you all the permissions you care about so you only have to call it once.

You can also require the customer set up the tokens on a user and role that give you what you need. To do this you have to specify the role's permissions which can be a hassle to communicate so finally:

You can also create a Role and Integration record in your dev account and make them available as a bundle. You'd then require your customer to install the bundle and use the role and integration record for the tokens and you wouldn't have to query anything.

Answer 2

Could you create a Restlet in NetSuite?

/**
 *@NApiVersion 2.x
 *@NScriptType Restlet
 */

define(['N/log', 'N/runtime'],
    function(log, runtime) {

        function _get(context) {
            var cUser = runtime.getCurrentUser();
            return cUser.role;
        }

        return {
            get: _get
        };
    }
);

If you can make an HTTPS request to the restlet deployment url using the token, the restlet would return the role.