Permissions reference
How File Storage grants access to its functionality, and how to give your users the right level of access on each role.
The model
FullClarity does not expect customers to assign the bundled FC Storage role to their users. Instead, File Storage permissions are granted into the customer's existing roles — Project Manager, AP Clerk, Document Controller, whatever your users already use — so they can work with files through File Storage as part of their normal day-to-day NetSuite role, without role-switching.
A dedicated Suitelet (the allocator) handles the underlying NetSuite plumbing. You pick a role and click Grant; the Suitelet works out which File Storage custom records need to be granted on the role and writes them in one operation. When File Storage ships new custom records in a future release, re-running the Suitelet for the same role tops up the missing permissions automatically.
How to grant access — the allocator
The allocator gives a role Full access to all File Storage custom records. This is the recommended path for almost every role that needs to read, upload, or delete files.
- Navigate to FullClarity → Storage → Assign Permissions.
- Select the role you want to grant access to in the Selected Role dropdown. Only roles flagged iscustom appear in the list.
- Click Grant. The Suitelet adds the required File Storage permissions to the role and records the grant in the FC Storage Information record.
To revoke a role's access, repeat steps 1–2 and click Revoke. The Suitelet removes every File Storage custom record line from the role's permissions, cleanly and symmetrically.
Use the allocator unless you have a specific reason not to
The allocator is the recommended path. It's the only way to get upgrade-safe permissions — when File Storage adds a new custom record in a future release, re-running the allocator picks it up. Manual permission configuration (see below) is not upgrade-safe.
Manual permission configuration
If a role needs narrower access than Full — for example, view-only access for an external auditor, or create-without-delete for a clerk — the allocator can't help. The allocator only grants Full. To restrict a role to View, Create, or Edit, configure the permissions manually using the tables below.
Manual permissions are not upgrade-safe
When File Storage is upgraded with new custom records, any role configured manually will not automatically receive permissions on the new records. Admins who configure permissions manually need to revisit each role after every File Storage upgrade to add the new objects. The allocator handles this automatically — use it where you can.
Prevent access
To prevent a role from accessing any File Storage functionality, ensure that no permissions are granted on the FC Storage Files custom record. Without that permission, the widget cannot render for the role.
View-only access
Allows a role to view files but not upload or delete them.
In addition to the appropriate access (View, Edit or Full) on the host record where files are stored, grant the following permissions:
| Group | Item | Permission value | Notes |
|---|---|---|---|
| Lists | Subsidiaries | View | Required in multi-subsidiary (OneWorld) accounts |
| Setup | SuiteScript | View | |
| Custom Record | FC Portal API Urls | View | Users should never be given higher than View on this record |
| Custom Record | FC Portal Configuration | View | Users should never be given higher than View on this record |
| Custom Record | FC Portal Information | View | Users should never be given higher than View on this record |
| Custom Record | FC Portal Storage Region | View | Users should never be given higher than View on this record |
| Custom Record | FC Storage Files | View | |
| Custom Record | FC Storage Files Versions | View | |
| Custom Record | FC Storage Information | View | |
| Custom Record | FC Storage Message Attachments | View | |
| Custom Record | FC Storage Valid Type | View |
Create-only access
Allows a role to upload files but not delete them.
In addition to the appropriate access on the host record, grant:
| Group | Item | Permission value | Notes |
|---|---|---|---|
| Lists | Subsidiaries | View | Required in OneWorld accounts |
| Setup | SuiteScript | View | |
| Custom Record | FC Portal API Urls | View | Never higher than View |
| Custom Record | FC Portal Configuration | View | Never higher than View |
| Custom Record | FC Portal Information | View | Never higher than View |
| Custom Record | FC Portal Storage Region | View | Never higher than View |
| Custom Record | FC Storage Files | Create | |
| Custom Record | FC Storage Files Versions | Create | |
| Custom Record | FC Storage Information | View | |
| Custom Record | FC Storage Message Attachments | View | |
| Custom Record | FC Storage Valid Type | View |
Read-and-write access
Allows a role to upload and delete files.
In addition to the appropriate access on the host record, grant:
| Group | Item | Permission value | Notes |
|---|---|---|---|
| Lists | Subsidiaries | View | Required in OneWorld accounts |
| Setup | SuiteScript | View | |
| Custom Record | FC Portal API Urls | View | Never higher than View |
| Custom Record | FC Portal Configuration | View | Never higher than View |
| Custom Record | FC Portal Information | View | Never higher than View |
| Custom Record | FC Portal Storage Region | View | Never higher than View |
| Custom Record | FC Storage Files | Edit or Full | |
| Custom Record | FC Storage Files Versions | Edit or Full | |
| Custom Record | FC Storage Information | View | |
| Custom Record | FC Storage Message Attachments | View | |
| Custom Record | FC Storage Valid Type | View |
(Full access to FC Storage Files and FC Storage Files Versions is what the allocator grants; use Edit instead if you want to prevent the role from deleting file records.)
File Storage is granted separately from other SuiteApps
A role granted access to Project Financials, Retainage, Timeline, or Certified Documents does not automatically receive File Storage permissions. If a user needs File Storage in addition to another SuiteApp, you'll need to grant File Storage access through this allocator and the other SuiteApp's allocator independently.
Soft-delete behaviour
Files deleted through File Storage are not immediately removed. They are marked inactive and hidden from the record's file list, but the underlying record and the stored file are retained for 30 days. After 30 days the file and the underlying record are permanently and irrevocably deleted.
To recover a file within the 30-day window:
- Search for the page FC Storage Files in the NetSuite global search.
- Tick Show Inactives in the list view (otherwise inactive records won't appear).
- Locate the file record and edit it.
- Clear the Date Deleted field, then untick Inactive.
The file becomes visible again on its host record.