Permissions reference
The permission grants required on each role to view, create, or delete files through File Storage. The automated allocator (see Install & configure) handles all of this for you — these tables are for manual configuration only.
Manual permissions are not update-safe
When File Storage is upgraded, any new custom records or fields are automatically granted to roles that the allocator has already touched. Manual grants do not receive the same treatment — admins who manually configure permissions need to revisit the role after every File Storage upgrade to add the new objects.
Use the allocator unless you have a specific reason not to.
Prevent access
To prevent a role from accessing any File Storage functionality, ensure that no permissions are granted on the FC Storage Files custom record. Without that permission, the widget cannot render for the role.
View-only access
Allows a role to view files but not upload or delete them.
In addition to the appropriate access (View, Edit or Full) on the host record where files are stored, grant the following permissions:
| Group | Item | Permission value | Notes |
|---|---|---|---|
| Lists | Subsidiaries | View | Required in multi-subsidiary (OneWorld) accounts |
| Setup | SuiteScript | View | |
| Custom Record | FC Portal API Urls | View | Users should never be given higher than View on this record |
| Custom Record | FC Portal Configuration | View | Users should never be given higher than View on this record |
| Custom Record | FC Portal Information | View | Users should never be given higher than View on this record |
| Custom Record | FC Portal Storage Region | View | Users should never be given higher than View on this record |
| Custom Record | FC Storage Files | View | |
| Custom Record | FC Storage Files Versions | View | |
| Custom Record | FC Storage Information | View | |
| Custom Record | FC Storage Message Attachments | View | |
| Custom Record | FC Storage Valid Type | View |
Create-only access
Allows a role to upload files but not delete them.
In addition to the appropriate access on the host record, grant:
| Group | Item | Permission value | Notes |
|---|---|---|---|
| Lists | Subsidiaries | View | Required in OneWorld accounts |
| Setup | SuiteScript | View | |
| Custom Record | FC Portal API Urls | View | Never higher than View |
| Custom Record | FC Portal Configuration | View | Never higher than View |
| Custom Record | FC Portal Information | View | Never higher than View |
| Custom Record | FC Portal Storage Region | View | Never higher than View |
| Custom Record | FC Storage Files | Create | |
| Custom Record | FC Storage Files Versions | Create | |
| Custom Record | FC Storage Information | View | |
| Custom Record | FC Storage Message Attachments | View | |
| Custom Record | FC Storage Valid Type | View |
Read-and-write access
Allows a role to upload and delete files.
In addition to the appropriate access on the host record, grant:
| Group | Item | Permission value | Notes |
|---|---|---|---|
| Lists | Subsidiaries | View | Required in OneWorld accounts |
| Setup | SuiteScript | View | |
| Custom Record | FC Portal API Urls | View | Never higher than View |
| Custom Record | FC Portal Configuration | View | Never higher than View |
| Custom Record | FC Portal Information | View | Never higher than View |
| Custom Record | FC Portal Storage Region | View | Never higher than View |
| Custom Record | FC Storage Files | Edit or Full | |
| Custom Record | FC Storage Files Versions | Edit or Full | |
| Custom Record | FC Storage Information | View | |
| Custom Record | FC Storage Message Attachments | View | |
| Custom Record | FC Storage Valid Type | View |
Soft-delete behaviour
Files deleted through File Storage are not immediately removed. They are marked inactive and hidden from the record's file list, but the underlying record and the S3 object are retained for 30 days. After 30 days the file and the underlying record are permanently and irrevocably deleted.
To recover a file within the 30-day window:
- Search for the page FC Storage Files in the NetSuite global search.
- Tick Show Inactives in the list view (otherwise inactive records won't appear).
- Locate the file record and edit it.
- Clear the Date Deleted field, then untick Inactive.
The file becomes visible again on its host record.