INSUFFICIENT_PERMISSION: You do not have privileges to view this page, or your session has timed out.Quick Reference
- Error Code
- INSUFFICIENT_PERMISSION
- Severity
- medium
- Type
- record
- Versions
- 2024.1, 2024.2, 2025.1, 2025.2, 2026.1
Why This Happens
- The script's execution context (role) doesn't have permission to the record type being accessed
- A script deployed with 'Execute As Role' set to a role that lacks the necessary permission
- Trying to access a subsidiary-restricted record from a role without that subsidiary assigned
- Using runtime.getCurrentUser() permissions when the script needs runtime.executionContext permissions
- Custom record type has 'Restrict Access' enabled and the role isn't in the access list
How to Fix It
Step 1: Check the script deployment's 'Execute As Role'
Go to Customization > Scripting > Script Deployments. Find your deployment and check the 'Execute As Role' field. If it's set to a specific role, that role needs permissions for every record type and transaction the script touches. Set it to 'Administrator' for debugging, then narrow down to the minimum required role.
Step 2: Verify role permissions for the record type
Go to Setup > Users/Roles > Manage Roles. Edit the role and check Permissions > Transactions/Lists/Custom Record tabs. The role needs at least 'View' level for reads and 'Edit' or 'Create' level for writes. For custom records, check the 'Access' tab on the custom record definition (Customization > Lists, Records & Fields > Record Types).
Step 3: Check subsidiary restrictions
In OneWorld accounts, roles are restricted to specific subsidiaries. If your script loads a record from Subsidiary B but the executing role only has access to Subsidiary A, you get INSUFFICIENT_PERMISSION. Check Setup > Users/Roles > Manage Roles > Subsidiary Restrictions tab.
Step 4: Use runtime context logging to diagnose
Add log.audit('Context', JSON.stringify({ user: runtime.getCurrentUser(), role: runtime.getCurrentUser().role, context: runtime.executionContext })) at the top of your script to see exactly who is executing and with what permissions.
Code Example
/**
* @NApiVersion 2.1
* @NScriptType UserEventScript
*
* Debug pattern for INSUFFICIENT_PERMISSION errors.
* Add this temporarily to see exactly what context is executing.
*/
define(['N/runtime', 'N/log'], (runtime, log) => {
function beforeLoad(context) {
const user = runtime.getCurrentUser();
const script = runtime.getCurrentScript();
log.audit('Permission Debug', JSON.stringify({
userId: user.id,
userName: user.name,
userRole: user.role,
userRoleId: user.roleId,
subsidiary: user.subsidiary,
executionContext: runtime.executionContext,
scriptId: script.id,
deploymentId: script.deploymentId,
recordType: context.newRecord.type,
recordId: context.newRecord.id
}, null, 2));
}
return { beforeLoad };
});Common Mistakes
- Granting Administrator role to fix the error — this works but violates least-privilege security. Create a custom role with only the permissions needed.
- Forgetting that 'Execute As Role' on script deployments overrides the triggering user's role
- Not checking custom record access lists — even if the role has 'Custom Record' permission, individual custom records can restrict access further
- Confusing 'View' and 'Full' permission levels — 'View' allows read, 'Create' allows new records, 'Edit' allows updates, 'Full' allows delete
Alternative Approaches
- Use a Suitelet with 'Available Without Login' for operations that need to bypass role restrictions (be very careful with security)
- Create a dedicated 'Script Execution' role with exactly the permissions your scripts need, and set all script deployments to execute as that role
- For cross-subsidiary operations in OneWorld, consider using an integration role with global subsidiary access