Suite with AJ

Practical NetSuite tips, tricks, and stories.

A Better Way to Record Payroll in NetSuite: Controlled Access with Custom Transactions

The Hidden Risk in Payroll Journal Entries

Payroll information is among the most sensitive financial data, yet many NetSuite customers still post it through standard journal entries. While flexible, journal entries offer minimal control—anyone with access can view, edit, or export payroll data. For confidential information such as salaries, bonuses, statutory deductions, and employee PII (personally identifiable information), this creates unnecessary risk by exposing sensitive data to unauthorised users and weakening internal controls.

Risks of Using Journal Entries for Payroll

  • Unauthorised visibility of payroll details – Anyone with a journal entry permission can see payroll details—even users who should never view compensation data.
  • Data leakage through exports and saved searches – Payroll journals can appear in saved searches, reports, and SuiteAnalytics workbooks if not properly restricted.
  • Incorrect association of entities – Standard journals only include the Name column, which you can use to specify an entity (i.e., customers, vendors, and employees). This introduces the risk of associating the payroll information with a non-employee entity.
  • Weak approval controls – Payroll entries may bypass payroll-specific approval rules because they follow the standard journal entry workflow rather than a dedicated payroll approval process.
  • Risk of accidental edits or deletions – Users with journal entry edit permissions can change or delete payroll entries without proper oversight.
  • Difficulty restricting via roles – NetSuite role restrictions for journal entries apply broadly; you cannot easily hide only payroll journal entries while keeping other JEs visible unless additional customisation is introduced.

A Better Approach to Payroll Posting

Instead of relying on standard journal entries, a more secure and structured approach is to record payroll using a custom transaction. This lets you define the specific fields, forms, permissions, and customisations required for payroll, while restricting visibility to authorised users or roles. The result is payroll data that remains confidential, is consistently posted, and is fully auditable for every pay run.

Pre-requisite: Enable Custom Transactions in the Enable Features under the SuiteCloud subtab and SuiteGL section.

Setup

  1. Navigate to Customization > Lists, Records & Fields > Transaction Types > New.
  2. Specify the transaction name (e.g., Payroll Entries) and transaction ID (e.g., _payroll_entry).
  3. If needed, enable the Class, Department, and Location segments and choose whether they should be assigned at the Header level (applies to all lines) or at the Line level (allows different values per line). You can also specify whether each segment should be required. Custom segments are configured separately.
  1. Under the Document Numbers subtab, specify the document numbering. This is another advantage of using a custom transaction—it allows you to apply a dedicated numbering sequence for payroll journals without relying on the Advanced Numbering feature.
  1. Under the Statuses subtab, tick Posting if you do not need additional statuses. If you want posting to depend on specific statuses, tick Show Status Field, add the statuses, and mark which ones are posting.
To post the transaction regardless of its status.
To post the transaction depending on its status.
  1. Under the Links subtab, specify the navigation path users should use to access the payroll entries.
  1. Under the Permissions subtab, specify the role permissions (View, Create, Edit, Full). If a role is not added, its permission defaults to None—meaning no access. Alternatively, you can also manage this in the role configuration.
Configuring the permission in the custom transaction record
Configuring the permission in the role record
  1. Click Save.

Once set up, the payroll transaction appears in NetSuite as its own menu link, with separate numbering and a dedicated form. Only authorised users will have access to the payroll journals, while others will have no visibility, providing a clean and secure way to post payroll entries.

Benefits of Using a Custom Payroll Transaction

  • Controlled access to payroll data – Only authorised roles can view or post payroll entries, ensuring confidentiality and reducing exposure of sensitive information.
  • Dedicated numbering and transaction structure – Payroll entries have a separate numbering and form layout, and you can add fields specific to payroll for a cleaner, more structured posting process.
  • Controlled approval steps – A payroll-specific approval process can be implemented to ensure proper review before posting.
  • Separate customisation – Payroll-specific workflows and scripts can be isolated from standard journals, making them easier to maintain and safer to update.
  • Cleaner reporting and analytics – Payroll entries become a distinct transaction type, simplifying saved searches, reporting, and audit trails.
  • Better auditability – Payroll entries are separated from standard journals, giving you a clear, dedicated audit trail for payroll activity.

Putting It All Together

Using a custom transaction for payroll entries provides the structure and confidentiality that standard journal entries cannot. By separating payroll from other journals, applying payroll-specific customisations, and creating a dedicated audit trail, you ensure secure and consistent payroll posting across every cycle.