NetSuite AI Connector — governed access, four roles

The same SuiteQL request, run as four different finance roles. Generated 2026-07-12 02:29 UTC.

CFO

Chief Financial Officer

subsidiaries
all
can read
bill, customer, gl_account, gl_transaction, invoice, item, subsidiary, vendor
masked
saved searches
ap_aging, ar_aging, top_customers, top_vendors, trial_balance

Controller

Corporate Controller

subsidiaries
all
can read
bill, customer, gl_account, gl_transaction, invoice, item, subsidiary, vendor
masked
customer.bank_account, vendor.bank_account
saved searches
ap_aging, ar_aging, top_customers, top_vendors, trial_balance

AR

Accounts Receivable Clerk

subsidiaries
[1, 2]
can read
customer, gl_account, gl_transaction, invoice, item, subsidiary
masked
customer.bank_account, customer.tax_id
saved searches
ar_aging, top_customers

AP

Accounts Payable Clerk

subsidiaries
[1, 2]
can read
bill, gl_account, gl_transaction, item, subsidiary, vendor
masked
vendor.bank_account, vendor.tax_id
saved searches
ap_aging, top_vendors
RequestCFOControllerARAP
SELECT name, bank_account, tax_id FROM customer LIMIT 1Read customer bank + tax idbank='ACCT-2231978967' tax='TAX-395015207'bank=None tax='TAX-395015207'bank=None tax=Nonerole 'AP' has no read grant on 'customer'
SELECT COUNT(*) AS n FROM billCount AP bills= 110= 110role 'AR' has no read grant on 'bill'= 58
SELECT DISTINCT subsidiary_id FROM invoice ORDER BY subsidiary_idDistinct subsidiaries on invoicessubs [1, 2, 3]subs [1, 2, 3]subs [1, 2]role 'AP' has no read grant on 'invoice'
DELETE FROM invoice WHERE id = 1Write attempt (DELETE)only SELECT queries are permitted (got 'DELETE')only SELECT queries are permitted (got 'DELETE')only SELECT queries are permitted (got 'DELETE')only SELECT queries are permitted (got 'DELETE')
SELECT 1; DROP TABLE customerInjection / second statementmultiple statements are not permittedmultiple statements are not permittedmultiple statements are not permittedmultiple statements are not permitted
SELECT COUNT(*) AS n FROM main.invoiceDirect base-table bypass= 140= 140direct access to base table 'invoice' blocked; role 'AR' is role 'AP' has no read grant on 'invoice'

Green = allowed · red = denied. Enforcement runs at the database engine (a SQLite authorizer bound to the connected role), so it holds no matter what SuiteQL the AI writes. Every call — allowed or denied — is written to an append-only audit log. The AI is a governed user of the finance data layer, not a way around the controls.