Set Execute as Role Permissions for .ss and .ssp Files

This topic applies to

Applies to

SuiteCommerce | SuiteCommerce Advanced | Site Builder


Administrators and users with privileges to use SuiteScript can set permissions on .ssp and .ss file records associated with an SSP application. There are two types of permissions:

  • Execute as Role permissions associate a role with the .ssp and .ss files. Regardless of the actual role of the user who triggers the scripts, the scripts run as if they were triggered by a person with the role specified in the Execute as Role list.

  • It is possible to choose specific individuals who can trigger a script. It is also possible to be more generic, for example, all users in a specific department may have permission to trigger a script. Alternatively, all users could have permissions to trigger a script.

With enhanced permissions enabled, a script can be triggered by an action performed by the users you specify. This enhanced permission capability is useful for creating website customizations. For example, you can create a personalized user interface for customers on your website. A script can be triggered when a customer navigates to the script page on your shopping domain.

Execute as Role permissions cannot be granted for all records. For a list of supported records, see Records that Support Execute as Role Permissions.

To set permissions on an .ssp or .ss file:

  1. Go to a folder in an SSP application. For example, Web Site Hosting Files > Live Hosting Files > SSP Applications > My SSP Application > My Script Files.


    Permissions can be applied only to SuiteScript files and SSP files within an SSP application folder.

  2. Click Edit next to the .ssp or .ss file you want to modify.

  3. Click the Permissions subtab.

  4. Check the Enable box.

  5. In the Execute as Role list, select the role with which the script should be executed. When the script is executed, the outcome is only limited by the permissions associated with the role you select here. The script has access to the same permissions as the role you select.


    The Administrator role cannot be used.

  6. Select individuals who can trigger the script to run:

    1. (Optional) To allow all visitors to the web store to execute the SS or SSP script, check the Run Script Without Login box, or the Roles Select All box. If you want to select specific roles or other criteria, then clear these boxes.

    2. (Optional) To give a specific audience permissions to execute the script, select who can execute the script from the following multi-select boxes:

      • Roles

      • Departments

      • Subsidiaries

      • Groups

      • Employees

      • Partners

  7. Click Save.

When you configure permissions for an SSP or SS file, consider creating a custom role to use in the Execute As Role list. The custom role that you create should have exactly the privileges needed for your script to do what is intended, and nothing more. Typically, this script file permission capability is used for website customization.