Oracle NetSuite SuiteAnalytics

Connect Foundry to Oracle NetSuite via SuiteAnalytics Connect to sync data from your NetSuite ERP to Foundry.

SuiteAnalytics needs to be enabled on your NetSuite instance. See NetSuite documentation ↗ to enable it.

Supported capabilities

CapabilityStatus
Exploration🟢 Generally available
Batch syncs🟢 Generally available
Incremental🟢 Generally available

Setup

  1. Open the Data Connection application and select + New Source in the upper right corner of the screen.
  2. Select JDBC from the available connector types.
  3. Choose to use a direct connection over the Internet or to connect through an agent runtime.
  4. Follow the additional configuration prompts to continue the setup of your connector using the information in the sections below.

Learn more about setting up a connector in Foundry.

Authentication

You can authenticate with SuiteAnalytics with a username/password combination. We recommend the use of service user credentials rather than individual user credentials.

Configure user roles and permissions in NetSuite

In NetSuite, to control access, each user is assigned one or more roles, and each role is a collection of permissions that define what tasks the user can perform and what data they can access. We recommend the following configuration for the user that will connect to Foundry:

  1. Create a dedicated role with appropriate permissions.
    1. From NetSuite’s tool bar, select Setup > Users/Roles > Manage Roles > New and provide an explicit name to the role. We recommend using foundry-role.
    2. Add system-wide permissions to the role by navigating to the bottom of the role page and selecting Permissions > Setup. Select SuiteAnalytics Connect, select Add then Save.
      • Note: NetSuite documentation recommends adding the SuiteAnalytics Connect: Read All permission, but it is irrelevant for NetSuite2.com data source (see here for details ↗). Adding this permission will not have any effect.
    3. Add table permissions to the role for tables you want to be able to query from Foundry by navigating to the bottom of the role page and selecting Permissions > Lists. Select the tables you want, select Add then Save.
  2. Assign the new role to a user.
    1. From NetSuite’s tool bar, select Setup > Users/Roles > Manage Users. Select the user you want to use to connect to Foundry, and select Edit.
    2. Navigate to the Access tab and make sure the Give Access checkbox is ticked.
    3. In the Roles tab, select the newly created role (foundry-role) from the dropdown list, select Add then Save.
      • Note: NetSuite documentation alternatively recommends using the Data Warehouse Integrator role instead of a custom one. However, this role requires access with token-based authentication (see here for more details ↗), which is not available in Foundry.

To verify that you added the correct permissions, log in as the user you have assigned the new role to, and check that you can view all the data that you expect.

Networking

The SuiteAnalytics connector requires network access to the NetSuite Connect instance to which you want to connect.

Option 1: Direct connection

If you are connecting via a direct connection, the appropriate egress policies must be added when setting up the source.

The service host and port that need to be allowed can be found on NetSuite's configuration homepage at https://<YOUR_ACCOUNT_ID>.app.netsuite.com/app/external/odbc/suiteAnalyticsConnectDownload.nl. To access this page without your NetSuite account ID:

  1. Log in to the homepage of your NetSuite account.
  2. Find the bottom-left Settings panel and select Set Up SuiteAnalytics Connect.

The service host is typically of the form <ACCOUNT_ID>.connect.api.netsuite.com and the port 1708.

If such an egress policy does not exist, you can request a new one; otherwise you can add it.

Because this is using a non-HTTPS protocol, you will need to add both:

  • A DNS policy referencing your service host by name, and
  • A CIDR policy referencing explicitly the IP range. You can get the IP range of your NetSuite instance by running nslookup you-service-host in a terminal. IP addresses of NetSuite services may change at any time without notice.

Option 2: Agent connection

If you are connecting with an agent runtime, you must ensure that the agent host has firewalls open to the host names, IP addresses, and ports required to connect to your NetSuite Connect instance.

Connection details

OptionRequired?Description
URLYesIn the form jdbc:ns://<SERVICE_HOST>:<SERVICE_PORT> where SERVICE_HOST and SERVICE_PORT can be retrieved from NetSuite's configuration homepage. Typically of the form jdbc:ns://<ACCOUNT_ID>.connect.api.netsuite.com:1708
Driver classYesNeeds to be com.netsuite.jdbc.openaccess.OpenAccessDriver
DriversYes(Option 1) For direct connection, upload the latest JDBC driver that you can download from NetSuite's configuration homepage.

(Option 2) For agent connection, the same JDBC driver than Option 1 will need to be properly signed to be uploaded on the agent. Contact your Palantir representative to do so. See how to add drivers to an agent for more details.
CredentialsYesThe username and password of the user used to connect to Foundry.
JDBC propertiesYesThe entire list of available properties is described here ↗. The following properties are mandatory:

  - CustomProperties : (AccountID=<ACCOUNT_ID>;RoleID=<ROLE_ID>)
The ROLE_ID is the Internal ID associated with the role you assigned to the user (foundry-role). You can find this value next to the role name on the Setup > Users/Roles > Manage Roles page. If Internal ID is not displayed, see how to turn it on ↗.

  - NegotiateSSLClose : false

  - ServerDataSource : NetSuite2.com
As of November 8, 2021, new Connect users can access the Connect Service using the NetSuite2.com data source only. See Oracle NetSuite's documentation ↗ for more details.

  - encrypted : 1

Other connection parameters are the same as for any JDBC source.

Creating a sync

The NetSuite SuiteAnalytics source can be explored to discover tables and create new syncs. You can also manually create new syncs from the overview page of the source.