space.vars.productName provide an additional layer of security for sensitive actions in the portal. This guide explains what PINs are used for, how to set them up, and how to monitor their usage.
## What PIN codes are used for
PIN codes are used for **manager overrides**: situations where a supervisor or authorised person needs to approve an action. Common scenarios include:
* **Discount approvals:** A cashier applies a discount that requires manager authorisation
* **Price overrides:** Changing a price beyond the allowed threshold
* **Void transactions:** Cancelling a sale that's already been started
* **Return authorisations:** Approving returns above a certain value
* **Accessing restricted features:** Opening settings or reports that require elevated permissions
When a PIN-protected action is triggered, the portal displays a PIN entry screen. The authorised person enters their PIN to approve the action, and the system logs who approved it and when.
## Setting a PIN code for a user
{% stepper %}
{% step %}
### Open the user's record in NetSuite
For employees: **Lists > Employees > Employees** → find and click the employee.
{% endstep %}
{% step %}
### Click Edit
Open the record for editing.
{% endstep %}
{% step %}
### Enter the PIN
Find the **PIN Code** field (`custentity_brm_pincode`) in the BRM tab or custom fields section. Enter a numeric PIN, typically 4 to 6 digits.
{% endstep %}
{% step %}
### Save
Click **Save**. The PIN takes effect immediately.
{% endstep %}
{% endstepper %}
{% hint style="info" %}
Choose PINs that are easy for the user to remember but not easily guessed. Avoid simple sequences like 1234 or 0000.
{% endhint %}
## Who should have PIN codes
PIN codes are typically assigned to:
* Store managers
* Shift supervisors
* Department heads
* Any employee who needs to authorise overrides
Not every portal user needs a PIN code. Only users who'll be authorising actions for others need one.
## How PIN validation works
When a PIN-protected action is triggered in the portal:
1. A PIN entry pad appears on screen.
2. The authorised person enters their PIN.
3. The system checks the PIN against the records of authorised users.
4. If the PIN is valid, the action is approved and the override is logged.
5. If the PIN is invalid, the action is denied.
There are three ways PIN authorisation can be configured for each action:
| Authorisation mode | How it works |
| ------------------ | ---------------------------------------------------------------------- |
| **Specific Users** | Only PINs from a pre-selected list of users are accepted |
| **All Employees** | Any employee with a valid PIN can authorise the action |
| **Advanced** | Authorisation is based on custom criteria (set up in the Admin Portal) |
The authorisation mode is configured per action in the Admin Portal's Page Builder, not in NetSuite.
## Changing a PIN code
1. Open the user's record in NetSuite.
2. Click **Edit**.
3. Find the **PIN Code** field.
4. Enter the new PIN.
5. Click **Save**.
The new PIN takes effect immediately.
## Removing a PIN code
1. Open the user's record in NetSuite.
2. Click **Edit**.
3. Clear the **PIN Code** field (delete the value).
4. Click **Save**.
The user will no longer be able to authorise PIN-protected actions.
## Viewing PIN override logs
Every PIN override is recorded for audit purposes.
{% stepper %}
{% step %}
### Open Record Types
Go to **Customization > Lists, Records, & Fields > Record Types**.
{% endstep %}
{% step %}
### Open BRM PIN Log
Find **BRM PIN Log** and click on it.
{% endstep %}
{% step %}
### View the list
Click **List** to see all logged overrides.
{% endstep %}
{% endstepper %}
Each log entry includes:
| Field | What it records |
| ----------------- | ------------------------------------------- |
| **Employee** | Who entered their PIN |
| **Date and Time** | When the override occurred |
| **Action** | What was being authorised |
| **Location** | Where the override happened (if applicable) |
{% hint style="info" %}
Set up a Saved Search for BRM PIN Log records to create a report you can review regularly. Go to **Reports > Saved Searches > All Saved Searches > New**, select the BRM PIN Log record type, and add the columns you want to monitor.
{% endhint %}
## PIN security best practices
* **Assign unique PINs:** Every authorised user should have their own PIN so overrides can be traced to individuals
* **Change PINs periodically:** Consider updating PINs quarterly or when staff changes occur
* **Review logs regularly:** Check PIN override logs for unusual activity (excessive overrides, overrides at unusual times)
* **Limit who has PINs:** Only give PIN codes to users who genuinely need override authority
* **Don't share PINs:** Each user should keep their PIN confidential
## Common issues
| Problem | Cause | Solution |
| ---------------------- | ------------------------------------------------- | ----------------------------------------------------------------- |
| PIN not accepted | Incorrect PIN entered | Verify the PIN on the user's record matches what they're entering |
| PIN pad doesn't appear | The action may not have PIN protection configured | Check the action's settings in the Admin Portal |
| Override not logged | Log records may take a moment to appear | Wait a moment and refresh the BRM PIN Log list |
| User forgot their PIN | PIN needs to be reset | Edit the user's record in NetSuite and set a new PIN |
## Related Pages
| PIN Override (Client Admin) | How Client Admins turn on Require PIN for a workflow. | /pages/ZB1p1C3xoZi8Tr9w4b1S |
| Give User Access | Setting up users who'll need PINs. | /pages/kj0wIYbCw5oo477q39gd |
| Users Overview | Overview of user and access management. | /pages/VstrcxnPHJoNofmk5i1Y |