Salesforce Admin 201 - Security and Access

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Use profile and permission sets

2 options to control access to apps and objects, including fields and record types within objects:

Use sharing settings or manual sharing

2 ways to control access to specific records.

Delegated Administration

A group of non admin users who get limited admin privaleges. 1. Create a Delegated Admin group 2. Assign Users to be in the Delegated group (must have View Setup and Configuration permissions) 3. Set Roles and Subordinates group can set. 4. Set Profiles group can assign 5. Set Permission sets group can assign 6. Set Assignable Public Groups can assign 7. Set custom objects group can assign

Delegating Data Administration

A permission set or profile created with Limited Admin privilages to create, edit users, reset passwords, assign users to specific profiles, login as user. Creating a profile with the "Manage Users" permission is not advisable because that profile will have total control over SFDC.

Sharing Rules

Allow you to selectively grant data access to defined sets of users Grant Wider access to data. Apply to all new and existing records that meet definition of the source data set Apply to both active and inactive users When access levels change for a sharing rule all existing records are automatically updated to reflect the new access level. Deleting a sharing rule deletes access created by the rule automatically. When records change ownership sharing rules are reevaluated to add or remove access to transferred records Automatically grant additional access to related records. If multiple sharing rules apply user gets the most permissive access level.

Sharing Rules

Allows users who need access to the same records to be grouped together with...

Profile Controls - Contract manager

Can create, edit, activate, and approve contracts. Can delete contracts as long as they are not activated. Can edit personal quota and override forecasts.

Profile Controls - Marketing User

Can manage campaigns, import leads, create letterheads, create HTML email templates, manage public documents, and update campaign history via the import wizards. Also has access to the same functionality as the Standard User.

Profile Controls - Chatter user/moderator

Can only log in to Chatter. Can access all standard Chatter people, profiles, groups, and files

Profile Controls - Customer portal user/manager

Can only log in via a Customer Portal. Can view and edit data they directly own or data owned by or shared with users below them in the Customer Portal role hierarch; They can view and edit cases where they are listed as the contact Name field.

Profile Controls - Partner user

Can only log in via a partner portal

Profile Controls - Site.com user

Can only log into the Site.com app. Each Site.com Only user also needs a Site.com Publisher feature license to create and publish sites, or a Site.com Contributor feature license to edit the site's content.

Profile Controls - Solutions manager

Can review and publish solutions. Also has access to the same functionality as the Standard user

Profile Controls - Standard platform user

Can use custom apps and the apps from AppExchange and can use core platform functionality such as accounts, contacts, reports, dashboards, and custom tabs

Profile Controls - Read only

Can view the organization's setup, run and export reports, and view, but not edit other records

Tab security

Default on - displays on the top of user's page Default off - hidden from user's page but available when all Tabs is clicked Tab Hidden - Tab is unavailable and completely hidden.

Criteria-based sharing rules

Determine who to share records with based on field values in records. Ex - status = pricing then all of the profile pricing folks could see the record. Status = closed only admin can see.

Profile Controls - System Admin

Has access to ALL functionality that does not require an additional license. Ex. Cannot manage campaigns unless they also have a Marketing User license.

Record level security types

Organization-wide defaults allow us to specify the baseline level of access that a user has in your organization. For example, we can make it so that any user can see any record of a particular object to which their object permissions give them access, but so that they'll need extra permissions to actually edit one. Role hierarchies allow us to make sure that a manager will always have access to the same records as his or her subordinates. (vertical) Sharing rules allow us to make automatic exceptions to organization-wide defaults for particular groups of users. (horizontal) Manual sharing allows record owners to give read and edit permissions to folks who might not have access to the record any other way.

Sharing Model - Ownership

Record owners can view/edit, transfer, delete records. They can also view but not edit the Accounts their records are associated to

Sharing Access Diagram

Sharing Access Diagram: 1. Salesforce checks whether a user's profile has object level permission to access that object. 2. Salesforce checks whether user's profile has any administrative permissions (view all data, modify all data) 3. Salesforce checks the ownership of the record (Organization wide defaults, role-level access, any sharing rules will be checked)

Standard profiles

System Administrator Standard Platform User Standard Platform One App User Standard user Customer Community User Customer Community Plus User Partner Community User Customer Portal USer High Volume Customer Portal Authenticated Website Customer Portal Manager Partner User Solution Manager Marketing User Contract Manager Read Only Chatter Only User Chatter Free User Chatter External User Chatter Moderator User Site.com Only User

Sharing Model - Org wide defaults

The adminsitrator defines the default-sharing model for the org by setting OWDs. OWDs specify the default level of access to records. Allows specification of baseline level of access that any user has in the org.

Sharing Rules

These rules based on record owner or criteria opens up record access (horizontal/lateral), used by the admin it is a way to automatically grant users access to object records when OWDs or Role hierarchy doesn't allow it.

Sharing Rules

These setting Open up Access laterally. These two sales reps can see each others records. Opens up Access

Role Hierarchy

These settings Open up Access vertically. The manager of a sales team can see his teams recods. Opens up Access

Team sharing rules

These types of rules only apply to Cases Accounts and Opportunities.

Manual Sharing

This allows a record owner to manually share a record if the OWD are set to private or public read only. Open up Access - Flexible

User Profile

This is a collection of settings (what objects user can see) and Permissions (what a user can do) Settings (what users see): Apps, Tabs, Record Types, Page layouts, Fields Permissons (what users can do) Administrative (customize app), General User (run reports, mass email),Standard Object (create record), Custom Object (create rate increase)

Object Level Security

This is set in user Profiles and Permission sets. This setting prevents a user from viewing, creating, editing or deleting any instance of a particular type of object. You can hid tabs & objects from particular users.

Field level security

This is set in user Profiles and Permission sets. This setting prevents or sets a field to be visible or read only.

Sharing Model - Org wide defaults - Public Read/Write

This setting allows all users the ability to view and edit records owned by others. Ownership itself cannot be changed except by the owner of the record.

Sharing Model - Org wide defaults - Public Read only

This setting allows users to see, but not change, records in their org, regardless of who owns them. Items can also be added by anyone onto related lists with this permission level

Sharing Model - Org wide defaults - Private

This setting for a given object allows users to access only the data they own. No one will be able to view records owned by others.

Sharing Model - Org wide defaults - Public Read/Write/Transfer

This setting on an object allows all users the ability to view, edit and even change ownership of records owned by others

Sharing Model - Role Hierarchy

This setting opens up access to records vertically. Gives access to managers of the account owners. Manager will always have access to the same records as his subordinates.

OWD - Org Wide Defaults

To set the most strict access to records, you set these. These are the strictest of all sharing rules -Restrict Access -Object Records can be: -Public Read/Write -Public Read only -Private

Exceptions to Role Hierarchy based Sharing

Users can always view and edit all data owned by or shared with users below them in the role hierarchy. Grant Access Using Hierarchies in OWDs allows you to ignore hierarchies when determining access to data. Grant using hierarchies cannot be disabled for standard objects Contacts that are not linked to an account are always private. Only the owner of the contact and administrators can view it. Contact sharing rules do not apply to private contacts. Notes and attachments marked as private via the private checkbox are accessible only to the person who attached them and administrators Users above a record owner in the role hierarchy can only view or edit the record owner's records IF they have the "Read" or Edit" object permission for the type of record.

Global Administrative permissions

"View ALL Data", "Modify ALL Data" (including mass transfer / update records and Undelete what others delete), "Customize Application", "Manage Users" (add and remove users, reset passwords, grant permissions


Ensembles d'études connexes

Reactant and Product Energy Change Quick Check

View Set

Anatomy of the Eye, Orbit & Adnexae

View Set

Chapter 3 Individual Characteristics

View Set

Chapter 22: Pediatric Nursing Interventions and Skills

View Set

Mathematics Test with Rationales

View Set

CO Health Insurance Exam- Exam FX

View Set