24/09/2019 OneNote

Who Sees What: Visibility & Access

19 September 2019 09:56

Author: Afzal Patel

Aspiring Salesforce Administrator & Consultant
Linked in Profile: https://www.linkedin.com/in/afzal-p-386bb374/

Access Level Description Where on Salesforce Further Detail

Org Access can be controlled by setting an ip address range Security > Network Access • User is sent use activation code if outside range.
and by business hours. • If ip is set at profile level a user cannot access at all outside specified range. IF a profile does not have anything
Ip address range can also be defined at profile level. Profile level: Users > Profiles > Select set in Login IP Ranges then they CAN login via an activation code
Profile > Login IP ranges • Can setup login hours, if attempt made outside hours then users are denied access. If no hours specified then can
login whenever

Object Profiles determine objects users can access and
permissions to records. Also determine CRED (Create/
Read Edit/Delete)
Users > Profiles • Cant edit standard profiles but can clone and edit profiles.
• Cloning Profiles: First do this which provides a more user friendly UI when creating profiles...Setup > User
Management Settings > Enhanced Profile. Then clone relevant profile, Interface is divided into;
○ App settings: what apps are available to user, which objects and tabs they have access to, and app specific
permissions
○ System Settings: login hours and ip ranges for particular profile and determine system permissions eg
view/modify all data

Record ORG WIDE DEFAULT LEVELS determine what access & Setup > Security > Sharing Settings
permissions users have to records they don't own: Default Org Wide Sharing Settings Description
Public Read/Write/Transfer Allows non owners to view, edit & change ownership of records
of specified objects they don't own
Public Read/Write Allows non users to view and edit those records of specified
objects they don't own
Public Read Only Allows non users to view all records of objects they don't own
Private Most restrictive - Users cannot even see records of objects they
don't own. Only visible to owner and users above them in ROLE
HIERACHY

REMEMBER when assessing how Org Wide Defaults work in conjunction with profile permissions.
○ Profiles permissions determine the baseline level of access user has to ALL records
○ Org wide defaults can further restrict these permissions on records of objects they don't own

------------------------------------------------------------------------ --------------------------------------------------- -----------------------------------------------------------------------------------------------------------------------------------------------

Records Access through Role Hierarchy Setup > Users > Roles > Edit > Then
RH can extend sharing access to records when org select the appropriate radio button
wide access sharing access is set to anything more (note the radio buttons will only
restrictive to public read/write. RH opens up access. appear if org wide restrictive settings
have been applied)

https://onedrive.live.com/Edit.aspx?resid=7D94DB5BF75A9A3A!107&wd=target(Udemy.one%7C010615a8-0c42-481f-83ab-3f1d789b8fee/3. Security Access 13%%7Cbb804761-1684-45dd-8961-ef4866eac2f1/) 1/3

24/09/2019 OneNote

Look at row 2 – Even though Edit has been granted via Role Hierarchy, this will not apply as the baseline user
profile is only create & read.
• Org wide defaults CANNOT grant more access then set at profile level.
• Role Hierarchy can only open up access to records, it cannot restrict access to less than what has been granted via
OWD defaults.

------------------------------------------------------------------------ --------------------------------------------------- -----------------------------------------------------------------------------------------------------------------------------------------------

• Sometimes need to extend access vertically, ie not in hierarchy as you would via RH
Sharing Rules Setup > Security > Sharing Settings > • Sharing rules can also have visibility set by record criteria, x team can only see records where status is x
Sharing rules extends access to users and roles, public Then apply necessary rules on object/s
groups, territories regardless of their roles in the Sharing Rules
hierarchy

Field Field level security enables specific fields to be hidden Security > Field Accessibility > Select Field Level Security (FLS)
or made read only. Object > Then Field > Then can edit • Allows us to grant/restrict specific fields based on a user's profile
which profiles can edit/read etc • FLS Overrides modifies all data & view all data permissions
• Like Role Hierarchy, FLS cannot grant a user more access more access than the base profile
Another way: Object Manager > Object
> Fields & Relationships > Select Field
> Set Field Level Security

Visibility

Record Types Enables display of different page layouts and picklist • Business Processes – represented by special picklist fields that capture the lifecycle of a standard object
values based on record types. 1) Creating Record Types > Select Setup > Support processes to define the processes that are unique for each type of case, ie internal/external
Object > Record Types > Enter as process
required selecting the support process Support processes use the status field to identify a case within the support lifecycle.
and necessary page layout described
above • Page Layouts – lets you select and organise groups of fields related to an object
https://onedrive.live.com/Edit.aspx?resid=7D94DB5BF75A9A3A!107&wd=target(Udemy.one%7C010615a8-0c42-481f-83ab-3f1d789b8fee/3. Security Access 13%%7Cbb804761-1684-45dd-8961-ef4866eac2f1/) 2/3
24/09/2019
2) Create all the picklist values you
need and assign them to the relevant
record type
OneNote
Then have page layout for e.g., both internal/external processes.
Note: Record Type field will be created automatically once a record is created, then it can be used in page layout
if required,

3) Add record types field to page layout • Picklist Values – are user defined lists, define master list with all possible values and use record types for a subset
if required, just so someone with
access to multiple processes can see
which type easily Things to watch out for!
• Once created and assigned record types, you can edit those assignments by manage users > profiles.
• Any records created before using record types will not have associated record types. Need to retrospectively
assign them an id, can be done using data loader to extract cases, include at least one of each record type
so it has id, then apply correct id and use data loader to update those records.

Permission A permission set is a collection of permission and Users > Permission Sets • A user is allocated one profile, but occasionally some users may need additional access.
Sets settings that gives users additional access to objects • Has many fields held in profiles like app and system settings
and functions

https://onedrive.live.com/Edit.aspx?resid=7D94DB5BF75A9A3A!107&wd=target(Udemy.one%7C010615a8-0c42-481f-83ab-3f1d789b8fee/3. Security Access 13%%7Cbb804761-1684-45dd-8961-ef4866eac2f1/) 3/3