salesforce_security_impl_guide

More documents

Recommendations

Info

Securing and Sharing Data Setting Your Organization-Wide Sharing Defaults Setting an object to Private makes those records visible only to record owners and those above them in the role hierarchy. Use the Grant Access Using Hierarchies checkbox to disable access to records to users above the record owner in the hierarchy for custom objects in Professional, Enterprise, Unlimited, Performance, and Developer Edition. If you deselect this checkbox for a custom object, only the record owner and users granted access by the organization-wide defaults receive access to the records. Setting Your Organization-Wide Sharing Defaults Note: Who Sees What: Organization-Wide Defaults Watch how you can restrict access to records owned by other users. 1. From Setup, click Security Controls > Sharing Settings. 2. Click Edit in the Organization-Wide Defaults area. 3. For each object, select the default access you want to use. If you have a portal enabled with separate organization-wide defaults, see External Organization-Wide Defaults Overview. 4. To disable automatic access using your hierarchies, deselect Grant Access Using Hierarchies for any custom object that does not have a default access of Controlled by Parent. Note: If Grant Access Using Hierarchies is deselected, users that are higher in the role or territory hierarchy don’t receive automatic access. However, some users—such as those with the “View All” and “Modify All” object permissions and the “View All Data” and “Modify All Data” system permissions—can still access records they don’t own. Updating the organization-wide defaults automatically runs sharing recalculation to apply any access changes to your records. If you have a lot of data, the update can take longer. You’ll receive a notification email when the recalculation completes and you can refresh the Sharing Settings page to see your changes. To view the update status, from Setup, click Security Controls > View Setup Audit Trail. EDITIONS Available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions Solutions, Service Contracts, Documents, Forecasts, Reports, and Dashboards are not available in Database.com USER PERMISSIONS To set default sharing access: • “Manage Sharing” Limitations The organization-wide sharing default setting can’t be changed for some objects: • Solutions are always Public Read/Write. • Service contracts are always Private. • The ability to view or edit a document, report, or dashboard is based on a user’s access to the folder in which it’s stored. • Users can only view the forecasts of other users who are placed below them in the role hierarchy, unless forecast sharing is enabled. • When a custom object is on the detail side of a master-detail relationship with a standard object, its organization-wide default is set to Controlled by Parent and it is not editable. • The organization-wide default settings can’t be changed from private to public for a custom object if Apex code uses the sharing entries associated with that object. For example, if Apex code retrieves the users and groups who have sharing access on a custom object Invoice__c (represented as Invoice__share in the code), you can’t change the object’s organization-wide sharing setting from private to public. 46
Securing and Sharing Data External Organization-Wide Defaults Overview External Organization-Wide Defaults Overview External organization-wide defaults provide separate organization-wide defaults for internal and external users. They s<strong>impl</strong>ify your sharing rules configuration and improve recalculation performance. Additionally, administrators can easily see which information is being shared to portals and other external users. The following objects support external organization-wide defaults. • Accounts and their associated contracts and assets • Cases • Contacts • Opportunities • Custom Objects • Users External users include: • Authenticated website users • Chatter external users • Community users • Customer Portal users • Guest users • High-volume portal users • Partner Portal users • Service Cloud Portal users EDITIONS Available in: • Professional • Enterprise • Performance • Unlimited • Developer Note: Chatter external users have access to the User object only. Previously, if your organization wanted Public Read Only or Public Read/Write access for internal users but Private for external users, you would have to set the default access to Private and create a sharing rule to share records with all internal users. With separate organization-wide defaults, you can achieve similar behavior by setting the default internal access to Public Read Only or Public Read/Write and the default external access to Private. These settings also speed up performance for reports, list views, searches, and API queries. 47
Page 1 and 2: Security Implementation Guide Versi
Page 3 and 4: CONTENTS Chapter 1: Security Overvi
Page 5 and 6: Contents Editing Lead Sharing Rules
Page 7 and 8: CHAPTER 1 Security Overview Salesfo
Page 9 and 10: Security Overview User Security Ove
Page 11 and 12: Security Overview Custom Permission
Page 13 and 14: Security Overview CAPTCHA Security
Page 15 and 16: Security Overview Auditing • Role
Page 17 and 18: Securing and Sharing Data Revoking
Page 19 and 20: Securing and Sharing Data Viewing P
Page 21 and 22: Securing and Sharing Data Cloning P
Page 23 and 24: Securing and Sharing Data App and S
Page 25 and 26: Securing and Sharing Data Working w
Page 27 and 28: Securing and Sharing Data Enable Cu
Page 29 and 30: Securing and Sharing Data Assigning
Page 31 and 32: Securing and Sharing Data Creating
Page 33 and 34: Securing and Sharing Data Editing P
Page 35 and 36: Securing and Sharing Data Searching
Page 37 and 38: Securing and Sharing Data Enable Cu
Page 39 and 40: Securing and Sharing Data Object Pe
Page 41 and 42: Securing and Sharing Data Comparing
Page 43 and 44: Securing and Sharing Data Setting F
Page 45 and 46: Securing and Sharing Data Working w
Page 47 and 48: Securing and Sharing Data Setting L
Page 49 and 50: Securing and Sharing Data Restricti
Page 51: Securing and Sharing Data Managing
Page 55 and 56: Securing and Sharing Data Disabling
Page 67 and 68: Securing and Sharing Data Editing L
Page 69 and 70: Securing and Sharing Data Editing C
Page 71 and 72: Securing and Sharing Data Editing C
Page 73 and 74: Securing and Sharing Data Sharing R
Page 75 and 76: Securing and Sharing Data User Shar
Page 77 and 78: Securing and Sharing Data Sharing U
Page 81 and 82: Securing and Sharing Data Viewing A
Page 83 and 84: Securing and Sharing Data Granting
Page 85 and 86: Configuring Salesforce Security Fea
Page 95 and 96: CHAPTER 4 Enabling Single Sign-On S
Page 97 and 98: Enabling Single Sign-On • Before
Page 99 and 100: Monitoring Your Organization's Secu
Page 101 and 102: Monitoring Your Organization's Secu
Page 103 and 104:
Monitoring Your Organization's Secu
Page 105 and 106:
Monitoring Your Organization's Secu
Page 107 and 108:
Security Tips for Apex and Visualfo
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
INDEX A Access about 10 revoking 11
Page 115 and 116:
Index Profiles (continued) object p
show all

salesforce_security_impl_guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?