salesforce_security_impl_guide

More documents

Recommendations

Info

Securing and Sharing Data Editing User Sharing Rules 5. Select the sharing access setting for users. Access Setting Read Only Read/Write Description Users can view, but not update, records. Users can view and update records. 6. Click Save. Editing User Sharing Rules For user sharing rules based on membership to groups, roles, or territories, you can edit only the access settings. For user sharing rules based on other criteria, you can edit the criteria and access settings. 1. From Setup, click Security Controls > Sharing Settings. 2. In the User Sharing Rules related list, click Edit next to the rule you want to change. 3. Change the Label and Rule Name if desired. 4. If you selected a rule that’s based on group membership, skip to the next step. If you selected a rule that's based on criteria, specify the criteria that records must match to be included in the sharing rule. The fields available depend on the object selected, and the value must be a literal number or string. Click Add Filter Logic... to change the default AND relationship between each filter. 5. Select the sharing access setting for users. The User Access level applies to users who are members of the groups being shared to. EDITIONS Available in: • Professional • Enterprise • Performance • Unlimited • Developer USER PERMISSIONS To edit sharing rules: • “Manage Sharing” Access Setting Read Only Read/Write Description Users can view, but not update, records. Users can view and update records. 6. Click Save. 66
Securing and Sharing Data Sharing Rule Considerations Sharing Rule Considerations Sharing rules allow you to selectively grant data access to defined sets of users. Review the following notes before using sharing rules: Granting Access • You can use sharing rules to grant wider access to data. You cannot restrict access below your organization-wide default levels. • If multiple sharing rules give a user different levels of access to a record, the user gets the most permissive access level. • Sharing rules automatically grant additional access to related records. For example, opportunity sharing rules give role or group members access to the account associated with the shared opportunity if they do not already have it. Likewise, contact and case sharing rules provide the role or group members with access to the associated account as well. • Users in the role hierarchy are automatically granted the same access that users below them in the hierarchy have from a sharing rule, provided that the object is a standard object or the Grant Access Using Hierarchies option is selected. • Regardless of sharing rules, users can, at a minimum, view the accounts in their territories. Also, users can be granted access to view and edit the contacts, opportunities, and cases associated with their territories’ accounts. Updating • Creating an owner-based sharing rule with the same source and target groups as an existing rule overwrites the existing rule. • Once a sharing rule has been saved, you can’t change the Share with field settings when you edit the sharing rule. • Sharing rules apply to all new and existing records that meet the definition of the source data set. • Sharing rules apply to both active and inactive users. EDITIONS Account and contact sharing rules are available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions Account territory, case, lead, opportunity, and custom object sharing rules are available in: Enterprise, Performance, Unlimited, and Developer Editions Campaign sharing rules are available in Professional Edition for an additional cost, and Enterprise, Performance, Unlimited, and Developer Editions Only custom object sharing rules are available in Database.com • When you change the access levels for a sharing rule, all existing records are automatically updated to reflect the new access levels. • When you delete a sharing rule, the sharing access created by that rule is automatically removed. • When you modify which users are in a group, role, or territory, the sharing rules are reevaluated to add or remove access as necessary. • When you transfer records from one user to another, the sharing rules are reevaluated to add or remove access to the transferred records as necessary. • Making changes to sharing rules may require changing a large number of records at once. To process these changes efficiently, your request may be queued and you may receive an email notification when the process has completed. • Lead sharing rules do not automatically grant access to lead information after leads are converted into account, contact, and opportunity records. Portal Users • You can create rules to share records between most types of Customer Portal users and Salesforce users. Similarly, you can create sharing rules between Customer Portal users from different accounts as long as they have the Customer Portal Manager user license. However, you can’t include high-volume portal users in sharing rules because they don’t have roles and can’t be in public groups. 67
Page 1 and 2:
Security Implementation Guide Versi
Page 3 and 4:
CONTENTS Chapter 1: Security Overvi
Page 5 and 6:
Contents Editing Lead Sharing Rules
Page 7 and 8:
CHAPTER 1 Security Overview Salesfo
Page 9 and 10:
Security Overview User Security Ove
Page 11 and 12:
Security Overview Custom Permission
Page 13 and 14:
Security Overview CAPTCHA Security
Page 15 and 16:
Security Overview Auditing • Role
Page 17 and 18:
Securing and Sharing Data Revoking
Page 19 and 20:
Securing and Sharing Data Viewing P
Page 21 and 22: Securing and Sharing Data Cloning P
Page 23 and 24: Securing and Sharing Data App and S
Page 25 and 26: Securing and Sharing Data Working w
Page 27 and 28: Securing and Sharing Data Enable Cu
Page 29 and 30: Securing and Sharing Data Assigning
Page 31 and 32: Securing and Sharing Data Creating
Page 33 and 34: Securing and Sharing Data Editing P
Page 35 and 36: Securing and Sharing Data Searching
Page 37 and 38: Securing and Sharing Data Enable Cu
Page 39 and 40: Securing and Sharing Data Object Pe
Page 41 and 42: Securing and Sharing Data Comparing
Page 43 and 44: Securing and Sharing Data Setting F
Page 45 and 46: Securing and Sharing Data Working w
Page 47 and 48: Securing and Sharing Data Setting L
Page 49 and 50: Securing and Sharing Data Restricti
Page 51 and 52: Securing and Sharing Data Managing
Page 53 and 54: Securing and Sharing Data External
Page 55 and 56: Securing and Sharing Data Disabling
Page 67 and 68: Securing and Sharing Data Editing L
Page 69 and 70: Securing and Sharing Data Editing C
Page 71: Securing and Sharing Data Editing C
Page 75 and 76: Securing and Sharing Data User Shar
Page 77 and 78: Securing and Sharing Data Sharing U
Page 81 and 82: Securing and Sharing Data Viewing A
Page 83 and 84: Securing and Sharing Data Granting
Page 85 and 86: Configuring Salesforce Security Fea
Page 95 and 96: CHAPTER 4 Enabling Single Sign-On S
Page 97 and 98: Enabling Single Sign-On • Before
Page 99 and 100: Monitoring Your Organization's Secu
Page 107 and 108: Security Tips for Apex and Visualfo
Page 113 and 114: INDEX A Access about 10 revoking 11
Page 115 and 116: Index Profiles (continued) object p
show all

salesforce_security_impl_guide

Create successful ePaper yourself

Delete template?

Save as template?