salesforce_security_impl_guide

More documents

Recommendations

Info

Securing and Sharing Data Roles Overview On the Customer Portal Setup page, click Del next to all available sharing sets for HVPUs. After user visibility is restored to the defaults, all internal users are visible to each other, portal users under the same portal account are visible to each other, and community members in the same community are visible to each other. Roles Overview Salesforce offers a user role hierarchy that you can use together with sharing settings to determine the levels of access users have to your organization’s data. Roles within the hierarachy affect access on key components like records and reports. Watch how you can open up access to records using the role hierarchy if your organization-wide defaults are more restrictive than Public Read/Write. Who Sees What: Record Access via the Role Hierarchy EDITIONS Available in: • Professional • Enterprise • Performance • Unlimited • Developer • Database.com Depending on your organization’s sharing settings, roles can control the level of visibility that users have into your organization’s data. Users at any given role level can view, edit, and report on all data owned by or shared with users below them in the role hierarchy, unless your organization’s sharing model for an object specifies otherwise. Specifically, in the Organization-Wide Defaults related list, if the Grant Access Using Hierarchies option is disabled for a custom object, only the record owner and users granted access by the organization-wide defaults receive access to the object's records. USER PERMISSIONS To create, edit, and delete roles: • “Manage Roles” To assign users to roles: • “Manage Internal Users” About Groups Groups are sets of users. They can contain individual users, other groups, the users in a particular role or territory, or the users in a particular role or territory plus all of the users below that role or territory in the hierarchy. There are two types of groups: • Public groups—Only administrators can create public groups. They can be used by everyone in the organization. • Personal groups—Each user can create groups for their personal use. You can use groups in the following ways: • To set up default sharing access via a sharing rule • To share your records with other users • To specify that you want to synchronize contacts owned by others users • To add multiple users to a Salesforce CRM Content library • To assign users to specific actions in Salesforce Knowledge EDITIONS Available in: • Professional • Enterprise • Performance • Unlimited • Developer • Database.com Public Group Considerations For organizations with a large number of users, consider these tips when creating public groups to optimize performance. 72
Securing and Sharing Data Creating and Editing Groups • Create groups with at least a few users who need the same access. • Create groups with members who don’t frequently need to be moved in or out of the groups. • Avoid creating groups within groups that result in more than five levels of nesting. • Enable automatic access to records using your role hierarchies in public groups by selecting Grant Access Using Hierarchies when creating a group. However, deselect this option if you’re creating a public group with All Internal Users as members. Creating and Editing Groups Only administrators can create and edit public groups, but anyone can create and edit their own personal groups. To create or edit a group: 1. Click the control that matches the type of group: • For personal groups, go to your personal settings and click My Personal Information or Personal—whichever one appears. Then click My Groups. The Personal Groups related list is also available on the user detail page. • For public groups, from Setup, click Manage Users > Public Groups. 2. Click New, or click Edit next to the group you want to edit. 3. Enter the following: Field Label Group Name (public groups only) Description The name used to refer to the group in any user interface pages. The unique name used by the API and managed packages. The name must begin with a letter and use only alphanumeric characters and underscores. The name cannot end with an underscore or have two consecutive underscores. EDITIONS Available in: • Professional • Enterprise • Performance • Unlimited • Developer • Database.com USER PERMISSIONS To create or edit a public group: • “Manage Users” To create or edit another user’s personal group: • “Manage Users” Grant Access Using Hierarchies (public groups only) Select Grant Access Using Hierarchies to allow automatic access to records using your role hierarchies. When selected, any records shared with users in this group are also shared with users higher in the hierarchy. Deselect Grant Access Using Hierarchies if you’re creating a public group with All Internal Users as members, which optimizes performance for sharing records with groups. Note: If Grant Access Using Hierarchies is deselected, users that are higher in the role hierarchy don’t receive automatic access. However, some users—such as those with the “View All” and “Modify All” object permissions and the “View All Data” and “Modify All Data” 73
Page 1 and 2:
Security Implementation Guide Versi
Page 3 and 4:
CONTENTS Chapter 1: Security Overvi
Page 5 and 6:
Contents Editing Lead Sharing Rules
Page 7 and 8:
CHAPTER 1 Security Overview Salesfo
Page 9 and 10:
Security Overview User Security Ove
Page 11 and 12:
Security Overview Custom Permission
Page 13 and 14:
Security Overview CAPTCHA Security
Page 15 and 16:
Security Overview Auditing • Role
Page 17 and 18:
Securing and Sharing Data Revoking
Page 19 and 20:
Securing and Sharing Data Viewing P
Page 21 and 22:
Securing and Sharing Data Cloning P
Page 23 and 24:
Securing and Sharing Data App and S
Page 25 and 26:
Securing and Sharing Data Working w
Page 27 and 28: Securing and Sharing Data Enable Cu
Page 29 and 30: Securing and Sharing Data Assigning
Page 31 and 32: Securing and Sharing Data Creating
Page 33 and 34: Securing and Sharing Data Editing P
Page 35 and 36: Securing and Sharing Data Searching
Page 37 and 38: Securing and Sharing Data Enable Cu
Page 39 and 40: Securing and Sharing Data Object Pe
Page 41 and 42: Securing and Sharing Data Comparing
Page 43 and 44: Securing and Sharing Data Setting F
Page 45 and 46: Securing and Sharing Data Working w
Page 47 and 48: Securing and Sharing Data Setting L
Page 49 and 50: Securing and Sharing Data Restricti
Page 51 and 52: Securing and Sharing Data Managing
Page 53 and 54: Securing and Sharing Data External
Page 55 and 56: Securing and Sharing Data Disabling
Page 67 and 68: Securing and Sharing Data Editing L
Page 69 and 70: Securing and Sharing Data Editing C
Page 71 and 72: Securing and Sharing Data Editing C
Page 73 and 74: Securing and Sharing Data Sharing R
Page 75 and 76: Securing and Sharing Data User Shar
Page 77: Securing and Sharing Data Sharing U
Page 81 and 82: Securing and Sharing Data Viewing A
Page 83 and 84: Securing and Sharing Data Granting
Page 85 and 86: Configuring Salesforce Security Fea
Page 95 and 96: CHAPTER 4 Enabling Single Sign-On S
Page 97 and 98: Enabling Single Sign-On • Before
Page 99 and 100: Monitoring Your Organization's Secu
Page 107 and 108: Security Tips for Apex and Visualfo
Page 113 and 114: INDEX A Access about 10 revoking 11
Page 115 and 116: Index Profiles (continued) object p
show all

salesforce_security_impl_guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?