When setting up or expanding your Salesforce instance, one of the last things administrators want to deal with is fine-tuning user permissions. It’s not fun, often confusing and the benefits aren’t immediately apparent. But, as we’ve often warned, user error is the leading cause of data loss in the cloud, and one of the best ways to limit the damage from user mistakes is to place reasonable boundaries around user access. That’s where Salesforce user Profiles, Roles and Security Sharing Settings come in.
Managing user permissions in Salesforce can be a bit more complicated than setting up conventional Unix or Windows users and groups. Here’s a quick overview of the key things you need to know about managing user Profiles, Roles and Security Sharing Settings in Salesforce.
Users, Roles and Profiles are all configured within the Setup area. To access these settings when logged in to Salesforce, click on your name in the upper-right corner, then choose Setup from the drop-down menu. The Users, Roles and Profiles settings are all available under Manage Users in the lower left Administration Setup menu.
User Licenses create access
Most of your users will need a standard Salesforce user license. This license gives the user full access to Salesforce’s CRM features and applications, including Chatter. Other user license options limit user access. The user license determines what Profiles are available for a user. There are a staggering number of License types available for Salesforce users, though almost all of them outside the standard Salesforce User are designed for specific limited-use cases. For example, a Knowledge Only User license is pretty clearly intended for users that will have access only to shared Salesforce Knowledge articles, but can’t access or update any of the core CRM data in your Salesforce instance. Those of you running Sales teams likely won’t be handing out anything beyond the standard Salesforce User license.
Profiles control what a user can Do
A user Profile determines what a user can do in the system. By default, the System Administrator Profile can do the most; the Read Only Profile can do the least. For most users, the Standard User Profile is a good choice: it lets people create and edit most records, as well as access and run reports.
Modify Profile permissions only as needed. For example, the default Standard User profile does not let the user manage Campaigns. Check the Marketing User checkbox to add this capability for a user, but only if the user actually needs regular access to Campaign controls. See Salesforce’s documentation for detailed information about standard Profile settings.
When configuring users, follow the principle of least privilege: provide your people with only the Profile permissions necessary to accomplish their work, but no more. Giving everyone System Administrator privileges would be both convenient and dangerous. Instead, match access level with organizational responsibilities. You might also think of this as the “Spider-Man Rule”: with great power comes great responsibility.
One of the most common mistakes that Salesforce administrators make is to extend Platform User status to too many people. Platform Users can access third-party applications that tie into your Salesforce database. Certain users absolutely need to access third-party Salesforce Apps; that’s why you installed the applications. That said, third-party apps can do a great deal of damage if improperly configured or utilized, and the last thing you want is a number of bored or curious account reps “playing around” with Platform apps in their spare time. That’s how widespread data corruption happens. Once someone has been properly trained on a third-party app, you can extend them Platform User privileges. Until then, keep them at Standard user or below. Remember, least privilege, not most.
Roles control what a user can See
The user’s Role determines what data the user can see. Roles give an organization the ability to control access to information. Salesforce’s Role hierarchy is structured as a tree: users can see data only for their branch, unless otherwise shared.
Security experts love to talk about Roles, and with good reason. The last thing you need is an entry-level customer service rep who can see in-depth reports on your quarterly sales figures. That’s how sensitive data gets leaked. But Roles are an extremely useful tool for sales managers, too. For example, imagine an organization with competitive sales teams in Michigan and Ohio. (This is especially common for franchise operations.) You’d set up a distinct Role hierarchy for each team. The CEO would have access to all information. The Michigan and Ohio region leaders would have access to information owned by or shared with their branch of the tree.
Roles are optional. If your organization chooses to use Roles, be sure to assign each user’s Role with the proper restrictions in place.
Sharing Settings can create information Silos
Sharing Settings (See Administration Controls | Security Controls | Sharing Settings) let you create rules for sharing information. For example, a Lead Sharing Rule lets users with the Michigan Region role read and write records where the state starts with “Mic”. Salesforce’s Sharing Settings give you a great deal of control over which users have access to records matching a wide range of criteria. Just be careful how you set the criteria. Setting a Sharing Rule for states starting with “Mi” means that every rep in Minnesota, Michigan and Mississippi can see each other’s leads.
Salesforce calls this criteria-based sharing and provides a video overview, and detailed online documentation.
Remember: profiles control what a user can do, while roles control what user can see. And security sharing settings restrict information to specific groups, creating information silos.
If users aren’t able to see records they should be able to see, check the user’s role first, then look at sharing settings. If users can’t create or edit information, check the user’s profile.
Salesforce’s security and user settings provide system administrators a great deal of control. As always, document any changes you make and be prepared to adjust your selections after a few weeks of usage. An automatic daily backup of your Salesforce data will ensure that you can quickly restore any information that was corrupted or deleted by an over-privileged user—and then close the permissions loopholes that led to data loss in the first place.