SFDC Security Models
- User Management
- Different types of user licenses available in Salesforce, and Salesforce Platform.
- Roles and Profiles.
- Creating Users.
- Permission Sets.
- Profile v/s Permissions Sets.
- Password Policy.
User Management :
User management in Salesforce involves controlling access to various features and data within the platform. It includes creating, modifying, and deactivating user accounts. Admins can assign different roles and permissions to users, ensuring that they only have access to the information and functions necessary for their roles. This helps maintain data security and streamline the user experience.
- Users are nothing but the people, who can access the Salesforce organization, applications, features, etc.
- We can create one or more users inside a Salesforce organization. Upon creating a User Record, we must provide the Profile.
- If you want to create a new user, we must assign one.
- 1. License (Required).
- 2. Profile (Required).
- 3. Roles.
Note: Each user should be associated with a License. Without a user license, we can’t create a user.
User Object:
In Salesforce, the User object represents individual users and contains information about them, such as username, email, role, profile, and access permissions. Each user in the Salesforce system is represented by a record in the User object. User records are used for authentication, access control, and managing various aspects of user interactions within the Salesforce platform. Administrators can customize user profiles and roles to control what data and features users can access, ensuring a secure and tailored experience for everyone.
License :
- In Salesforce, licenses determine which features each user can access.
- They’re like tickets that grant entry to different parts of the platform.
- Every user needs a license to log in and use Salesforce. Without a license, they can’t access the system at all.
- It’s like needing a pass to get into a concert – no pass, no entry!
Salesforce provides various types of Licenses:
– Salesforce License / Full License / Standard License:
– By using a Salesforce license, we can grant access to both Standard Functionalities and Custom Functionalities in Salesforce. A salesforce license is also called a Full license.
– Platform License:
1. By using a Platform license we can grant access only from Custom Functionalities.
2. Purely Concentrating on “Custom Functionalities”.
3. (Ex: Custom Applications, Objects, Fields, Features). Along with a few Standard objects of Salesforce like “Account, Contact, Document, Task &Event).
– Chatter Free License:
– Granting the Access to “Chatter Feed”. We cannot login to applications, objects, or fields. Etc.
– Customer Community License:
– Granting Access to “Community Portals”, No application no features.
Profile:
- A profile contains user permissions and access settings that control what users can do within their organization.
- Specify user permissions, object permissions, field permissions, record types, page layouts, desktop clients, login settings, and access to apps, tabs, Apex classes, Visualforce pages, and service providers.
Navigation: Setup 🡪 Administration Setup 🡪 Manage Users 🡪 Manage Users 🡪 Profiles.
Two Types of Profiles are available in Salesforce:
- Standard Profiles: These are the readymade profiles, provided by Salesforce by default.
Ex:
- Standard User Profile
- Standard Platform Profile
- Custom Profiles: The Developer / Administrator can create their profiles, by cloning an existing one. This can be assigned to one or more users.
Note: We can’t remove the Standard profiles from the Salesforce organization. But we can remove the custom profiles if it is no longer needed. We can modify all the options that exist inside the “Custom profile”.
Role:
- In any company, there are different job titles given to employees based on their roles and responsibilities.
- Similarly, Salesforce offers a Role Hierarchy feature. This lets you set up a structure that mirrors your organization’s hierarchy.
- You can assign these roles to one or more users in your organization.
Permission Sets:
- Permission Sets: A permission set is a collection of settings and permissions that give users access to various tools and functions. Specify user permissions, object permissions, field permissions, and access to apps, tabs, Apex classes, Visualforce pages, and service providers, without changing users’ profiles.
Navigation: Setupà Administration Setup à Manage Users à Manage Users à Permission Sets.
Let’s create a “Travel Expenses User” permission set.
Step 1 of 2: Use Setup to create a new permission set.
- From Setup, click the Home
- Type “perm” into the Quick Find search box.
- Click the Permission Setsmenu item.
- Click the Newbutton at the top of the list of Permission Sets.
Step 2 of 2: Enter permission set information.
- Set the Label to Travel Expenses User.
- Set the API Name to Travel_Expenses_User.
- Set the License to Salesforce.
- Click Saveto continue.
OWD (Organization-Wide Defaults):
- OWD Provides a baseline level of access to all users in the organization on each object in Salesforce.
- OWD is used to indicate which record should be visible to whom.
- OWD can be assigned to both Standard and Custom objects in Salesforce.
Salesforce provides the Below OWD Options.
- Public Read Only.
- Public Read/Write.
- Public Read/Write/Transfer.
- Public Full Access.
- View Only.
- No Access.
- Use
- Controlled By Parent.
Note: OWD can be applicable on the “Object” level. For each object, we can assign a different OWD option. OWD will make the visibility of the records to the users based on “Role Hierarchy”(i.e. OWD Depends on “Role Hierarchy”).
Password Policies:
Password Policies: Define password policies for security.
Navigation: Setup à Administration Setup àSecurity Controls à Password Policies
- User passwords expire in 90 Days.
- Enforce password history The default is 3 passwords remembered.
- Minimum password length. The default is 8 characters.
- Password complexity requirement.
- Password question requirement.
- Maximum invalid login attempts.
- Lockout effective period. The default is 15 minutes.
Course Video
Today’s Tasks:
1. Create a new profile name “Super Admin” by cloning the system admin profile.
2. Create 1 user and add him under the super admin profile.
3. Create a Permission set and include student object CRED into that.
4. Add Permission set to the user for access of student object CRED.
5. Create new role name “Delegated Role” under COO.
YouTube Reference :
1) SFDC Security Models in Hindi/Urdu
2) SFDC Security Models in English