Post on 11-Apr-2017
Setting up security Naveen Gabrani Joseph Dindinger CEO CEO ngabrani@astreait.com TO A FINISH @ngabrani
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Safe Harbor
Naveen Gabrani CEO, Astrea IT Services Pvt Ltd
§ Security: Who has access to what records
§ What type of access: No access, View, Write, Delete
§ Scenarios
Importance of Security
Criteria Access Level Profile Opportunity value > 1 Million Visible Sales persons Account in California Editable Sales team in CA Cases Visible All organization
§ Talk to senior users and management § What tasks different users need to perform
§ What all information needs to be kept secure
§ Classify your users into groups that perform similar operations
§ Map your objects to these user groups § What level of visibility is needed
Design of Security
Access is a many layered thing....
ORG ACCESS
OBJECT ACCESS
RECORD ACCESS
FIELD ACCESS
IP RANGES,LOGIN HOURS
PROFILES
ROLE HIERARCHY
FIELD LEVEL SECURITY
§ Profiles: Group of users that perform similar operations § Sales Team based in Boston
§ Customer Service Project Managers
§ Call center agents for European customers
§ Each user is mapped to a unique profile
Profiles
§ Minimum access needed for all the Salesforce users to an object
§ Possible Values
§ Private
§ Public Read Only
§ Public Read/Write
OWD: Organization Wide Default
Role Hierarchy
CEO
VP Sales
Sales Director International
Sales Director US
VP Projects
Project Manager
A Manager has access to all records that are accessible to its reportees
ü “Grant Access Using Hierarchies” Record owner and Salesforce Admin have access to all records
Master Detail relationship, child inherits OWD from parent
View All Data settings: access to all records
Each user is mapped to a unique role
Joseph Dindinger CEO, To A Finish LLC
§ Control access to company data
§ Rules for sharing access to data § Accounts
§ Contacts
§ Widgets_c
§ Etc.
What ARE sharing rules?
Access to objects Access to fields Access to features
What sharing rules are NOT.
Private
Sharing Rules Starting Point
Public
§ Read Only
§ Read Write
§ Full Access
Different Types of Access
§ Transfer
§ Use
§ Public Read/Write
§ Public Read Only
§ Private
§ Controlled by Parent
§ Grant Access Using Hierarchies
Common Sharing Settings
Manual Sharing
Sharing Settings Strategies
Rule-based Sharing
Programmatic Sharing
Sharing Rules Scenario
Cars X provides high-end cars for executives around the world. Sales reps at Cars X are given full access to all accounts, but can only edit contacts that belong to them. Opportunities are strictly private; only the sales rep and his or her management tree are allowed to see them.
* Note: Some opportunities, those under $10,000 should be seen by everyone.
We must set the Accounts to:
Public Read/Write (Default)
Step 1: Account Sharing Settings
We must set the Contacts to:
Public Read Only (change from Controlled by Parent)
Step 2: Contact Sharing Settings
§ We must set the Opportunities to:
Private (Change from Public Read Only)
§ We must add a sharing rule to give read only access to sales reps who share roles
Step 3a: Opportunity Sharing Settings
§ We must add a sharing rule based on specific criteria to give read only access to any opportunity below $10k
Step 3b: Opportunity Sharing Settings
Sharing Rules Demo
Sharing Settings Overview
§ Can be enabled or disabled per object § Can be confusing and only to be used in
cases where rules cannot be made to fit § Needs maintenance, especially if ownership
changes
Manual Sharing
§ The most common solution for most situations
§ Extremely powerful and customizable § Once set, can be forgotten until the rules of
business change
Rule-based Sharing
§ If default settings don't work
§ If roles don't fit the bill
§ If rules can't be written
§ If manual sharing is too tedious and error prone...
THEN you can use Apex programing to share records correctly
Programmatic Sharing
Programming Scenario
Cars X hires drivers in each state who will take a car from the dealer and drive it to the buyer’s house. These drivers are in the Cars X Partner Community and should be able to edit only three fields on Closed Opportunities in their assigned states. The three fields they can edit are:
1. Assigned Driver (a lookup to the User object)
2. Target Delivery Date
3. Date Delivered
* Note: Once the Assigned Driver field has been saved, all other drivers should no longer be able to see the opportunity.
Programming Sample Code
Sample 1: Trigger to Share Code
Sample 2: Trigger to Remove Share
Sample 3: Trigger Handler Code to do the actual Sharing
§ Think it through with all involved
§ Document thoroughly
§ “Bulkify” your code carefully and thoroughly
§ Set up a log in case of failure
§ Use Asynchronous Code (@Future or Batch)
Tips for Programming Sharing
Permission Sets & Profiles Overview
§ Which Objects and Fields you can see (not which records)
§ Which Features/Functions you can use
Permission Sets & Profiles Determine
Permission Sets vs Profiles
Differences include : § The ability to set features across multiple
profiles § Ease of assigning to multiple users
Profiles, Permission Sets & Sharing Rules
Data vs. MetaData
Permission Sets
& Profiles Sharing Rules
Our Last Scenario
Our last scenario could not have been completed without sharing rules AND permission sets/profiles
Thank you
Share Your Feedback, and Win a GoPro!
3 Earn a GoPro prize entry for each completed survey
Tap the bell to take a survey 2Enroll in a session 1