In Salesforce you can control application access and data permission of your users based on the followings:
In Salesforce you can control application access and data permission of your users based on the followings:
a. Org Access (control users login based on IP Ranges and hours)
b. Object Access (control users on which application they can access and what access they have on it)
c. Field Level Security (control which field users can access)
d. Org-Wide Default Permission of an object
e. Role Hierarchy
f. Sharing Rules
g. Permission Set
I will split this into two parts, in first part I will explain and summarize about point a, b, and c.
Point d, e, f, and g will be explained later in part 2.
1. ORG Access
To control when and from where your users can login to your salesforce org based on IP ranges and hours
· There is no IP Ranges and hours restrictions by default
· IP Ranges at Company Level > go to Setup > Security Controls > Network Access
–> Users outside the range will receive an activation code in order to login
· IP Ranges and Login Hours at Profile Level > go to Setup > Manage Users > Profiles > Login IP Ranges
–> Users outside this range will have no access / denied
2. Object Access
Control apps & object access and what permission which users have on that object:
· Based on user’s profile, e.g. end user profile can only access self-service, Service Desk team can only create/read/edit their Incident tickets only, while Incident Manager can create/read/edit/delete all Incidents tickets
· Available from Setup > Manage Users > Profiles
· Profile can be clone to create another custom profile and assign it to your user
3. Field Level Security
Control which field can be seen by users
· based on user’s profile
· only available in Enterprise, Unlimited, and Developer edition
· available from Setup > Create > Objects, select one of the object, e.g. Incident, then click one of the field you want then click set Field-Level Security
· in field level security, you can either hide a field or set it to read only
· The field level security overrides both “Modify All Data” and “View All Data” of user permission
Stay tuned on the second topic next time ^^