Salesforce MVPs Alex Sutherland and Maria Belli give Salesforce Admins an overview of security in Salesforce. From Org wide defaults, to object, field, and record access this presentation will help you understand how to secure your data and understand sharing rules.
1. Getting Started with Security
Alex Sutherland
Salesforce MVP | Philly Dev & Partner UG Leader
Technical Architect at CRM Science
@apexsutherland
Maria Belli
Salesforce MVP | CT Developer Group Leader
Salesforce Technical Lead at CASE Partners
@JustAGirlyGeek
2. Safe Harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions
proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements
other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or
other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or
upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products
and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting,
breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we
operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful
customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential
factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on
Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor
Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time
or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no
obligation and does not intend to update these forward-looking statements.
3. Overview
Organization Access
IP Ranges, Login Hours
Object Access
Profiles
Field Access
Field Level Security
Organization-Wide Defaults
Record Access
Role Hierarchy
Sharing Rules
4. Organization access
By default, your active users can log in
to your org from any location at any hour
For increased security you can setup:
• IP Ranges (Company Level)
Users logging in outside the range are sent an activation code
to the email address on their user record
Setup > Security Controls > Network Access
• IP Ranges (Profile Level)
Users outside this range are denied access
Setup > Manage Users > Profiles > Select Profile > Login IP Ranges
• Login Hours
Specify hours users can log into your org
Setup > Manage Users > Profiles > Select Profile > Login Hours
• Freeze User Accounts
Setup > Manage Users > User | Select user > Click Freeze
5. Object access
Profiles
• Determine the objects users can access and
permissions users have on an object record
• Set whether fields are visible, required,
editable, or read only
• Controls Tab visibility
• Controls App availability
• Controls Object Permissions
(Create, Read, Edit, Delete)
• Setup > Manage Users > Profile
Standard Profiles vs Custom Profiles
• Standard profiles cannot be edited
but can be cloned
• Group, Contact Manager, and Professional
Editions do not support Custom Profiles
Standard User
Create, Read, Edit, Delete
on records they can access
Read Only
Only view records they
can access
System Administrator
View all data
Modify all data
Solution Manager
Standard User +
manage published solutions
Marketing User
Standard User +
import leads
Contract Manager
Standard User +
manage contracts
6. Field access
Page Layouts
• Set whether fields are visible, required, editable, or read only
Field-Level Security
• Further restrict users' access to fields by setting whether those
fields are visible, editable, or read only
Permissions
• Some user permissions override both page layouts and field-level
security settings. (For example, users with the “Edit Read Only
Fields” permission can always edit read-only fields regardless of
any other settings)
Universally required fields
• A custom field can be made universally required, which overrides
any less-restrictive settings on page layouts or field-level security
7. Organization-wide defaults
Determine what access and permissions
users have to records they don’t own
Cannot grant more access to users than they
have through their object permissions
For most objects, organization-wide sharing
settings can be set to Public Read/Write/
Transfer, Public Read/Write, Public Read
Only, or Private
Setup > Security Controls > Sharing Settings
8. Record access
Role Hierarchy
• Extends access to records when sharing settings
are set to anything more restrictive than Public
Read/Write
• Cannot restrict record access to less than what is
granted through the org-wide defaults
• It is not necessary to create individual roles for
each title at your company, rather you want to
define a hierarchy of roles to control access of
information entered by users in lower level roles
• Setup > Manage Users > Roles
9. Sharing rules
Allows users to see/edit data they
don’t own in an otherwise private setup
• For example, use sharing rules to extend sharing
access to users in roles, public groups, or
territories
Owner or Criteria Based Sharing
Can never be stricter than your
organization-wide default settings
10. The conversation never ends!
Join the Conversation!
Over 1,000,000 members strong!
Engage directly with
Salesforce experts!
Hear from our MVP’s,
other customers and
Salesforce resources!
Access resources, webinars,
people, all designed to help
you achieve success!
Join our Success
Collaboration Groups on
success.salesforce.com