Getting Started with SalesForce CRM

Security and Data Access in SalesForce CRM

BISP is committed to provide BEST learning material to the beginners and advance learners. In the same series, we have prepared a complete end-to end Hands-on Beginners G ide !or Sales"orce. The doc ment !oc ses on basic #e$words, terminolog$ and de!initions one sho ld #now be!ore starting Sales"orce %oin o r pro!essional training program and learn !rom e&perts.

Description:

History:
Version Date 0. 0. Description Change !nitial Dra"t Re&ie)* Author Publish 0th %o& '0 ( 0th %o& '0 ( Chandra Pra#ash Shar$a A$it Shar$a

www.bispsol tions.com Page '

www.bisptrainigs.com

www.h$periong r .com

.................................................................................................................................... ( )estrict logins................................................................................................................. * +ogin ho r restrictions ,................................................................................................ * +ogin Ho rs ,............................................................................................................. * )estricting +ogin IP -ddresses ,..................................................................................... /etermine 0b1ect -ccess Sec rit$...................................................................................2 3iewing the 0b1ect -ccess and "ield-+evel Sec rit$ )eport ,.......................................2 .................................................................................................................................. 2 4 stom 0b1ect Sec rit$ ,.............................................................................................. 5 6anage record access with the role hierarch$ ...............................................................7 )oles ,........................................................................................................................... 7 How to Set ) les ,..................................................................................................... 8 Permission Sets ,........................................................................................................ '( E&ceptions .................................................................................................................... '. 6anage !ield-level sec rit$ ........................................................................................... '2 "or 3iew "ield level Sec rit$ , ................................................................................. '5 6anage "ield +evel Sec rit$ ,.................................................................................. '7

www.bispsol tions.com Page (

www.bisptrainigs.com

www.h$periong r .com

Restrict logins
To help protect $o r organi9ations data against na thori9ed access, $o have several options !or setting login restrictions.

+ogin hour restrictions :

I! login ho r restrictions are set !or the ser:s pro!ile, an$ login attempt o tside the speci!ied ho rs is denied. "or each pro!ile, $o can set the ho rs when sers can log in.

+ogin Hours :
Sales"orce provide to $o +ogin histor$ !eat res, ;o can set login ho rs in organi9ation Start or end time . ,R Select the da$s and ho rs that sers with this pro!ile are allowed to log in. <ote that all times are e&act times speci!ic to a time 9one. +ogin ho rs will be applied at those e&act times even !or sers in di!!erent time 9ones.

Ho) to Set +ogin hours :

Setup = Mange users = Pro"ile Select pro!ile name >E&,- )ecr iter ?> which want do $o need?. -!ter then come to down on page there is $o can !ind +ogin hours. see below Step :-

-!ter that clic# on .dit b tton. then $o can see new page below. Step ' :In this page $o can set Start or End time b$ da$, -!ter that select login ho rs clic# on Sa&e b tton.

www.bispsol tions.com Page *

www.bisptrainigs.com

www.h$periong r .com

-!ter clic#ing on save b tton $o can see $o r login ho rs detail on pro!ile page see below. There is $o can Edit these login ho rs and also /elete these login ho rs.

Restricting +ogin !P Addresses :

Vie) login !P ranges .dit login !P ranges Delete login !P ranges /ser Per$issions %eeded 3iew Set p and 4on!ig ration 6anage @sers 6odi!$ -ll /ata

;o can control login access on a sers pro!ile b$ speci!$ing a range o! IP addresses. Ahen $o de!ine IP address restrictions !or a pro!ile, an$ login !rom a restricted IP address is denied. Ho) to Set +ogin !P Ranges : Setup = Mange users = Pro"ile Select pro!ile name >E&,- )ecr iter ?> which want do $o need?. -!ter then come to down on page there is $o can !ind +ogin !P Ranges . see below

www.bispsol tions.com Page .

www.bisptrainigs.com

www.h$periong r .com

Step

4lic# on %e) b tton !or create +ogin IP )anges.

Step ' : There is $o can see two !ields, Start IP -ddress and End IP -ddress, ;o can give IP address, which IP address allow to ser !or login. %ote :For Single !P Address : I! $o want to set single IP address, give this t$pe. Start !P Address '((.'2..((...7 .nd !P Address '((.'2..((...7

For ,ne to More Range !P Address : I! $o want to Set 0ne or 6ore )ange IP address, speci!$ li#e this Start !P Address '((.'2..((...7 .nd !P Address '((.'2..((..B8

-!ter clic# save b tton then $o can see $o r IP address on pro!ile setting page, see below.

www.bispsol tions.com Page B

www.bisptrainigs.com

www.h$periong r .com

Deter$ine ,b0ect Access Security

Vie)ing the ,b0ect Access and Field-+e&el Security Report :
$o can also give "ield-+evel Sec rit$ in ser pro!ile on non-editable page. Scroll down $o will !ind "ield-+evel sec rit$. 0b1ect permissions speci!$ the access that sers have to standard and c stom ob1ects. 4reate - @sers can read and create records. Edit - @sers can read and pdate records. )ead - @sers can onl$ view records o! this t$pe. /elete - @sers can read, edit, and delete records. There is available Standard "ield +evel Sec rit$, 4 stom "ield +evel Sec rit$, In Standard "ield +evel Sec rit$ create permission on create acco nt b$ Sales"orce.com. ;o can change on 4 stom "ield +evel Sec rit$ 4lic# on 3iew +in# then open new page. "or E& ,- I have select 4andidate "ield. $o can see below.

Step : 4lic# on .dit b tton.

Step ' : www.bispsol tions.com Page 2 www.bisptrainigs.com www.h$periong r .com

There is some chec# bo& is not enable, beca se these chec# bo& are 6andator$ "ields. and some chec# bo& is visible this chec# bo& <on 6andator$ !ield. In <on 6andator$ "ield $o can provide permission )ead-0nl$, 3isible. $o can choose it.

Custo$ ,b0ect Security :

In Sales"orce man$ sec rit$ settings wor# together so $o can control access to $o r c stom ob1ects with !le&ibilit$. Set c stom ob1ect sec rit$ !ollowing levels , Tab, 0b1ect, )ecords, )elationship, "ields 1ab - /ispla$ the c stom tab !or s itable sers based on their ser pro!iles. ,b0ect - Set the access sers have to create, read, edit, and delete records !or each ob1ect. Records - Set the de!a lt sharing model !or all $o r sers. Relationship - "or ob1ects on the detail side o! a master-detail relationship, speci!$ the sharing access that sers m st have to the master record in order to create, edit, or delete records. Fields - Set the level o! access sers have to !ields on $o r c stom ob1ect page la$o t. Custo$ ob0ects )ith no $aster-detail relationship :

www.bispsol tions.com Page 5

www.bisptrainigs.com

www.h$periong r .com

Manage record access )ith the role hierarchy

Roles :
B$ sing Sales"orce.com $o can Set in $o r organi9ation )oles. )oles are one o! the wa$s $o can control access to records. Set p $o r )ole Hierarch$ to control how $o r organi9ation reports on and accesses data.

www.bispsol tions.com Page 7

www.bisptrainigs.com

www.h$periong r .com

Ho) to Set Rules :

4lic# Setup = Manage user = Rules then clic# on Set /p Rules b tton . see below. There $o can see that $o r organi9ation role hierarch$ , here $o can Edit role , /elete )ole and -dd )ole.

.dit Role :
Step : 4lic# on Edit lin# !or Editing role.

Step ' : www.bispsol tions.com Page 8 www.bisptrainigs.com www.h$periong r .com

i! $o need to change !ield:s name $o can do it. a!ter that clic# on Sa&e b tton.

Add Role :
Step : 4lic# on -dd )ole lin# !or Editing role.

Step ' : "ill all !ield:s +abel, )ole <ame, )eport to then clic# on Sa&e b tton.

-!ter that $o can see the )ole Hierarch$ list 6anager is added.

www.bispsol tions.com Page 'C

www.bisptrainigs.com

www.h$periong r .com

Delete Role : B$ sing Delete lin# $o can delete )ole in hierarch$.

4lic# on /el lin# b tton $o can get con!ormation 6essage clic# o# b tton $o can delete )ole.

Assign Role : "irst $o can clic# on Assign lin# .

Then select ser name, -!ter then select ser name clic# on Add b tton, Then clic# on Sa&e b tton. ;o can also "ind ser in available sers.s

www.bispsol tions.com Page ''

www.bisptrainigs.com

www.h$periong r .com

Per$ission Sets :
Ho) to Set Per$ission : Setup = Manage /sers = Per$ission Sets, 4lic# on %e) b tton.

www.bispsol tions.com Page '(

www.bisptrainigs.com

www.h$periong r .com

-!ter that clic# on @sers. Setup = Manage /sers = /ser, clic# on %e) @ser or i! want to pdate e&isting ser pro!ile clic# on ser pro!ile a!ter that select Per$ission Set Assign$ents and clic# on .dit Assign$ent b tton. $o can see below.

-!ter that select ser permissions, then assign ser permissions then clic# on Save b tton. $o can see below .

www.bispsol tions.com Page '*

www.bisptrainigs.com

www.h$periong r .com

.2ceptions
-n e&ception is a problem that arises d ring the e&ec tion o! a program. -n e&ception can occ r !or man$ di!!erent reasons. -n e&ception denotes an error that disr pts the normal !low o! code e&ec tion. ;o can se -pe& b ilt-in e&ceptions or create c stom e&ceptions. -ll e&ceptions have common methods. -ll e&ceptions s pport b ilt-in methods !or ret rning the error message and e&ception t$pe. In addition to the standard e&ception class, there are several di!!erent t$pes o! e&ceptions. .2ception Async.2ception Callout.2ception D$l.2ception .$ail.2ception !n&alidPara$eterValue.2ce ption 3S,%.2ception Description -n$ problem with an as$nchrono s operation, s ch as !ailing to enD e e an as$nchrono s call. -n$ problem with a Aeb service operation, s ch as !ailing to ma#e a callo t to an e&ternal s$stem. Problem with a /6+ statement, s ch as an insert statement missing a reD ired !ield on a record. Problem with email, s ch as !ail re to deliver. "or more in!ormation, see 0 tbo nd Email. Problem with a @)+. This is generall$ sed with 3is al"orce pages. "or more in!ormation on 3is al"orce. Problem with %S0< seriali9ation and deseriali9ation operations. "or more in!ormation, methods o! S$stem.%S0<, S$stem.%S0<Parser, and S$stem.%S0<Generator. Problem with a list, s ch as attempting to access an inde& that is o t o! bo nds. Problem with a mathematical operation, s ch as dividing b$ 9ero. www.bisptrainigs.com www.h$periong r .com

+ist.2ception Math.2ception www.bispsol tions.com Page '.

%oAccess.2ception

%oDataFound.2ception

%oSuch.le$ent.2ception

%ullPointer.2ception

4uery.2ception

Re5uiredFeatureMissing

Search.2ception

Security.2ception Seriali6ation.2ception S,b0ect.2ception

String.2ception 1ype.2ception

Visual"orce.2ception 7$l.2ception

Problem with na thori9ed access, s ch as tr$ing to access an s0b1ect that the c rrent ser does not have access to. This is generall$ sed with 3is al"orce pages. Problem with data that does not e&ist, s ch as tr$ing to access an s0b1ect that has been deleted. This is generall$ sed with 3is al"orce pages. @sed speci!icall$ b$ the Iteratorne&t method. This e&ception is thrown i! $o tr$ to access items be$ond the end o! the list. E&,- i! iterator.has<e&t>? EE !alse and $o call iterator.ne&t>?, this e&ception is thrown. Problem with dere!erencing n ll, s ch as in the !ollowing code, String sF s.to+ower4ase>?F Problem with S0G+ D eries, s ch as assigning a D er$ that ret rns no records or more than one record to a singleton s0b1ect variable. - 4hatter !eat re is reD ired !or code that has been deplo$ed to an organi9ation that does not have 4hatter enabled. -n$ problem with S0S+ D eries e&ec ted with S0-P -PIsearch>? call, !or e&ample, when the searchString parameter contains less than two characters. -n$ problem with static methods in the 4r$pto tilit$ class. "or more in!ormation, see 4r$pto 4lass. Problem with the seriali9ation o! data. This is generall$ sed with 3is al"orce pages. Problem with s0b1ect records, s ch as attempting to change a !ield in an pdate statement that can onl$ be changed d ring insert. Problem with Strings, s ch as a String that is e&ceeding $o r heap si9e. Problem with t$pe conversions, s ch as attempting to convert the String :a: to an Integer sing the val e0! method. Problem with a 3is al"orce page. Problem with the HmlStream classes, s ch as !ailing to read or write H6+.

Co$$on .2ception Methods : %a$e Return 1ype getCause E&ception

get+ine%u$ber www.bispsol tions.com Page 'B

Integer www.bisptrainigs.com

Description )et rns the ca se o! the e&ception as an e&ception ob1ect. )et rns the line n mber !rom where the e&ception www.h$periong r .com

getMessage getStac#1raceString get1ype%a$e

String String String

initCause

void

setMessage

void

was thrown. )et rns the error message that displa$s !or the ser. )et rns the stac# trace as a string. )et rns the t$pe o! e&ception, s ch as /mlE&ception, +istE&ception, 6athE&ception, and so on. Sets the ca se !or this e&ception, i! one has not alread$ been set. Sets the error message that displa$s !or the ser.

.$ail.2ception and DM+.2ception Methods : %a$e getD$lField%a$e s getD$lFields Return 1ype String IJ Description )et rns the names o! the !ield or !ields that ca sed the error described b$ the ith !ailed row. )et rns the !ield to#en or to#ens !or the !ield or !ields that ca sed the error described b$ the ith !ailed row. "or more in!ormation on !ield to#ens, see /$namic -pe&. )et rns the I/ o! the !ailed record that ca sed the error described b$ the ith !ailed row. )et rns the original row position o! the ith !ailed row. )et rns the ser message !or the ith !ailed row. /eprecated. @se get/mlT$pe instead. )et rns the -pe& !ail re code !or the ith !ailed row. )et rns the val e o! the S$stem.Stat s4ode en m. )et rns the n mber o! !ailed rows !or /6+ e&ceptions.

Schema.s0b1ect"ield IJ

getD$l!d

String

getD$l!nde2 getD$lMessage getD$lStatusCod e getD$l1ype get%u$D$l

Integer String String

S$stem.Stat s4ode Integer

Manage "ield-le&el security

Sales"orce.com provide man$ sections, !ollowing sections describe the characteristics and behaviors o! page la$o ts, mini page la$o ts, and !ield-level sec rit$. www.bispsol tions.com Page '2 www.bisptrainigs.com www.h$periong r .com

Ad$inistrators restrict users8 access to &ie) and edit speci"ic "ollo)ing "ields : /etail and edit pages. )elated lists. +ist views. )eports. 4onnect 0!!line. Email and mail merge templates. 4 stom lin#s. The partner portal. The Sales"orce 4 stomer Portal. S$nchroni9ed data. Imported data.

For Vie) Field le&el Security :

Setup = Custo$i6e = user Page +ayout, a!ter that choose an$ ob1ect to appl$ "ield Sec rit$.

Step : 4hoose an$ lin# !or per!orm www.bispsol tions.com Page '5 www.bisptrainigs.com www.h$periong r .com

action.

Select an$ lin# and see "iled level sec rit$ .

Manage Field +e&el Security :

Setup = Manage user = Pro"ile, Select an$ pro!ile then go to down and $o can see Field le&el security , clic# on an$ !iled . $o can see below.

Step : clic# on Edit b tton. Step ' : chec# or nchec# chec# bo& !or "ield level sec rit$ a!ter that clic# on Sa&e b tton.

www.bispsol tions.com Page '7

www.bisptrainigs.com

www.h$periong r .com

www.bispsol tions.com Page '8

www.bisptrainigs.com

www.h$periong r .com