Back

User Profile and Permission sets Q&A

1. Is it possible to delete the user in salesforce?

No, once we create user in salesforce we cannot delete the user record. We can only deactivate the user record.

2. What is ‘Grant Account Login Access’? How to enable ‘Grant Account Login Access’?

If you need help resolving a problem, you can grant login access to your account to a Salesforce administrator or a support representative.

If we enable ‘Grant Account Login Access’ for a user then we can see ‘Log in’ button on the detail page of that user. By clicking on that ‘Log in’ button without giving that user’s username and password we can log in.

To enable the ‘Grant Account Login Access’ follow the below steps –

  • Log in as a user to whom you want to enable Log in access.
  • At top right corner click on name (Which should be left to Setup) > My Settings
  • User should be able to see user’s personal set up page.
  • Left side, click on Personal Information > Grant Account Login Access
  • User should be able to see Grant Account Login Access page
  • In Access Duration column select ‘1 Year’ for all the records and click on ‘Save’ button.
  • Log out and Log in as any other user in the organization then click on Manage Users > Users.
  • User should be able to see list of records and verify the user to whom we enabled the Grant Account Login Access
  • User should be able to see the Login link beside Edit link.
  • Click on Login then user should be able to login as that user mode
  • Observe at top right corner, user should be able to see Logged in as ‘Name of the user’ which should be highlight in black color.
  • Click on Logout
  • User should be come back to original user’s mode, Observe at top right corner, user should not be able to see Logged in as ‘Name of the user’
3. How to provide security for Meta-Data files (Schema)?

Using Profiles and Permission Sets.

4. What is Profile?

A profile is a group/collection of settings and permissions that define what a user can do in salesforce.

A profile controls “Object permissions, Field permissions, User permissions, Tab settings, App settings, Apex class access, Visualforce page access, Page layouts, Record Types, Login hours & Login IP ranges.

We can map only one profile for one user and without mapping the profile we cannot create the user.

5. What is Permission Set?

Permission set is also very similar to profile. Whatever you can manage at profiles (Like Object permissions, Field Permissions, User permissions, Tab settings, App settings, Apex class permission, visualforce permission) the same you can manage here also.

But the main difference between these two is that user can have only one profile and can have multiple permission sets at time.

Example: To give additional permissions to few users who belongs to different profiles over Apps, Tabs, sObjects and fields.

6. How to give permissions to two fields for different users who belongs to different profiles?

Permission sets.

7. How many users are there in your project salesforce instance?

1000 (It will depends upon the number of licenses taken by the client, it will be like upto 4000 like that based on the client)

8. How to provide security for the Records (Instance)?
  • Roles
  • OWD (Organization Wide Defaults)
  • Sharing Rules
  • Manual Sharing
  • Apex Managed sharing
9. What is role?

A role hierarchy controls level of visibility that users have to an organization data.

  • By defining role hierarchies we can share access to records.
  • Users assigned to roles near the top of hierarchies like (CEO, executives and other higher level roles) get to access the data of all users who fall directly below them i hierarchy.
10. What is OWD?

Organization-Wide Defaults, or OWDs, are the baseline security you for your Salesforce instance. Organizational Wide Defaults are used to restrict access. You grant access through other means we will talk about later (sharing rules, Role Hierarchy, Sales Teams and Account teams, manual sharing, etc).

There are four levels of access that can be set:

  1. Private
  2. Public Read/Only
  3. Public Read/Write
  4. By default after creating custom object OWD access level is Public Read/Write.

Private: only owner and above hierarchy users can have Read/Write access and below hierarchy users don’t have any access.

Public Read only: only owner and above hierarchy users can have Read/Write access and below hierarchy users can have only Read Only.

Public Read/Write: Irrespective of role hierarchy everyone can have Read/Write permissions on the records.

11. What is Grant Access Using Hierarchies?

Determine whether users have access to records they don’t own, including records to which they don’t have sharing access, but someone below them in the hierarchy does. Say there are three roles

  • Role A
  • Role B
  • Role C

Role A is higher in hierarchy, Role B is in middle and Role C is lower in hierarchy

If the Role A user through Manual Sharing or Sharing Rules, shares the record to Role C user who is in lower hierarchy, then the Role B user who is above in hierarchy to Role C user can see the records, if we enable Grant Access Using Hierarchies at sharing settings else Role B user cannot see the record.



Back
Site developed by Nikhil Karkra © 2023 | Icons made by Freepik