24 January 2013

What can Modify All Data do?


I had this question come up last Friday: "What can Modify All Data really do?"

We all know this permission to mean, "system administrator".  But we rarely look at the detail of what makes up the second most powerful permission in the Salesforce.com universe.

To give you some idea any user with the Modify All Data permission on their profile can do any of the following things:

Data Tasks

  • Full Access on all objects (Ignores sharing and any other security)
  • Ability to unlock records in a workflow approval process
  • Access to the mass delete page in setup
  • Ability to edit divisions and mass transfer objects between divisions
  • Allow the user to edit shares on objects not owned by them
  • Can import Person Accounts and Contacts
  • Has access to mass update addresses
  • Can delete a pending import
  • Can import solutions even without the Import Solutions perm
  • Can change document owner
  • Can edit opportunity line item unit price
  • Can edit existing case comments
  • Required for deleting case comments
  • Allows editing/deleting of private contacts owned by someone else
  • Allows editing all forecasts
  • Can access mass mails
Administrative Tasks
  • Access to the "empty all org" button in recycle bin
  • Can export an org to sandbox
  • Shows the Data Loader link in setup (But not required to use the Data Loader!!!!)
  • Can enable Salesforce 2 Salesforce
  • There must be at least one active user with Modify All Data in an org
  • Modify all data is needed to delete *all* custom reports for an object

Developer Tasks

  • Access to the Metadata API for a developer
  • Access to the outbound and workflow outbound messaging queues
  • Author Apex requires Modify All Data - so to write Apex, you first must have Modify All Data
User Management Tasks
  • Can edit anyone's quota
  • Can edit sales teams on other users accounts
  • Can Login as another user once granted access
  • Without Modify All Data, you cannot assign a user to a profile that has Modify All Data

Permissions Modify All Data requires (these permissions will be automatically enabled when you enable Modify All Data; conversely, Modify All Data will be disabled if any of the following permissions are disabled):

  • Read, Create, Edit, Delete, View All, Modify All on all standard and custom objects
  • Convert Leads
  • Create and Customize Reports
  • Edit Events
  • Edit Personal Quota
  • Edit Tasks
  • Import Leads
  • Import Solutions
  • Manage Categories
  • Manage Dashboards
  • Manage Public Documents
  • Manage Public List Views
  • Manage Public Reports
  • Manage Public Templates
  • Override Forecasts
  • Run Reports
  • Transfer Leads
  • Transfer Record
  • Use Team Reassignment Wizards
  • View All Data
  • View All Forecasts
  • View Setup and Configuration


2 comments:

  1. Adam this list is HUGE help! Thanks! Just found another one which is the ability to "Manage Sandboxes" (Create/Edit/Delete/Refresh/Activate).

    http://help.salesforce.com/HTViewHelpDoc?id=data_sandbox_manage.htm&language=en_US

    ReplyDelete
    Replies
    1. Hi Dave,

      Glad this helped!! Thanks for following the blog!

      Adam

      Delete