26 March 2013

What can View All Data do?


I hear this question quite a bit: "We have over one hundred people with View All Data which is too many. How can I reduce this number to reduce the risk that people can view more than they should be able to?"

Before you can reduce the list of who has View All Data, you may need to determine if any of those users have this permission for one of the following ten reasons listed below. If they don't need to accomplish one of these tasks, it's a good idea to change their profile or permission sets over to something that doesn't have View All Data. 

  1. You need Read on all objects (Sharing is ignored in this case) - this is the primary use case for granting View All Data and what View All Records was meant to solve for by ignoring sharing on an object basis rather than across all objects.
  2. You need to set the Running User of a dashboard to someone other than yourself (requires Manage Dashboards permission as well)
  3. Anyone with Modify All Data, Author Apex, Download AppExchange Packages or Create AppExchange Packages will also get View All Data (it's required).
  4. The "big deal alert" user on opportunities needs to have view all data
  5. You need to view private attachments, notes, and Google docs from other users will be displayed in the related list and in the API
  6. You need to view private events and tasks owned by other people are available in the calendar and API.
  7. You need API Access to Forecasting
  8. You need to do an API Upsert on a non unique fields
  9. You need to use the System (Apex) system log (in the header)
  10. You need to view private chatter groups
For more ideas on what to do when you have too many people with View All Data, check out this previous salesforce hacker post.

No comments:

Post a Comment