22 April 2013

Permission Set Best Practice: You Should Try THIS Out at Home


Unlike profiles which have pre-created (or standard) examples like ‘Standard User’ or ‘System Administrator’, permission sets have no pre-created examples in an org.
Below is a list of permission set examples you may want to create and why they are a good idea.
As a general rule, as you remove a permission from a profile and add it back to individual users through a permission set, you reduce the risk that users who share a profile don't have more access than what they need.

Permission Set ExamplesWhy you might want to create them
View All Data
  • Recertify who can view all data in an org to manage the running user of dashboards rather than giving it out to all users in a profile
  • Enables users to run reports and retrieve all the org data
Modify All Data
  • Be the Automated Case User (for Web to Case forms)
  • Be the Default Lead Creator (for Web to Lead forms)
  • Empty the organization Recycle Bin
  • Unlock all workflows
Manage UsersReduce the number of users who can:

  • Create/Modify Profiles and Permission Sets
  • Create/Modify Sharing Rules
  • Manage all aspects of users including resetting passwords
Is Single Sign-On Enabled
  • Roll-out single sign on throughout the organization regardless of a user's profile.
Price Book Administrator (Read, Create, Edit, Delete on Price Book )
  • Consolidate who in Sales Ops can manage products and price books
View Encrypted Fields
  • Control which users have the ability to View Encrypted Fields rather than relying on larger groups of users having this ability
API Only User
  • Manage Integrations more easily by migrating this permission from all profiles to a single permission set
  • Quickly lock all users from the user interface while performing release updates
Customize App
  • Control who can customize more easily by migrating this permission from all profiles to a single permission set
  • Reduce risk that comes with distributing customization rights to more users than is necessary
Approver
  • Use field level security to determine who can approve a record in an approval process

No comments:

Post a Comment