22 April 2013

Permission Set Best Practice: You Should Try THIS Out at Home


Unlike profiles which have pre-created (or standard) examples like ‘Standard User’ or ‘System Administrator’, permission sets have no pre-created examples in an org.
Below is a list of permission set examples you may want to create and why they are a good idea.
As a general rule, as you remove a permission from a profile and add it back to individual users through a permission set, you reduce the risk that users who share a profile don't have more access than what they need.

Permission Set ExamplesWhy you might want to create them
View All Data
  • Recertify who can view all data in an org to manage the running user of dashboards rather than giving it out to all users in a profile
  • Enables users to run reports and retrieve all the org data
Modify All Data
  • Be the Automated Case User (for Web to Case forms)
  • Be the Default Lead Creator (for Web to Lead forms)
  • Empty the organization Recycle Bin
  • Unlock all workflows
Manage UsersReduce the number of users who can:

  • Create/Modify Profiles and Permission Sets
  • Create/Modify Sharing Rules
  • Manage all aspects of users including resetting passwords
Is Single Sign-On Enabled
  • Roll-out single sign on throughout the organization regardless of a user's profile.
Price Book Administrator (Read, Create, Edit, Delete on Price Book )
  • Consolidate who in Sales Ops can manage products and price books
View Encrypted Fields
  • Control which users have the ability to View Encrypted Fields rather than relying on larger groups of users having this ability
API Only User
  • Manage Integrations more easily by migrating this permission from all profiles to a single permission set
  • Quickly lock all users from the user interface while performing release updates
Customize App
  • Control who can customize more easily by migrating this permission from all profiles to a single permission set
  • Reduce risk that comes with distributing customization rights to more users than is necessary
Approver
  • Use field level security to determine who can approve a record in an approval process

2 comments:

  1. Great Article Cloud Computing Projects

    Networking Projects

    Final Year Projects for CSE

    JavaScript Training in Chennai

    JavaScript Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

    ReplyDelete