salesforce_security_impl_guide

More documents

Recommendations

Info

Securing and Sharing Data “View All” and “Modify All” Permissions Overview “View All” and “Modify All” Permissions Overview The “View All” and “Modify All” permissions ignore sharing rules and settings, allowing administrators to quickly grant access to records associated with a given object across the organization. “View All” and “Modify All” may be preferable alternatives to the “View All Data” and “Modify All Data” permissions. Be aware of the following distinctions between the permission types. EDITIONS Available in all editions Permissions View All Modify All View All Data Modify All Data View All Users Used for Delegation of object permissions Managing all data in an organization; for example, data cleansing, deduplication, mass deletion, mass transferring, and managing record approvals Viewing all users in the organization. This permission grants you Read access to all users, so that you can see their user record details, see them in searches, list views, and so on. Users who Need them Delegated administrators who need to manage records for specific objects Administrators of an entire organization Users who need to view all users in the organization, especially if the organization-wide default for the user object is Private. Administrators with the “Manage Users” permission are automatically granted the “View All Users” permission. “View All” and “Modify All” are not available for ideas, price books, article types, and products. “View All” and “Modify All” allow for delegation of object permissions only. To delegate user administration and custom object administration duties, define delegated administrators. “View All Users” is available if your organization has User Sharing, which controls user visibility in the organization. To learn about User Sharing, see User Sharing Overview. Comparing Security Models Salesforce user <strong>security</strong> is an intersection of sharing, and user and object permissions. In some cases, such as in end-user record level access, it is advantageous to use sharing to provide access to records. In other cases, such as when delegating record administration tasks like transferring records, cleansing data, deduplicating records, mass deleting records, and delegating workflow approval processes, it is advantageous to override sharing and use permissions to provide access to records. The “Read,” “Create,” “Edit,” and “Delete” permissions respect sharing settings, which control access to data at the record level. The “View All” and “Modify All” permissions override sharing settings for specific objects. Additionally, the “View All Data” and “Modify All Data” permissions override sharing settings for all objects. The following table describes the differences between the <strong>security</strong> models. EDITIONS Available in: • Enterprise • Performance • Unlimited • Developer • Database.com 34
Securing and Sharing Data Comparing Security Models Target audience Where managed Record access levels Ability to transfer Ability to approve records, or edit and unlock records in an approval process Ability to report on all records Object support Group access levels determined by Private record access Ability to manually share records Ability to manage all case comments Permissions that Respect Sharing End-users “Read,” “Create,” “Edit,” and “Delete” object permissions; Sharing settings Private, Read-Only, Read/Write, Read/Write/Transfer/Full Access Respects sharing settings, which vary by object None Available with a sharing rule that states: the records owned by the public group “Entire Organization” are shared with a specified group, with Read-Only access Available on all objects except products, documents, solutions, ideas, notes, and attachments Roles, Roles and Subordinates, Roles and Internal Subordinates, Roles, Internal and Portal Subordinates, Queues, Teams, and Public Groups Not available Available to the record owner and any user above the record owner in the role hierarchy Not available Permissions that Override Sharing Delegated data administrators “View All” and “Modify All” “View All” and “Modify All” Available on all objects with “Modify All” Available on all objects with “Modify All” Available on all objects with “View All” Available on most objects via object permissions Note: “View All” and “Modify All” are not available for ideas, price books, article types, and products. Profile or permission sets Available on private contacts, opportunities, and notes and attachments with “View All” and “Modify All” Available on all objects with “Modify All” Available with “Modify All” on cases 35
Page 1 and 2: Security Implementation Guide Versi
Page 3 and 4: CONTENTS Chapter 1: Security Overvi
Page 5 and 6: Contents Editing Lead Sharing Rules
Page 7 and 8: CHAPTER 1 Security Overview Salesfo
Page 9 and 10: Security Overview User Security Ove
Page 11 and 12: Security Overview Custom Permission
Page 13 and 14: Security Overview CAPTCHA Security
Page 15 and 16: Security Overview Auditing • Role
Page 17 and 18: Securing and Sharing Data Revoking
Page 19 and 20: Securing and Sharing Data Viewing P
Page 21 and 22: Securing and Sharing Data Cloning P
Page 23 and 24: Securing and Sharing Data App and S
Page 25 and 26: Securing and Sharing Data Working w
Page 27 and 28: Securing and Sharing Data Enable Cu
Page 29 and 30: Securing and Sharing Data Assigning
Page 31 and 32: Securing and Sharing Data Creating
Page 33 and 34: Securing and Sharing Data Editing P
Page 35 and 36: Securing and Sharing Data Searching
Page 37 and 38: Securing and Sharing Data Enable Cu
Page 39: Securing and Sharing Data Object Pe
Page 43 and 44: Securing and Sharing Data Setting F
Page 45 and 46: Securing and Sharing Data Working w
Page 47 and 48: Securing and Sharing Data Setting L
Page 49 and 50: Securing and Sharing Data Restricti
Page 51 and 52: Securing and Sharing Data Managing
Page 53 and 54: Securing and Sharing Data External
Page 55 and 56: Securing and Sharing Data Disabling
Page 67 and 68: Securing and Sharing Data Editing L
Page 69 and 70: Securing and Sharing Data Editing C
Page 71 and 72: Securing and Sharing Data Editing C
Page 73 and 74: Securing and Sharing Data Sharing R
Page 75 and 76: Securing and Sharing Data User Shar
Page 77 and 78: Securing and Sharing Data Sharing U
Page 81 and 82: Securing and Sharing Data Viewing A
Page 83 and 84: Securing and Sharing Data Granting
Page 85 and 86: Configuring Salesforce Security Fea
Page 91 and 92:
Configuring Salesforce Security Fea
Page 93 and 94:
Configuring Salesforce Security Fea
Page 95 and 96:
CHAPTER 4 Enabling Single Sign-On S
Page 97 and 98:
Enabling Single Sign-On • Before
Page 99 and 100:
Monitoring Your Organization's Secu
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Security Tips for Apex and Visualfo
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
INDEX A Access about 10 revoking 11
Page 115 and 116:
Index Profiles (continued) object p
show all

salesforce_security_impl_guide

Create successful ePaper yourself

Delete template?

Save as template?