Secure Data Access – Certified Advanced Salesforce Admin Exam Guide

Posted on by zeusexam

Secure Data Access

In each Salesforce organization, the administrator is the key holder: they are the guardian of the company’s data and thus their main concern is protecting this valuable asset. The right object permissions shape data according to the kind of user who accesses it, while planning the right sharing strategy enables users to see only the subset of records they are authorized to read and/or write, thus delivering coherent and safe business processes.

In this chapter, we will learn about the following topics:

  • How data security is handled within the Salesforce platform
  • The difference between profiles and permission sets to define what users can do
  • Setting up record-level security to restrict/allow access to data depending on the user’s shape
  • The Salesforce sharing model (from organization-wide default sharing to manual sharing), which determines which objects can be accessed by whom
  • Setting up Enterprise Territory Management for a territory-based record-sharing model
  • Handling sharing in Salesforce communities to give external users access to data

Controlling who sees what

With tens (or even thousands) of users in your Salesforce organization, choosing the right way to make data visible is an administrator priority: you have to control who sees what and you need to be aware of all the options your Salesforce customer relationship management (CRM) provides.

It’s not a coincidence that secure data access is the first subject we are going to study in this book.

In my 10 years’ experience, being able to master data access management has always been the key to better data organization, better platform performances, better CRM usability, and of course better customer satisfaction.

Plan the right data sharing and visibility policies at the beginning of your project’s journey, along with your data model and business processes. This will prevent your team from strong headaches when the project goes on and no one has ever pictured how users should see data – believe me, doing this important design step at the end of the project is a nightmare.

Data is your number one CRM resource, so use it carefully and with be conscious of it. Let the Salesforce platform take care of it and gently bring your sharing model to life.

Licensing

Like in most applications, every data story begins with a user: they authenticate against the application, they are recognized by their credentials and profile (we’re not talking about Salesforce profiles but the generic set of powers a specific kind of user has), and then they are allowed to access the application’s features and a subset of the data.

A Salesforce user is identified by their license. The User License field is one of the mandatory fields of the Salesforce user object:

License selection with user creation

The available licenses can be found in Setup | Company Settings | Company Information, in the User Licenses section:

Salesforce Company Information – list of available licenses

The number and type of available licenses you have depends on what your company or your customer has agreed to with Salesforce.

For a complete list of available pricing tiers and products, please refer to https://www.salesforce.com/editions-pricing/overview/.

We can reasonably divide licenses into three groups regarding data sharing:

  • Full sharing model usage users/licenses: Users within this category have full access to the Salesforce sharing system. Some objects may not be accessible (for example, the free edition cannot access base CRM objects), but the engine is still there and configurable. This class of users is usually referred to as internal users.
  • High volume customer portal licenses: Users within this category do not have access to the sharing model. Instead, sharing is enabled by matching user fields with other object’s relations (for example, the contact lookup on the user is used to provide access to cases with the same contact value). This class of users is generally used in Salesforce communities.
  • Chatter-free license: This category doesn’t have access to the sharing model or any CRM object (standard or custom) and it features collaboration-only access (chatter, groups, and people, to name a few).

For further details on licensing that are out of this scope, have a look at the Trailblazer Community documentation at https://help.salesforce.com/articleView?id=users_licenses_overview.htm.

In a few words, the license constrains the kind of powers a user has, which is then delivered with profiles and permission sets. We’ll take a look at these in the upcoming sections.

Leave a Reply

Your email address will not be published. Required fields are marked *