Administrative Security
,The Force Platform includes a wide range of built-in capabilities. You usually do not want to give all the power of the complete platform to all users in the environment. Administrative permissions are used to grant or deny access to some areas of Force Platform functionality for particular users.
Profiles
Profiles are a way you can group users together for easier administration. A user can belong to one and only one profile, although administrators can change profile membership for a user.
You have already used profiles in previous chapters of this book - to assign access to objects, default record layouts and record types. Profiles are the basis for allowing administrative and component permissions. Profiles are defined and edited through the Setup
Manage Users
Profiles page, which gives you access to detail pages for a profile by clicking on the profile name, as partially shown in the figure below.
This page allows you to assign page layouts, application and tab access and record type settings. Component-based permissions, described in the next section, can also be assigned from this page, along with various administrative and user permissions.
Your Force Platform environment comes with several predefined profiles. Administrators can create custom profiles to fit the needs of their organizations.
Administrative permissions
Administrative permissions allow users to manage higher levels of their Force Platform environment. The highest administrative permissions are granted when a user is assigned to the System Administrator profile, allowing access to all of the Administrative Setup choices.
Some of the other administrative permissions revolve around the use of Salesforce platform applications. The following table provides a summary of the relevant administrative permissions for Force Platform developers.
| Permission Type | Permission | Description |
|---|---|---|
| Security | Manage Users | Allows creation and modification of users for the organization, and access to profiles and sharing settings. This permission allows the owner to grant all other permissions to users, so should be assigned with care. |
| Password never expires | Eliminates password policy requirements to expire passwords after a designated interval. | |
| API-enabled | Allows access to organizations through the Force Platform API. Without this permission, users cannot access the platform from outside of native applications. | |
| API-Only User | Only allows access through the Force Platform API. | |
| View Setup and Configuration | Gives users the ability to see the organization setup information, but not make any changes to this information. | |
| Supporting Objects | Customize application | Allows user access to the complete Setup menu for Force Platform applications. |
| Edit HTML Templates, Manage Letterheads, Manage Public Templates | Allows users to edit various components used by Force Platform components, such as messages sent from workflow and approval processes. | |
| Reports | Manage Custom Report Types, Manage Dashboards, Manage Public Reports, Schedule Dashboards | Allows users to modify various components used in Force Platform reporting. A user with the Manage Custom Reports privilege can also create new folders for reports. |
| Create and Customize Reports | Gives users the ability to create new reports or modify existing reports. | |
| Export Reports | Allows exporting of data from a report to Excel spreadsheets. | |
| Run Reports | Without this permission, the Reports tab is not available to the user. | |
| Apex | Author Apex | Allows users to create Apex triggers and classes. Only available in editions that allow access to Apex code, and requires that the user also have the Modify All Data permission. |
| Data | Disable Outbound Messages | Prevents the use of outbound messages as a workflow activity. |
| Edit Read-Only Fields | Overrides read-only limitations set in page layouts. | |
| Weekly Data Export | Allows users to run a weekly data export. | |
| View Encrypted Data | Allows users to see data in encrypted fields as plain text data. This feature is not turned on, by default—you can request the feature through salesforce.com. |
Four permissions are extremely powerful, and deserve special discussion. The most powerful permission is Manage Users. When a user has this permission, they can grant any other permission to themselves and other users. This permission makes a user into a super administrator who can grant any other permission.
The Customize Application permission grants a broad range of permissions that allow a user to control all aspects of an application from creating, editing, and deleting custom fields, to implementing workflow rules. Application developers need this permission, but you should be aware of the range of operations this permission grants. For a full description of these permissions, please refer to the online help.
The View All Data and Modify All Data permissions override any restrictions on data in any Force Platform objects. These privileges also circumvent the entire system of record-based sharing described later in this chapter. These permissions are granted to the System Administrator profile and can be granted to any custom profile.
Caution
| Modify All Data grants full object-level privileges (create, read, update and delete) to a user who possesses this permission. A user with this permission also ignores sharing rules for data access. If the permission is revoked, the user will still have the full object-level privileges, but sharing rules will now be in effect. Modify All Data is an extremely powerful permission. A user with this permission can not only edit all data, but also delete all data, and then empty the recycle bin to eliminate all traces of the data—certainly not something you would grant lightly. Any developer creating Apex code needs to have this permission. |