Component-based Security
,User-based permissions, granted to profiles, cut across the entire Force Platform environment. Profiles are also used to grant different levels of access to individual Force Platform components.
Once again, you have already seen that profiles can be used to define permissions when you create your application and custom objects. The following sections describe the different types of permissions granted to profiles for different types of components.
Application Permissions
You can grant access to an application by making the application visible, as shown in the drop-down list from the upper right corner of a Force Platform application, as shown below.
Figure 119. Application selection
If a user does not have access to an application, the name of the application does not appear in the picklist in the top right corner of the page. You can specify one application as the default application for a profile, causing the user to go to that application immediately after initially logging into the Force Platform. After the initial login, the default application becomes less important since the user’s last application is retained the next time the user logs in.
Tab Permissions
Tab permissions allow you to show a tab by default with the setting of Default On. This setting also adds the object associated with the tab to the Create New picklist in the sidebar.
The Default Off setting suppresses the display of the tab in the tab set at the top of the page, but allows users to get to the tab with the right arrow at the right of the tab set, or to add the tab to their default display with the same My Personal Information
Change My Display
Customize My Tabs option.
If a tab is marked as Tab Hidden for a profile, users with that profile cannot access the tab. Preventing access to a tab eliminates access through the Force Platform tab set, but you must use object permissions, described later in this section, to circumscribe access to an object. Access can also be granted to a tab through the use of lookup fields and related lists that act as links to a record and its tab.
Voice of the Developer
| Custom tabs are associated with an application, but restricting access to an application does not automatically restrict access to the tabs. If a user still has permission to access a tab, they can reach it through the additional tabs interface, even if the application which normally contains the tab is not available to them. This security implication flows directly from the fact that tabs are separate entities from applications. A user can add any tab they can access to any application which they can access—so security settings are likewise separate. |