Getting Started with Security

Alex Sutherland Salesforce MVP | Philly Dev & Partner UG Leader Technical Architect at CRM Science @apexsutherland

Maria Belli Salesforce MVP | CT Developer Group Leader Salesforce Technical Lead at CASE Partners @JustAGirlyGeek

Safe HarborSafe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.

Overview

Organization Access IP Ranges, Login Hours

Object Access Profiles

Organization-Wide Defaults

Record Access Role Hierarchy

Field Access Field Level Security

Sharing Rules

Organization access

By default, your active users can log in to your org from any location at any hour

For increased security you can setup: • IP Ranges (Company Level)

Users logging in outside the range are sent an activation code to the email address on their user record Setup > Security Controls > Network Access

• IP Ranges (Profile Level) Users outside this range are denied access Setup > Manage Users > Profiles > Select Profile > Login IP Ranges

• Login Hours Specify hours users can log into your org Setup > Manage Users > Profiles > Select Profile > Login Hours

• Freeze User Accounts Setup > Manage Users > User | Select user > Click Freeze

Object access

Profiles • Determine the objects users can access and

permissions users have on an object record • Set whether fields are visible, required,

editable, or read only • Controls Tab visibility • Controls App availability • Controls Object Permissions

(Create, Read, Edit, Delete) • Setup > Manage Users > Profile

Standard Profiles vs Custom Profiles • Standard profiles cannot be edited

but can be cloned • Group, Contact Manager, and Professional

Editions do not support Custom Profiles

Standard User

Create, Read, Edit, Delete on records they can access

Read Only

Only view records theycan access

System Administrator

View all data Modify all data

Solution Manager

Standard User + manage published solutions

Marketing User

Standard User + import leads

Contract Manager

Standard User +manage contracts

Field access

Page Layouts • Set whether fields are visible, required, editable, or read only

Field-Level Security • Further restrict users' access to fields by setting whether those

fields are visible, editable, or read only Permissions

• Some user permissions override both page layouts and field-level security settings. (For example, users with the “Edit Read Only Fields” permission can always edit read-only fields regardless of any other settings)

Universally required fields • A custom field can be made universally required, which overrides

any less-restrictive settings on page layouts or field-level security

Organization-wide defaults

Determine what access and permissions users have to records they don’t own

Cannot grant more access to users than they have through their object permissions

For most objects, organization-wide sharing settings can be set to Public Read/Write/Transfer, Public Read/Write, Public Read Only, or Private

Setup > Security Controls > Sharing Settings

Record access

Role Hierarchy

• Extends access to records when sharing settings are set to anything more restrictive than Public Read/Write

• Cannot restrict record access to less than what is granted through the org-wide defaults

• It is not necessary to create individual roles for each title at your company, rather you want to define a hierarchy of roles to control access of information entered by users in lower level roles

• Setup > Manage Users > Roles

Sharing rules

Allows users to see/edit data they don’t own in an otherwise private setup

• For example, use sharing rules to extend sharing access to users in roles, public groups, or territories

Owner or Criteria Based Sharing

Can never be stricter than your organization-wide default settings

The conversation never ends!

Join the Conversation!

Over 1,000,000 members strong!

Engage directly with Salesforce experts!

Hear from our MVP’s, other customers and Salesforce resources!

Access resources, webinars, people, all designed to help you achieve success!

Join our Success Collaboration Groups on success.salesforce.com