getting started with salesforce security
TRANSCRIPT
Getting Started with Security
Alex Sutherland Salesforce MVP | Philly Dev & Partner UG Leader Technical Architect at CRM Science @apexsutherland
Maria Belli Salesforce MVP | CT Developer Group Leader Salesforce Technical Lead at CASE Partners @JustAGirlyGeek
Safe HarborSafe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Overview
Organization Access IP Ranges, Login Hours
Object Access Profiles
Organization-Wide Defaults
Record Access Role Hierarchy
Field Access Field Level Security
Sharing Rules
Organization access
By default, your active users can log in to your org from any location at any hour
For increased security you can setup: • IP Ranges (Company Level)
Users logging in outside the range are sent an activation code to the email address on their user record Setup > Security Controls > Network Access
• IP Ranges (Profile Level) Users outside this range are denied access Setup > Manage Users > Profiles > Select Profile > Login IP Ranges
• Login Hours Specify hours users can log into your org Setup > Manage Users > Profiles > Select Profile > Login Hours
• Freeze User Accounts Setup > Manage Users > User | Select user > Click Freeze
Object access
Profiles • Determine the objects users can access and
permissions users have on an object record • Set whether fields are visible, required,
editable, or read only • Controls Tab visibility • Controls App availability • Controls Object Permissions
(Create, Read, Edit, Delete) • Setup > Manage Users > Profile
Standard Profiles vs Custom Profiles • Standard profiles cannot be edited
but can be cloned • Group, Contact Manager, and Professional
Editions do not support Custom Profiles
Standard User
Create, Read, Edit, Delete on records they can access
Read Only
Only view records theycan access
System Administrator
View all data Modify all data
Solution Manager
Standard User + manage published solutions
Marketing User
Standard User + import leads
Contract Manager
Standard User +manage contracts
Field access
Page Layouts • Set whether fields are visible, required, editable, or read only
Field-Level Security • Further restrict users' access to fields by setting whether those
fields are visible, editable, or read only Permissions
• Some user permissions override both page layouts and field-level security settings. (For example, users with the “Edit Read Only Fields” permission can always edit read-only fields regardless of any other settings)
Universally required fields • A custom field can be made universally required, which overrides
any less-restrictive settings on page layouts or field-level security
Organization-wide defaults
Determine what access and permissions users have to records they don’t own
Cannot grant more access to users than they have through their object permissions
For most objects, organization-wide sharing settings can be set to Public Read/Write/Transfer, Public Read/Write, Public Read Only, or Private
Setup > Security Controls > Sharing Settings
Record access
Role Hierarchy
• Extends access to records when sharing settings are set to anything more restrictive than Public Read/Write
• Cannot restrict record access to less than what is granted through the org-wide defaults
• It is not necessary to create individual roles for each title at your company, rather you want to define a hierarchy of roles to control access of information entered by users in lower level roles
• Setup > Manage Users > Roles
Sharing rules
Allows users to see/edit data they don’t own in an otherwise private setup
• For example, use sharing rules to extend sharing access to users in roles, public groups, or territories
Owner or Criteria Based Sharing
Can never be stricter than your organization-wide default settings
The conversation never ends!
Join the Conversation!
Over 1,000,000 members strong!
Engage directly with Salesforce experts!
Hear from our MVP’s, other customers and Salesforce resources!
Access resources, webinars, people, all designed to help you achieve success!
Join our Success Collaboration Groups on success.salesforce.com