Salesforce Developer Data Security Object Access Profiles

salesforce-developer-data-security

TODO: Put each specific instruction into a separate page and link to it.

// Salesforce - Developer - Data Security - Object Access - Profiles:

A profile is a collection of settings and permissions (and therefore objects) 
that determine which data (objects) and features in the platform users have 
access to. 

Settings determine what users can see, for example, apps, tabs, fields, and 
record types. 

Permissions determine what users can do, for example, create or edit records of 
a certain type, run reports, and customize the app.

Profiles control:

1. The standard and custom objects the user can view, create, edit, and delete

2. The object fields the user can view and edit

3. The specific functions that users can perform, like viewing the Setup menu 
   and customizing applications

4. The tabs the user can view in the app

5. The standard and custom apps the user can access

6. The Apex classes a user can execute

7. The Visualforce pages a user can execute

8. The page layouts a user sees

9. The record types available to the user

10. The hours during which the user can log in to the app

11. The IP addresses from which the user can log in to the app

12. The password policies, such as password length, complexity, and expiration 
    time

Profiles are typically defined by a user's job function (for example, system 
administrator, recruiter, or hiring manager), but you can have profiles for 
anything that makes sense for your Salesforce org. A profile can be assigned to 
many users, but a user can be assigned to only one profile at a time.

The platform includes a set of standard profiles. Some examples are:

1. Read Only: Read Only user can view records, but not create or edit them.

2. Standard User: Standard User can create and edit records

3. Marketing User

4. Contract Manager

5. System Administrator: System Administrator profile has the widest access to 
   data and the greatest ability to configure and customize Salesforce. The 
   System Administrator profile also includes two special permissions:

   1. View All Data
   2. Modify All Data

Each standard profile includes a default set of permissions for all standard 
objects available on the platform.

These permissions override all other sharing settings, so use caution when 
assigning them to any profile other than System Administrator. You can view a 
list of all standard and custom profiles in the Administration Setup area, under 
Manage Users.

You can never edit the object permissions on a standard profile. However, you 
can clone any existing profile, and use that as the basis for a new profile, 
adjusting the apps and system settings as needed.  Each profile can then be 
configured to provide the specific type of data access required for a particular 
role. You can then use permission sets to grant additional permissions, as 
required.

The profiles functionality in an org depends on the user license type.

Salesforce has two profile interfaces: original and enhanced. The enhanced 
profile user interface provides a streamlined experience, making it easy to 
navigate, search, and modify settings for a profile. Permissions and settings 
are organized into pages under app and system categories, which reflect the 
rights users need to administer and use app and system resources.

To enable the enhanced profile user interface:

1. From Setup, enter User Interface in the Quick Find box, then select 
   User Interface

2. Select "Enable Enhanced Profile User Interface" 

3. Click Save. 

The above step switch the entire org to use the enhanced user interface.  There 
does not seem to be a way to enable the enhonace interface just for our own 
account without enforcing it for other users within our org.  Perhaps, we can 
confirm this with Salesforce.

The profile overview page provides an entry point for all of the settings and 
permissions for a single profile. 

To open the profile overview page:

1. From Setup, enter Profiles in the Quick Find box

2. Select Profiles

3. Click the profile you want to view.

From the profile overview page, you can:

1. Search for an object, permission, or setting.

2. Click an item in the list to go to its settings page.

3. Clone the profile by clicking Clone.

4. Delete the profile (if it’s a custom profile that isn’t assigned to any 
   user) by clicking Delete.

5. Change the profile name or description

6. View a list of users who are assigned to the profile.

7. Under Apps and System, click any of the links to view or edit permissions 
   and settings.

The easiest way to create a profile is to clone an existing profile that’s 
similar to the one you want to create, and then modify it.

For custom profiles, you can edit andy of the attributes.  For standard 
profiles, you have to accept the permissions settings as they are.

To clone a profile:

1. From Setup, enter Profiles in the Quick Find box, then select Profiles.

2. In the Profiles list page, click Clone next to a profile similar to the 
   one you want to create. You can also click the name of the existing profile 
   and then in the profile page, click Clone

3. Enter a profile name.

4. Click Save.

To edit a profile:

1. From Setup, enter Profiles in the Quick Find box, then select Profiles.

2. Click the name of the profile you want to edit.

3. Click Edit to view the settings for the new profile.

4. Modify the settings or permissions based on your requirements.

5. Click Save.

To assign a profile to a user:

1. From Setup, enter Users in the Quick Find box, then select Users.

2. Click Edit next to a user.

3. From the Profile drop-down, select the profile you would like to assign.

4. Click Save.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License