For example, you can allow all employees to view Positions, but use sharing rules to grant full editing access to employees in a role or group called Hiring Managers. Sharing rules, like role hierarchies, are only used to give more users access to records-they can't be stricter than your organization–wide default settings. Sharing rules enable you to make automatic exceptions to organization–wide defaults for particular groups of users, to give them access to records they don't own or can't normally see.However, hiring managers can be given read/write access to all candidate records because they are at a higher level in the role hierarchy than recruiters. Recruiters can't see candidate records they don't own because recruiters are all at the same level in the role hierarchy. For example, you can restrict access to Candidates by setting the organization–wide default to Private, but allow recruiters to view and edit the candidate records that they own. Instead, each role in the hierarchy represents a level of data access that a user or group of users needs. Role hierarchies don't have to match your organization chart exactly. Role hierarchies open up access to those higher in the hierarchy so they inherit access to all records owned by users below them in the hierarchy.But you can restrict access to Positions so that anyone can see the jobs available but only the employees with the proper permissions can edit them. For example, you can give all employees access to an object called Candidate to allow anyone to add a candidate to the database. You use organization–wide sharing settings to lock down your data to the most restrictive level, and then use the other sharing tools to selectively give access to other users. Organization–wide defaults specify the default level of access that users have to each others' records.You can manage record–level access in the following ways. For example, record–level access allows interviewers to see and edit their own reviews, without exposing the reviews of other interviewers. To control data with greater precision, you can allow particular users to view an object, but then restrict the individual object records they're allowed to see. For example, you can make the salary field in a position object invisible to interviewers but visible to hiring managers and recruiters. You can use field–level security to restrict access to certain fields, even for objects a user has access to. For example, you can use object permissions to ensure that interviewers can view positions and job applications but not edit or delete them. By setting permissions on a particular type of object, you can prevent a group of users from creating, viewing, editing, or deleting any records of that object. Object–level security provides the simplest way to control which users have access to which data. You can configure access to data in Salesforce at four main levels.Īt the highest level, you can secure access to your organization by maintaining a list of authorized users, setting password policies, and limiting login access to certain hours and certain locations. By combining security controls at different levels, you can provide just the right level of data access to thousands of users without having to specify permissions for each user individually. You can configure access at the level of the organization, objects, fields, or individual records. Salesforce includes simple–to–configure security controls that make it easy to specify which users can view, create, edit, or delete any record or field in the app. This ensures you can balance security and convenience, minimizing the risk of stolen or misused data while making sure that all users can easily access the data they need. Salesforce provides a flexible, layered sharing model that makes it easy to assign different data sets to different sets of users. For such an app, it's important to secure the sensitive data without making it harder for recruiters, hiring managers, and interviewers to do their jobs. The app will store confidential data, such as social security numbers, salary amounts, and applicant reviews that should only be exposed to specific types of users. In this unit, we show you how to configure your users' access to your Salesforce records so they can access only the information they need.įor example, suppose you're building a Recruiting app that contains information about open positions, candidates, and job applications. Now that you know how to add users, you probably want to know how to make sure they can see what they need to see and only what they need to see.
0 Comments
Leave a Reply. |