Your SlideShare is downloading. ×
0
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Keeping it Simple with Permission Sets

2,012

Published on

Check out Managing Director at Configero Jody Hamlett's presentation from the Dreamforce 2012 session "Keeping it Simple with Permission Sets." …

Check out Managing Director at Configero Jody Hamlett's presentation from the Dreamforce 2012 session "Keeping it Simple with Permission Sets."

Session Description:

Do you deal with the headaches of managing many users and one-off profiles? Join us to learn how Permission Sets will help you manage users' access rights with more control and freedom than with Profiles alone. You'll also get first hand feedback from customers who have been administering Permission Sets, and you'll leave knowing how Permission Sets can help you better manage users, with more control and less overhead.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,012
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
111
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. Keeping it Simple with Permission SetsAdministrator TrackAdam Torman, Senior Product Manager, Salesforce.com, @atormanDoug Bitting, Principal Member Technical Staff, Salesforce.com, @sfdcdougKenton Reed, Administrator, USAAJody Hamlett, Managing Director, Configero, @configero
  2. Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other litigation, risks associated with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2012. This documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward- looking statements.
  3. Adam TormanSenior Product Manager@atorman
  4. Agenda Why Permission Sets What Are Permission Sets USAA Implementation Best Practices Implementation Tips and Tricks from Configero Roadmap Q&A
  5. Doug BittingPrincipal Member Technical Staff@sfdcdoug
  6. Permissions and Access Settings Read, create, edit and delete objects, like Accounts and Cases Read and edit fields (field-level security) User Permissions, like “View All Data” Access Apex Classes and VisualForce pagesHistorically, permissions andsettings have been controlled inprofiles.
  7. Creating the perfect set of permissionsShoot for the ideal, settle for reality…
  8. Result of the perfect set of permissions We can do better! Where’s Doug? 40 Feet TheLandmark @ One Standard Market User Profile
  9. What is a Permission Set? Like profiles, a permission set is a collection of permissions and settings that allow users to do things in Salesforce. What a user can do is now determined by their profile plus any assigned permission sets.
  10. What Access Settings Make Up a Permission Set?
  11. Demo: Creating and Assigning a Permission Set Users still have a profile… … But theynow can have permission sets as well
  12. Kenton ReedSenior Salesforce SoftwareDeveloper & Integrator
  13. A Little About USAA…We are a financial services company based in San Antonio, Texas that provides a full range of highly competitive financial products and services to the military and their families.  Insurance  Banking  Investments  Retirement  Advice USAA Confidential
  14. Our Business Problem…• Two Force.com application sets built in our cloud:  Applications for very specific user groups.  Applications used across the entire enterprise.• As our Force.com footprint increased, the growing numbers of Profiles were getting difficult to manage.• We were facing a Profile management nightmare with our projected Force.com application growth. Profile A.1 Profile A.2 Profile A.3 Profile A.??? USAA Confidential
  15. Our Business Problem cont…Primary drivers for Profile growth:  Multiple lines of business building applications in one Salesforce organization.  Enterprise and non-enterprise applications in the same cloud.  Very large user base. (24,000+)  Unique security requirements for each application. USAA Confidential
  16. Our Business Solution…Permission SetsPermission Sets allowed us to bring order to the Profile management chaos we were about to face. Benefits of Permission Sets: 1. Allowed us to a move to a more generic line of business Profile structure where possible. 2. Allowed for access to be granted on the application level. 3. Allowed for a 50% reduction in our planned Profiles. 4. Allowed us to easily extend with the API to automate the delegation of mass Permission Set assignment. USAA Confidential
  17. After Permission Sets…• Permission Set proliferation much smaller than expected.  Most applications have very similar access requirements.• Ability to retire many existing Profiles.• Considerable reduction in complexity of application permission assignment. USAA Confidential
  18. Doug BittingBest Practices
  19. A New Way Of Thinking ● Think about security in manageable chunks ● No longer need to think about everything ● Consider only whats relevant to the permission set ● Aggregate access rights via assignment
  20. Same Job, More Responsibility One-off profiles requests  With profiles – Modify existing profile – Create a one-off profile – Assign an admin profile  With permission sets – Create a reusable permission set – Assign the permission set for any users
  21. Manage Functional Roles More Easily Functional Role represents significant chunks of responsibilities Access by matrix  Example: 4 teams by 4 teams or processes  16 profiles or  8 permission sets
  22. Manage Tasks More Easily Tasks represent discrete sets of responsibilities Access by tasks  Example: 10 tasks like approving a time off request or merging two leads  1023 profiles or  10 permission sets
  23. Manage Apps More Easily Assign force.com apps to users regardless of their profile  Time Off Manager to all users in North America across all departments Most permissions and settings supported Works when using simple page layouts and record types that can still be managed by a profile
  24. Recertify Rights Verify the permissions a user needs by taking risky permissions away from all users in the organization and then granting them back on an individual basis through a permission set instead of the users profile. View All Data, Modify All Data, Manage Users, Customize Application are all great candidates
  25. You should try this out at home!Permission Set Why it worksView All Data Recertify who can view all data in an org to manage the running user of dashboards rather than giving it out to all users in a profileManage Users Reduce the number of users who can: Create/Modify Profiles and Permission Sets Create/Modify Sharing RulesPrice Book Consolidate who in Sales Ops can manage products and price booksAdministratorAPI Only User Manage Integrations more easily by migrating this permission from all profiles to a single permission setApprover Use field level security to determine who can approve a record in an approval processTime Off Manager Except for Layouts and Record Types, it’s possible to control most app permissionsEnd-User and settings using a permission setConnected App User Using Connected Apps (Pilot), you can choose which users can use OAuth to log into other apps on other platforms
  26. Roll out IT projects in phasesPhase in a new feature without first: Getting approval to add it to everyone Developing documentation Developing trainingHow Create and assign a permission set Collect data from the pilot Develop documentation and training based on user feedback
  27. Excel Form - Sample  Use tools like Excel to view the desired state of your permissions  Think about functions and tasks
  28. GotchasMass assignment tools  sObject API support can help  Workaround: Use the APIAnalytical tools  Who has what permission and why  Workaround: Use the APIAdditional access settings  Record types, page layouts, etc.  Workaround: Use Profiles
  29. A new way of thinking Think about security the way your organization thinks about security Identify job functions, tasks, and processes Determine the set of access rights necessary for each Aggregate access rights via assignment
  30. Jody HamlettManaging Director@configero
  31. Business challenge Complex Microsoft conversion  Over 1 million records to be converted from multiple data sources  6000 Users – across Sales, Marketing, Client Relations, Customers, Finance,  Accounting, Contracts, Project Teams, and Affiliates (partners)  Complex security model – large super user team, many role-based profiles, and multiple portal user profiles  200+ separate security profiles required  More than 20 profiles with 1-3 users assigned Sales Marketing Large publicly-traded healthcare company that provides Client Customers Relations financial improvement to health care providers for bothSolomon revenue cycle and supply chain management.
  32. Solution  Simplify a complex security model  Enabled us to deploy power of managing system to Super Users  Enabled faster transition to MDAS (admin) community  Enabled on-going scalability easier (6k users to 9k)  More rapid implementation due to less configuration  Build base profile and custom permission sets for cross functional users Potential Profiles Permission Sets Active Profiles: 62 Active Permission Sets: 55 Common Themes 1. Modify all account teams 2. Manage Public List Views / Reports 3. Manage Demo Requests 4. Visibility to Access Financial information 5. Edit restricted account information 6. Survey administration 7. Super User (all permission sets) Active Users: 9,057
  33. Best Practices  BUILD A TEAM – Get the business INVOLVED!  DEPLOYMENT/COMMUNICATION – Know what you are doing before you do it  SANDBOX – use login-as feature and make business test Enterprise Project Team Collaboration Deployment Plan Project Managers CIO Data System Analysts Admins SFDC Xpert Services SVP Business Focus is Lead Developers Important!
  34. Implementation Tips and Tricks Getting Started…Think of permission sets as an “À la carte” approach Getting Started…When building permission sets, consider starting with reviewing all ADMIN privileges to determine the permission set needs (Delete or Transfer) Ensure you have a Naming Convention is key. Note: Today, there is not an easy way to display all Permissions included in one Permission Set “at a glance” Permission Sets are License-driven: customer portal, platform, chatter, etc.? Before go-live: make sure review each Permission Set’s “Assigned Users”
  35. Adam TormanRoadmap
  36. Organization Wide Permission SetsEliminate Permission Set Proliferation Create the same way AFTER: Multiple as permission sets a normal Assigning permission set with are replaced permission sets that just one have permissions not allowed by the user’s license results in an error Pick any License is left permission or empty setting that is allowed on any license Permission set with more permissions than allowed by this BEFORE: you had user to create one permission set per license type
  37. Support More Access ControlsIterate, Iterate, Iterate
  38. More API SupportEnable Developers to create killer tools Building Administrative Tools with Permission Set API 10:30 a.m. - 11:30 a.m. Moscone West 2020
  39. More Metadata API and Change Set SupportMigrate permissions separately from metadata Full support for custom and standard permissions in MdAPI New top level component: Permission Sets
  40. Kenton Reed Jody Hamlett Adam Torman Doug BittingSenior Salesforce Software Managing Director Senior Product Manager PMTS Developer & Integrator @configero @atorman @sfdcdoug

×