Profile management
The first question that we must answer and be clear about is "What are profiles in Salesforce?". In the User Management section, we explored how to create users in Salesforce. Now, this section will deal with how we profile these users. So, a set of users who will need the same type of object access, tabs, applications, permissions, and user interfaces are categorized into a common profile. This is described in the following screenshot:
The profiles can be viewed and created by navigating to Setup | Manage Users | Profiles.
When a new profile is created, it has to be cloned from the existing profiles. When your organization (org) is purchased from Salesforce, it will already come with some profiles known as standard profiles. One can use these profiles but they are pretty much fixed, and hence we clone them if we need to customize profiles as per our need.
Before I move on, we need to understand applications, objects, fields, tabs, page layouts, and field-level security.
Objects and fields
Just like any other database, Salesforce has its integrated database that comes with the organization once you purchase it. You have the ability to create objects and form fields related to an object through point and click, and hence this eliminates the need for separate database administrators such as PL/SQL.
The creation of these objects and fields can be done via simple clicks and not through any code, and this makes life simpler.
To create objects, you will need to click on your name and navigate to Setup | Create | Objects. The sample form to create objects is shown in the following screenshot:
Once you create objects, you can associate fields to them again through point and click. You can assign data types to fields by selecting an option through the radio buttons.
Fields have field-level security that decides whether a profile has API access to a field or not. We will explore this more in the Configuring a profile section when we dive deeper.
On the same screen, you will see the Edit Record Name Label and Format section. This defines how you want to address your data for an object. For example, if you create an account, it will definitely be addressed by a name, but if you create a transaction receipt, it should be an autogenerated number.
The optional features available on this screen are as follows:
- Allow Reports: If you wish to create reports on an object's data, check this flag
- Allow Activities: If you wish to create tasks and events related to an object's records, tick this checkbox
- Track Field History: If you want to track the changes of any field for an object, turn this flag on
Tabs
Tabs provide a UI to access objects and fill data or records into objects. Objects are like tables in conventional databases and filling data (a layman's language term) is equivalent to inserting rows or records into the objects in Salesforce. For a standard object, we will have default tabs, while for custom objects, tabs have to be created by navigating to Setup | Create | Tabs. Again, when we explore more about profiles, we will see how we can hide a tab, keep the default on, or keep the default off for various profiles.
Flexi tabs can be used in Salesforce 1. For more information, refer to https://help.salesforce.com/HTViewHelpDoc?id=creating_flexipage_tabs.htm&language=en_US.
Applications
An application will involve a collection of tabs that can be controlled for each profile. Profiles can be configured to give access to only the selected application. You can create apps by navigating to Setup | Create | Apps.
Page layouts
The fields that we created for objects are organized to be viewed for various profiles with the help of page layouts. For each profile, we have the option to configure page layouts for that profile.
A page layout is edited with the help of the edit layout link on the page block, which helps us to organize fields and sections. This is shown in the following screenshot:
Configuring a profile
Let's navigate to one of the profiles in order to explore the settings that are provided by the profiles, which govern the application.
Click on your name and navigate to Setup | Manage Users | Profile. So, let's scan from the top page of the profile to the bottom and understand the importance of each of the sections.
The Profile Detail, Console Settings, and Page Layouts sections
The Profile Detail section consists of the User license that a profile holds. Any user assigned to this profile will inherit the license specified in the profile.
The Page Layouts section helps in the page layout assignment. Each profile needs a page layout assignment, and this section helps in assigning the page layout.
The Console Settings section is for the console assignment of profiles.
Salesforce console definition and its need
A Salesforce console is designed to boost productivity for users in a fast-paced environment. The console's dashboard-like interface improves the Agent console by eliminating time-consuming clicking and scrolling, so you can quickly find, update, and create records.
The Salesforce console streamlines access to the data and features you need the most. For example, service agents can use multiple applications at once and preserve the context of cases as priorities change. Using the sales console, sales reps can easily contact leads, assess companies, identify key contacts, and access sales intelligence.
- 1: Select an object to view in the Salesforce console navigation list. For example, select Leads to view leads. The administrator can choose which objects are available.
- 2: Records are displayed in a list, which you can pin on the left or the top of the screen. Select one or more records to be displayed in the primary tabs.
- 3: Selected records appear in primary tabs. You can work with multiple tabs simultaneously.
- 4: The highlight panel can be configured separately for each object to show the key information related to the record in the primary tab.
- 5: Open more than one subtab to quickly switch between multiple related records.
- 6: View and interact with the subtab content in the detail area.
Field-level security
For each object, standard or custom, the page will consist of various fields. This section will help us configure which fields are visible and which fields are read only at the profile level. Please note that if a field is not visible, it implies that it can't be read only as well. Read only implies that the field cannot be edited even through an API. If the Enhanced Profile User interface is enabled, it will be displayed in Objects Links under Apps, and then we can select the individual object from there.
Custom app settings and connected app settings
For each profile's details page, you will see the custom app and connected app settings option, and it makes sense not to expose each application to all the profiles. So, this option allows the admin to select the application that should be visible to a profile, and one application can be made default for the profile. The applications that are not checked imply that the users belonging to those profiles won't have access to the unchecked applications at all.
Connected apps provide access to the Salesforce data for external systems (generally for OAUTH 2.0 for mobile apps or external third-party apps). These can also be configured at the profile level similar to the custom app settings:
Tab settings
Tab settings for a profile allow us to control whether the profile has access to the tab or not. There are three selectors: Default On, Default Off, and Tab Hidden.
If the Enhanced Profile User interface is enabled, it will be displayed in Objects Links under Apps, and then we can select the individual object from there.
Record type settings
Record types allow you to offer different business processes, pick-list values, and page layouts to different users. Record types can be used in various ways. They are as follows:
- You can create record types for opportunities to differentiate your regular sales deals from your professional services engagements and offer different pick-list values for each
- You can create record types for different cases to display different page layouts based on if they are customer support cases or billing cases
The settings at the profile level decide which record types among the available record types should be allocated to the profile. If the Enhanced Profile User interface is enabled, it will be displayed in the Apps section.
Administrative permissions and general user permissions
The administrative and general user permissions of profiles provide the capability and access rights for some significant functionalities of the platform. For example, the View Setup and Configuration setting will allow users of profiles to view the Setup menu. Similarly, View Encrypted Data will allow a profile user to view the encrypted fields. The settings are shown in the following screenshot:
Since the aim of this book is to just explain the concepts, I recommend users to further explore the topic with the help of the Help & Training documentation of Salesforce.
Object permissions
For the time being, as we have not discussed the security of the platform, we will not worry much about the View All or Modify All option. For the objects that we build in Salesforce, we can set whether the profile users can edit the record (Edit), have only read access to a record (Read), create a record (Create), or delete a record from the database (Delete). In short, we call it CRUD access.
Apex and Visualforce access
Apex and Visualforce are used to customize the business process with code. As an admin, you don't have to go deep into this if you are new to the platform. At the profile level, we can allow these classes and pages if they are needed for a profile.
Note that the login IP restriction and login hours options we discussed are profile-specific. The options for Apex and Visualforce are shown in the following screenshot: