User permissions and access settings specify what users can do within an organization:
- Permissions determine a user's ability to edit an object record, view the Setup menu, permanently delete records in the Recycle Bin, or reset a user's password.
- Access settings determine other functions, such as access to Apex classes, app visibility, and the hours when users can log in.
Every user is assigned only one profile, but can also have multiple permission sets. When determining access for your users, useprofiles to assign the minimum permissions and access settingsfor specific groups of users. Then usepermission sets to grant more permissionsas needed.
This table shows the types of permissions and access settings that are specified in profiles and permission sets.
| PERMISSION OR SETTING TYPE | IN PROFILES? | IN PERMISSION SETS? |
|---|---|---|
| Assigned apps |  |
|
| Tab settings | |
|
| Record type assignments | |
|
| Page layout assignments | |
|
| Object permissions | |
|
| Field permissions | |
|
| User permissions (app and system) | |
|
| Apex class access | |
|
| Visualforce page access | |
|
| External data source access | |
|
| Service provider access (if Salesforce is enabled as an identity provider) | |
|
| Custom permissions | |
|
| Login hours | |
|
| Login IP ranges | |
- Revoke Permissions and Access
Use profiles and permission sets to grant access but not to deny access. Permission granted from either a profile or permission set is honored. For example, if Transfer Record isn't enabled in a profile but is enabled in a permission set, she can transfer records regardless of whether she owns them. To revoke a permission, must remove all instances of the permission from the user.
Comments
0 comments
Please sign in to leave a comment.