Please enable JavaScript.
Coggle requires JavaScript to display documents.
Salesforce Security - Coggle Diagram
Salesforce Security
Basic Org Security Settings:
Core settings in Salesforce
These do not affect Users/Record specific security
Health Check. SF will check against the default baseline and determine any security risks. You can set your own baseline.
Password policies:
- Password expiry
- Password History
- Minimum Password length
- Password Complexity
- Max Invalid login attempts
- Lockout effective period
Session Settings:
This pertains to where a session has initiated from and how long or idle they have been in the session. Things included:
- Session Timeout
- IP Settings
- Clickjack Protection
- ID Verification
Network Access:
Allows you the "white list" certain IP ranges. Any IP's within these ranges will not need to give any 2FA access. Does not stop access, just eliminates the need for Users to provide a second step to the login.
-
Session management will provide you a list of all Users that are currently logged in to the Org. You can force log out Users and they will need to log in again.
Login Access Policies:
This is where you can enable the setting "Administrators Can Log in as Any User", very important!
Also, Audit Trail does not show that an Admin is logged as that User. Any changes the Admin made will still show as that User they are logged in as.
-
-
-
Org Wide Defaults
Sharing Settings
- This will show you the current security defaults for each Object in your org
Record Ownership
You can either change ownership of a Record to another User or to a Queue.
Queues are only available on:
- Cases, Contact Requests, Leads, Orders, Custom Objects, Service Contracts, and Knowledge Article Versions.
When an Object is set to private, any Record created with in there will only be visible to the User that created it.
This is assuming there are no Role Hierarchies or Sharing Rules (the org wide default!)
-
Sharing Rules
-
-
-
Any Sharing Rule you set up, you can set the Permissions on: Private, Read Only, Read/Write.
Criteria Based Sharing
Based on the specific data within the Record.
You will set a Criteria, like Opp > Won Equals True, then select who you want to share that with.
Manual Sharing
If configured, a sharing button will appear on the Record.
You need to check the Org default for the Object, as well as making sure the Share button is on the Page Layout.
If an Object is set to Read/Write a share button will not be available in the Page Layout, since everything is public to everyone.
If it is set to Private or Public Read Only, the button should appear
On Manual Share, you may see Users have access to Objects that are Private. There is a Why? button next to each entity that has access. It may be that their Profile offers them Full Access on the Object.
A Users Profile or Permission Set will dictate how they see Private Objects. These are considered Object based permissions
-