Belinda Wong Director, Product Management

belinda.wong@salesforce.com @BelindaWong

Troubleshoot User Access Problems the Salesforce Way Salesforce on Salesforce

Jordan Mangini System Specialist

jmangini@salesforce.com @JordanMangini

Forward-Looking Statements

 Statement under the Private Securities Litigation Reform Act of 1995:

 This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.

 The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.

 Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.

Agenda

  Best Practices   Statistics   Problem Solving Funnel   Demo   Permissions Roadmap

   

Standard Profiles Custom Profiles + Permission Sets Multiple Organizations

Best Practices for Using Profiles & Permission Sets  Security Progression with Complexity

Increasing # of Users, Processes & Objects

 Profiles •  Limit One per User

•  Baseline authorization

•  Page Layout and other user interface defaults

 Permission Sets •  Built for layering

•  Perfect for role or task-based authorizations

Best Practices for Using Profiles & Permission Sets  Division of Labor between Profiles & Permission Sets

 7  1,000  20,000

Scale Scope Volume

User Access Cases per Week (on average)

Employees Salesforce Organizations

Statistics on Salesforce’s Internal Orgs  

Monitr   Tool to gather statistics and monitor key “uber” permission

User Access Problem Resolution Funnel  

Missing:• Data• Fields• Bu1onReasons:• Newrole• Newfeature

Problem Definitions

Identify Elements

Check Access

Isolate & Iterate Resolution

• PageLayout

• Object(CRUD)• FieldLevelSecurity

• ApexClass&VisualforceSecurity

• SharingRules• App&SystemPermissions

• User&ProfileComparisons • PermissionSet • LoginAsUser

&Verify

• PublicGroups

Troubleshoot Scenario

 Who – Robbie Renewals

 What – He can’t see the “Get Help” action for his opportunities

 Why – The “Get Help” Sales team feature is being extended to Renewals team

 

 Access issues after a Business Requirement Change

Apply Problem Funnel to our Demo   Analyze elements the “Get

Help” Custom Action

Use our tools to find differences between users

Create new permission set

Login-as target user

Goal: Happy Users!

Identify Problem Details

Check Access

Isolate & Iterate

Test

Features Roadmap

•  Custom Permissions

•  Delegated Administration •  Public Group management

•  Metadata API

•  Session-based Permission Sets (Developer Preview) – Summer ’16

•  Sobject API updates for Profiles – Winter ‘17

•  Permission Set License auto-assignment – Winter ‘17

•  Permission Set Hierarchy or Grouping

•  Lightning Experience for User Management with Salesforce Einstein

•  Delegated Administration •  Queue management

•  Application level delegation

 Permissions and Delegated Administration

Recent Features Longer Term

Additional Resources Where the trail never ends

Links to Additional Resources

•  Grey Tab chrome extension (search for Grey Tab in Chrome Webstore)

•  https://perm-comparator.herokuapp.com

•  https://audittrailyo.herokuapp.com

•  https://developer.salesforce.com documentation for objects used the highlighted tools •  Profile and Permission Set Object Relationship Diagram

•  Profiles API guide

•  Permission Sets API guide

•  Setup Audit Trail API guide and Salesforce Hacker Blog ( http://www.salesforcehacker.com )

•  Recommended Trailhead Modules •  Data Security ( https://trailhead.salesforce.com/module/data_security )

•  Identity ( https://trailhead.salesforce.com/trail/identity )

•  Event Monitoring ( https://trailhead.salesforce.com/module/event_monitoring )

 

Thank Y u

Perm Comparator Demo

A Connected App (hosted on Heroku) to visually compare between profile, permission set, and/or users

Perm Comparator  

Grey Tab Demo

Chrome browser extension to check api access within the same UI display

Grey Tab  

Workbench Demo

Web tool to explore data schema & Rest APIs and run SOQL queries

Workbench  

Audit Trail Yo Demo

A Connected App (hosted on Heroku) to query, filter and visualize your org’s audit trail

Audit Trail Yo  

 Users with same role/job but different profiles

 Tools: •  Perm Comparator

•  Workbench

 Multiple users reporting similar issues

 Tools: •  AuditTrailYo

•  Workbench

 Display problems

 Create Debug Logs

  Tools: •  Grey Tab

•  Workbench

Login-As Comparisons Forensics

3 Troubleshooting Approaches