df16 - troubleshooting user access problems
TRANSCRIPT
Belinda Wong Director, Product Management
[email protected] @BelindaWong
Troubleshoot User Access Problems the Salesforce Way Salesforce on Salesforce
Jordan Mangini System Specialist
[email protected] @JordanMangini
Forward-Looking Statements
Statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Agenda
Best Practices Statistics Problem Solving Funnel Demo Permissions Roadmap
Standard Profiles Custom Profiles + Permission Sets Multiple Organizations
Best Practices for Using Profiles & Permission Sets Security Progression with Complexity
Increasing # of Users, Processes & Objects
Profiles • Limit One per User
• Baseline authorization
• Page Layout and other user interface defaults
Permission Sets • Built for layering
• Perfect for role or task-based authorizations
Best Practices for Using Profiles & Permission Sets Division of Labor between Profiles & Permission Sets
7 1,000 20,000
Scale Scope Volume
User Access Cases per Week (on average)
Employees Salesforce Organizations
Statistics on Salesforce’s Internal Orgs
Monitr Tool to gather statistics and monitor key “uber” permission
User Access Problem Resolution Funnel
Missing:• Data• Fields• Bu1onReasons:• Newrole• Newfeature
Problem Definitions
Identify Elements
Check Access
Isolate & Iterate Resolution
• PageLayout
• Object(CRUD)• FieldLevelSecurity
• ApexClass&VisualforceSecurity
• SharingRules• App&SystemPermissions
• User&ProfileComparisons • PermissionSet • LoginAsUser
&Verify
• PublicGroups
Troubleshoot Scenario
Who – Robbie Renewals
What – He can’t see the “Get Help” action for his opportunities
Why – The “Get Help” Sales team feature is being extended to Renewals team
Access issues after a Business Requirement Change
Apply Problem Funnel to our Demo Analyze elements the “Get
Help” Custom Action
Use our tools to find differences between users
Create new permission set
Login-as target user
Goal: Happy Users!
Identify Problem Details
Check Access
Isolate & Iterate
Test
Features Roadmap
• Custom Permissions
• Delegated Administration • Public Group management
• Metadata API
• Session-based Permission Sets (Developer Preview) – Summer ’16
• Sobject API updates for Profiles – Winter ‘17
• Permission Set License auto-assignment – Winter ‘17
• Permission Set Hierarchy or Grouping
• Lightning Experience for User Management with Salesforce Einstein
• Delegated Administration • Queue management
• Application level delegation
Permissions and Delegated Administration
Recent Features Longer Term
Additional Resources Where the trail never ends
Links to Additional Resources
• Grey Tab chrome extension (search for Grey Tab in Chrome Webstore)
• https://perm-comparator.herokuapp.com
• https://audittrailyo.herokuapp.com
• https://developer.salesforce.com documentation for objects used the highlighted tools • Profile and Permission Set Object Relationship Diagram
• Profiles API guide
• Permission Sets API guide
• Setup Audit Trail API guide and Salesforce Hacker Blog ( http://www.salesforcehacker.com )
• Recommended Trailhead Modules • Data Security ( https://trailhead.salesforce.com/module/data_security )
• Identity ( https://trailhead.salesforce.com/trail/identity )
• Event Monitoring ( https://trailhead.salesforce.com/module/event_monitoring )
Thank Y u
Perm Comparator Demo
A Connected App (hosted on Heroku) to visually compare between profile, permission set, and/or users
Perm Comparator
Grey Tab Demo
Chrome browser extension to check api access within the same UI display
Grey Tab
Workbench Demo
Web tool to explore data schema & Rest APIs and run SOQL queries
Workbench
Audit Trail Yo Demo
A Connected App (hosted on Heroku) to query, filter and visualize your org’s audit trail
Audit Trail Yo
Users with same role/job but different profiles
Tools: • Perm Comparator
• Workbench
Multiple users reporting similar issues
Tools: • AuditTrailYo
• Workbench
Display problems
Create Debug Logs
Tools: • Grey Tab
• Workbench
Login-As Comparisons Forensics
3 Troubleshooting Approaches