Articles
Salesforce Compliance: Crafting a Data Recovery Plan to Safeguard Your...
What’s trending
UPCOMING EVENTS
7 Salesforce User Management Best Practices
August 04, 2023
The user object is likely one of the key standard Salesforce objects that you likely work with day in day out. Salesforce user management – as well as the particularities of the object – is critical to be familiar with.
In this post, we will explore what you as a Salesforce Administrator can do to not only maintain controlled access to Salesforce and its related data, but also to make the most out of available functionality when it comes to your users in Salesforce.
1. Types of Users in Salesforce
Depending on the Salesforce products you use within your org, there may be internal as well as external users. This would immediately imply two different license types: Salesforce User License and Experience Cloud License, each with their own categories depending on the functionality.
In addition to the baseline access the license provides, there may be additional feature or permission set licenses to consider based on your implementation of Salesforce. For example, to leverage CPQ or Tableau CRM functionality, an additional license is needed which will also add additional cost.
Knowing both the available licenses in your org as well as what capacity users will need to interact with Salesforce in is something to familiarize yourself with right from the get go.
2. Explore Salesforce User Management Settings
During the Salesforce releases when the preview orgs are updated, I always find myself navigating to the User Management Settings page first. With many features being made available here lately, I can’t help but wonder what others Salesforce will include next to enhance the existing process.
Ever since it was in beta, Field-Level Security for Permission Sets during Field Creation has been amazing to use in sandboxes, and a true game changer for admins in orgs which have already made the move to permission sets / permission set groups to extend the baseline access provided by a basic profile.
Now, you no longer have to remember to add field permissions to multiple permission sets individually in the UI, spend time navigating to them, and then wait on each page for the changes to save.
Bonus: When you have numerous permission sets on the page, by hovering over each of the checkboxes a tooltip will let you know if the box is read or edit, as well as the name of the permission set (even if the row is highlighted).
One thing to note while you are enabling features is that it is only a matter of time until multi-factor authentication will become mandatory to increase security (scheduled to start as soon as Summer ’24).
MFA is something worth exploring sooner rather than later, to smoothly prepare the users for this change in accessing Salesforce.
3. Automate Permission and Group Assignment
The 2022 Dreamforce Architect Keynote included a comprehensive demo for the new user access policies, and back then it seemed this functionality couldn’t come fast enough! Currently in beta, once this feature is enabled from the Salesforce user management settings, there will be a separate setup section available where you can have up to 20 active policies at a time.
This is a criteria-based automation, which can easily be set up by any admin given the desired criteria is present. Through the user access policies, permission sets, permission set licenses, permission set groups, and queue or group membership can be granted or revoked when a user is created, updated, or both.
Before enabling, be sure to take a look over the user access policy considerations.
In some cases it may make sense to revoke permission sets using the policies, but there are also situations when it’s not worth consuming an access policy – especially when you know that certain users should only be granted a permission set (or group) for a limited period of time. In this situation, the expiration date for permission set assignment will come in handy, with a possibility to schedule it to happen whenever needed, even considering the timezone.
4. Check the User Access Summary
Alongside the Summer ‘24 release comes yet another great user management enhancement, this time in the form of a new View Summary button on the User detail page. There are no changes required for this button to be visible.
Within the new summary view, you can easily see on a single page a user access summary, split by the assigned User Permissions, Object and Field permissions, and Custom Permissions, as well as Group and Queue Membership. Gone are the days of having to spend loads of time confirming whether or not a user has a certain permission assigned!
As you can see below, the button is available for all kinds of users including generic ones. This means that as soon as the release hits production orgs, you will be able to quickly spot which permissions are assigned – even to integration users – in just a few clicks. Additionally, when it comes to Field Permissions, you can also filter by the Object you need to look at to check the read or write access.
5. Muting Permissions?
Permission set groups help admins define permission set combinations based on certain personas or functions, allowing controlled and tailored access for each role within the organization.
This however doesn’t mean that you have to keep creating permission sets for each particular group, especially when there are differences between them. You can reuse the same permission sets in multiple groups, without maintaining the same access and without editing the actual permission set. How is this possible?
Within the permission set group, you can easily create a “muting permission set”, which is only going to impact that group – with no change whatsoever for the permission sets in it, which may be either individually assigned to other users or groups.
6. Know your Org-Wide Defaults
The sharing settings page in setup could not have been missed in this post – being a priority on the Salesforce user management list, following object and field access.
With a few options of default access to choose from depending on the object, org-wide defaults represent the baseline level of access for users to view other’s records, with a possibility to open up the access further through sharing rules, manual sharing, and role hierarchy.
In addition to the ways mentioned above, record access can also be controlled using account or opportunity teams for example, with the added bonus that users can also define and add other users as needed or as a default setting on their user page. This way, seamless collaboration is ensured at record level – especially in one-off scenarios.
7. Freeze!
One simple, yet useful feature is the Freeze/Unfreeze button on the user record which can be leveraged when a user has left the organization but cannot yet be deactivated due to various reasons.
In this case, it’s literally a click of a button to temporarily “freeze” the user until you can deactivate. During the freeze period, the user can’t access Salesforce, but the license doesn’t become available to further use.
8. Empower Your Users
While there is a plethora of things that you, as a Salesforce professional, can implement across various instances, at the end of the day enablement remains the key. Training the users on both out-of-the-box as well as custom functionality will ensure faster adoption, especially when it comes to features that allow them to control some aspects of the experience.
A great productivity tip you can share with your users is the possibility for them to customize their navigation bar to their liking – reordering or adding their most used items couldn’t be any easier!
Summary
All in all, Salesforce user management can make or break the entire experience. From creating permission sets to extending object and field access, the Salesforce Administrator should ensure a seamless and secure interaction with all key business information.
What is one Salesforce user management functionality you couldn’t live without? Let us know in the comments section below…
More like this:
