A profile in the Force.com application can be called as a container that has access rights information of users. When a user is logged into the application, what is displayed including data and user interface is determined by the profile the user belongs to. A user always belongs to a profile and can belong to only one profile at a given time.
A profile can be directly related to the job function of the user. For example, in a given organization, System Administrators have similar duties on the job - need access to the same set of data and pages. Hence you can define a profile with required access for System Administrators and assign that profile to all the System Administrators.
Profiles define object and field permissions, tabs and pages the user can see, code the user can execute, functions the user can perform and many other user permission parameters.
When we are trying to understand user access permissions, we need to understand couple of other related terms as well. Role and Permission Sets.
While profiles control object and field level access, a role controls record level access. Role defines different levels of users by way of hierarchy. Each role in the hierarchy represents a level of data access. A user with a given role will have access to the data of all the users who fall below in the hierarchy in terms of role assignment. Hence higher the role in the hierarchy, higher the level of data access. Typically you would assign one profile and one role to each user.
Permission sets also define user access parameters like profiles. All those access rights that you can define using the profiles can be defined using permission sets. But permission sets are used little differently than profiles. They extend the access rights the user profile has already defined. Thus if you were to give some additional access to a user, permission set is the one you need to use. For example - say there are 100 users in one profile. For a certain period 5 users among them need some extra user access to certain objects. All you do is define and assign a permission set to those 5 users without changing the profile. When this additional access is not in need, just remove the permission set that was assigned. Also, while users can have only one profile, they can have multiple permission sets.
Profiles, Roles and Permission Sets can be managed in Force.com platform under Administration Setup -> Manage Users.
Happy cloud computing using Salesforce!
A profile can be directly related to the job function of the user. For example, in a given organization, System Administrators have similar duties on the job - need access to the same set of data and pages. Hence you can define a profile with required access for System Administrators and assign that profile to all the System Administrators.
Profiles define object and field permissions, tabs and pages the user can see, code the user can execute, functions the user can perform and many other user permission parameters.
When we are trying to understand user access permissions, we need to understand couple of other related terms as well. Role and Permission Sets.
While profiles control object and field level access, a role controls record level access. Role defines different levels of users by way of hierarchy. Each role in the hierarchy represents a level of data access. A user with a given role will have access to the data of all the users who fall below in the hierarchy in terms of role assignment. Hence higher the role in the hierarchy, higher the level of data access. Typically you would assign one profile and one role to each user.
Permission sets also define user access parameters like profiles. All those access rights that you can define using the profiles can be defined using permission sets. But permission sets are used little differently than profiles. They extend the access rights the user profile has already defined. Thus if you were to give some additional access to a user, permission set is the one you need to use. For example - say there are 100 users in one profile. For a certain period 5 users among them need some extra user access to certain objects. All you do is define and assign a permission set to those 5 users without changing the profile. When this additional access is not in need, just remove the permission set that was assigned. Also, while users can have only one profile, they can have multiple permission sets.
Profiles, Roles and Permission Sets can be managed in Force.com platform under Administration Setup -> Manage Users.
Happy cloud computing using Salesforce!
You are simply awesome
ReplyDelete