Skip to main content
Join us at TDX in San Francisco or on Salesforce+ on March 5-6 for the Developer Conference for the AI Agent Era. Register now.

Set Up Users and Security

Learning Objectives

After completing this unit, you’ll be able to:

  • Discuss the importance of security in Public Sector Solutions orgs.
  • Explain the process for creating profiles, roles, and users.
  • Describe how to assign permission sets to users and configure sharing settings.
  • List the tools for ensuring compliance with government data security and privacy regulations.

Explore Public Sector Security

One of the most important responsibilities for an admin is managing system access across the organization. Security is especially crucial in government settings, where agencies must follow strict laws and regulations about the handling of constituent data. By setting up profiles, building a role hierarchy, and assigning permissions, you can make sure that employees only have access to the information needed for their jobs.

In this unit, learn how to set up profiles, roles, and users through the lens of Public Sector Solutions. To learn the basics about controlling information access in Salesforce, complete the User Management Trailhead module.

Create User Profiles

Begin by configuring user profiles. Profiles define default access to apps, objects, and data, and control what users can do in apps. When admins create users, they assign them to a profile based on their role. You can assign only one profile to each user.

In your agency org, you might set up profiles for compliance, social services, and other categories of government work. The advantage of profiles is that you can configure a combination of app, object, and field access, and then assign this combination of privileges to roles or users. You can also assign a default app and page layouts for the profile, and manage app components and visibility.

Note

It’s best practice to grant users the Minimum Access - Salesforce profile. Then, expand this access by assigning permission sets and permission set groups to users and roles.

To work faster, clone existing profiles and then customize permissions in the new profile.

For example, in Cosville, Tishon clones the Standard User profile to create a Compliance profile.

Clone Profile screen in Setup.

She ensures this Compliance profile includes access to the Public Sector: License and Permit Management app, and associated objects, including Accounts, Public Complaints, Regulatory Codes, and Regulatory Code Violations.

Create Roles

Roles define the level of access to records, reports, and other data that users need to complete the required tasks for their position. Create a role hierarchy to provide levels of access in the org that reflect the reporting structure of your agency.

Tishon creates Compliance Officer, Inspection Manager, and Inspector roles. She sets the Inspector role to report to the Inspection Manager, and the Inspector Manager to report to the Compliance Officer.

Role Hierarchy with Compliance Officer, Inspection Manager, and Inspection roles.

At each level in the role hierarchy, Tishon defines the data that each role can access and manage. For example, she configures the org hierarchy so that the Compliance Officer can view, edit, or report on the data owned or shared with the roles below it. Subordinate roles only have edit access to records they need to do their jobs.

Create Users

After setting up profiles and roles, you’re ready to create users, which represent individual employees in your agency.

Tishon sets up a user record for Salima Sheikh, the Cosville compliance officer. She configures the basic user information, and sets Salima’s role to Compliance Officer and her profile to Compliance.

User configuration screen in Setup.

Tishon assigns a base license to give Salima access to the standard Salesforce features she needs. Finally, she selects the option to generate a new password and notify Salima so she can log in to the org.

Create user records for all of your agency employees and assign roles and profiles that match their daily tasks, such as reviewing applications, scheduling inspections, or approving permits.

Assign Permission Sets

With your profiles, roles, and users ready to go, it’s time to assign permission sets. Permission sets extend the functional access of users without changing their profiles. When you assign a permission set to a user, Salesforce also assigns any related permission set licenses to the user. While users can only have one profile, they can have multiple permission sets.

Tishon assigns the Public Sector Access permission set to Salima and other compliance users. This permission set gives them access to the licensing and permitting objects they need to do their jobs.

Select Users to Assign screen for the Public Sector Access permission set.

To view the permissions included within a permission set, select View Summary on the permission set group record.

To make things even easier, you can set up permission set groups to bundle permission sets based on the job functions of your users. This way, you only need to assign one permission set group instead of several permission sets. Create a muting permission set if you need to disable specific permissions or other access settings within a permission set group.

Review and Configure Sharing Settings

Use profiles and permission sets to give users access to objects and fields. You can also configure sharing settings to expand access to records that users need for their work.

Salesforce uses organization-wide default sharing settings to control access to records that different users create. But, like everything in Salesforce, you can customize these default settings to provide different access levels for internal and external users.

Expand access to records beyond the org-wide defaults by using sharing rules, which act as exceptions to the default settings. Sharing settings are helpful for extending access to features like Experience Cloud sites, which you explore later in this module.

Explore Public Sector Compliance

Salesforce gives you tools to protect sensitive data, comply with industry regulations, monitor usage, and prevent malicious activity.

  • Use Shield Platform Encryption to protect sensitive data, including personally identifiable information and confidential or proprietary data.
  • Use Event Monitoring to track performance, security, and usage data, and keep tabs on who is accessing data and from where.

To learn more about these tools, view the Protect Sensitive Data with Salesforce Shield article.

Some public agencies require industry-specific solutions to adhere to government security and privacy standards, such as FedRAMP authorization in the United States. Government Cloud products offer additional security features to reduce regulatory risk and protect consumer data. To learn more about the security tools included with Government Cloud, visit the Understand Compliance in Public Sector Solutions article.

Your Public Sector Solutions org is well underway. You’ve prepared an ironclad security model and created a set of profiles, roles, and users for all the employees in your agency. Now, you’re ready to set up the application forms for your government services.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback