Skip to main content
Join the Agentforce Hackathon on Nov. 18-19 to compete for a $20,000 Grand Prize. Sign up now. Terms apply.

Set Up Users and Security

Learning Objectives

After completing this unit, you’ll be able to: 

  • Create roles to control reporting and data access.
  • Create profiles to control user access to objects and fields.
  • Assign permission sets to users.
  • Control user access to records with sharing settings.

Create User Profiles

Now that you’ve completed the initial setup tasks covered in the last unit, you’re ready to set up profiles and roles and configure users and permission sets.

Let’s start with user profiles. User profiles define how people access objects and data, and what they can do in the app. Admins then create users and assign them a profile based on their roles. Tishon gathers all the required access details for each role. Once she’s ready to roll, so to speak, she creates profiles for each role in the hierarchy. Let’s follow along as Tishon creates a Compliance Officer profile.

Note

When configuring profiles, you can work in the enhanced profile user interface or the original profile user interface. Tishon prefers the enhanced profile user interface because she finds it easier to navigate, search, and modify settings for a profile. Why not try it yourself? 

To switch profile user interfaces, from Setup, search for and then select User Management Settings. Then turn on the Enhanced Profile User Interface.

  1. From Setup, in the Quick Find box, enter Profiles, and then select Profiles.
  2. Select Clone next to the Standard User profile.
  3. For Profile Name, enter Compliance Officer, and save your changes.
  4. Set up object and field access, app access, and the default app.
  5. Assign page layouts and configure app items and visibility.
  6. Save your changes.

Create Roles

Next, Tishon creates a role hierarchy for her agency. A user role hierarchy helps her determine the level of access that users have in the org. 

First, she creates an Admin role and a Compliance Officer role. Under the Compliance Officer role, she adds the Inspection Officer and Intake Officer roles. With this hierarchy, the Compliance Officer can view, edit, and report on all data owned by or shared with Inspection Officers and Intake Officers.

  1. From Setup, search for and then select Roles.
  2. Click Set Up Roles.
  3. Click Add Role.
  4. For Label, enter Admin, and press Tab to auto-populate the Role Name.
  5. For This role reports to, search for and select the appropriate role. By default, the top-level role in the org is selected.
  6. Click Save & New.
  7. For Label, enter Compliance Officer, and press Tab to auto-populate the Role Name.
  8. Confirm the role that the Compliance Officer reports to, and then click Save & New.
  9. Create roles for the Inspection Officer and Intake Officer, who report to the Compliance Officer.
  10. Save your work.

The Creating the Role Hierarchy page in Setup

Create Users

Tishon is ready to create users. She starts by creating a compliance officer.

  1. From Setup, in the Quick Find box, enterUsers, and then select Users.
  2. Click New User.
  3. Enter details for each user, and pay special attention to these fields:
    • Username: Each username must be in the form of an email address and unique across all Salesforce orgs. However, a username doesn't have to be a working email. By default, the username is the same as the email address.
    • User License: The user license determines which features the user can access in Salesforce. Select Salesforce to give users access to standard Salesforce features.
    • Profile: Select Compliance Officer.
    • Role: Select Compliance Officer.
    • Generate New Password and Notify User Immediately: This option, which is selected by default, generates a password and sends a welcome email to the user inviting them to log in to the org. Because there’s more configuration to do, consider deselecting it (Tishon does). You can come back and select it after you've finished configuring your org and when you're ready for people to use it.
  1. Save your changes and continue creating additional user records.

Tishon creates more user records for Cosville’s government employees, focusing on all the key players required to initiate the citizen outreach program, collect applications, process them, schedule inspections, complete inspections, and provide approvals.

Assign Permission Sets

Now that user records are all ready, Tishon can assign permission sets. Permission sets extend users’ functional access without changing their profiles. Users can have only one profile, but they can have multiple permission sets.

Let’s follow along as Tishon assigns a user permission set.

  1. From Setup, in the Quick Find box, enter Users, and then select Users.
  2. Select a user.
  3. In the Permission Set Assignments related list, click Edit Assignments.
  4. Select the permission set you want to assign, and then click Add. Public Sector Solutions includes several permission sets. You can assign one or more to any user.
  5. Select Public Sector Access to give users access to all Public Sector Solutions objects and features.
  6. Save your changes.

When you assign a permission set to a user, Salesforce also assigns the user any related permission set licenses. Alternatively, you can assign permission sets to permission set groups, which is also a common practice. Doing this automatically assigns the corresponding permission set license to users with that profile.

Tip: You can use permission set groups to bundle permission sets together based on the job functions of your users. This way, you only need to assign one permission set group instead of multiple permission sets. For more information, see Permission Set Groups in Salesforce Help.

Review and Configure Sharing Settings

With profiles and permission sets, Tishon gives her users access to objects and fields. Now she needs to configure sharing settings, which control user access to records.

Salesforce uses organization-wide default sharing settings to control users' access to records created by a different user. But like everything in Salesforce, you can customize the org-wide defaults and set different access levels for internal and external users. 

You can also expand access to records beyond org-wide defaults by using sharing rules, which represent the exceptions to your organization-wide default settings. For example, if your organization-wide sharing default is Public Read Only or Private, you can define sharing rules that give users access to records based on the record owner or field values in the record. Keep in mind that, as a security best practice, Salesforce recommends providing the least level of access needed. 

Let's follow Tishon as she reviews the org-wide default sharing settings in her Public Sector Solutions org.

  1. From Setup, in the Quick Find box, search for and then select Sharing Settings.
  2. Review the organization-wide defaults. To change any of them, click Edit, and then select a different Default Internal Access or Default External Access setting. Default Internal Access applies to internal users. Default External Access applies to users who access Public Sector Solutions from an Experience Cloud site.Sharing Settings page with Organization-Wide Sharing Defaults
  3. Save your changes.

For details about these configuration steps and to learn more about compliance and security in Public Sector Solutions, see the Security for Public Sector Solutions article in Salesforce Help.

Tishon accomplished quite a bit today. She set up her initial security model and created user records for all the Cosville government employees that need to use Public Sector Solutions. Now she’s ready to set up regulatory authorities and authorization types. 

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback