Create New Users and Allow a User to Delete Accounts

Introduction

You are attending a security and data access review meeting with the CEO and the Executive team. The first item on the agenda is to ensure that all users have the appropriate object permissions for their job roles. John Wiseman, CEO, wants to ensure users have access to the objects they need to do their job, but wants to restrict the ability to delete records to just Executive Users and the Support team. Noah Larkin, VP of Services, is helping to clean up records, and needs temporary permission to delete Accounts.

Update to the Enhanced Profile User Interface

1. From Setup, enter User Management in the Quick Find box, and select User Management Settings.
   
2. Switch the Enhanced Profile User Interface toggle to Enabled.
   
   

Create a New Profile Without Delete Permissions

1. From the Setup Quick Find box, enter and select Profiles.
   
2. Click S from the alphabet picker across the top.
   
3. Click Clone next to Standard Platform User.
   
4. Enter Standard Profile - No Acct Delete for Profile Name.
   
5. Click Save.
   
6. With the profile overview of Standard Profile - No Acct Delete open, click Object Settings in the Apps section.
   
7. Click Accounts to open the Accounts Object Settings.
   
8. Click Edit.
   
9. Deselect Delete in the Object Permissions section. Note: In Object Permissions, there should now only be checks by Read, Create, and Edit.
   
10. Click Save.
    

Set Login Access Policies and Create a New User

1. From Setup, enter Login Access Policies in the Quick Find box, and select Login Access Policies.
   
2. Select the Enabled checkbox next to Administrators Can Log in as Any User.
   
3. Click Save.
   
4. From Setup, enter Users in the Quick Find Box, then select Users.
   
5. Select New User and fill in the details.
   

   Field	Value
   First Name	Maya
   Last Name	Lorrette
   Alias	mlorr
   Email	Enter your own email address
   Username	This auto-populates with your email address.Replace using formula: first initial + last name of user + @ + your initials + your favorite color + a number + .com. Example: mlorette@wbyellow678.com
   Nickname	mlorrette
   Title	Accounts Receivable
   Department	Sales
   User License	Salesforce Platform
   Profile	Standard Profile - No Acct Delete
   Role	Western Sales Team (Note: set the User License first, then Profile. The Western Sales Team role will be the last option in the Role list after the license and profile have been selected.)

6. Fill in her Locale settings, including time zone and language.
   
   • Time Zone: Pacific Time (America/Los_Angeles) Note: either GMT-07:00 or GMT-08:00 depending on time of year.
     
   • Locale: English (United States)
     
   • Language: English
     
7. Click Save & New. Add another user.

   Field	Value
   First Name	Ted
   Last Name	Kim
   Alias	tkim
   Email	Enter your own email address
   Username	This auto-populates with your email address.Replace using formula: first initial + last name of user + @ + your initials + your favorite color + a number + .com. Example: tkim@wbyellow55.com
   Nickname	tkim
   Title	Recruiter
   Department	Sales
   User License	Salesforce Platform
   Profile	Standard Profile - No Acct Delete
   Role	Western Sales Team

11. Next, fill in his Locale settings, including time zone and language.
    
    • Time Zone: Pacific Time (America/Los_Angeles) 
      
    • Locale: English (United States)
      
    • Language: English
      
12. Click Save.
    

In a Trailhead playground, you’re limited to the number of Salesforce and Salesforce Platform licenses you have to distribute. To complete this challenge, we’re going to deactivate a few users to free up some of those licenses. Sound confusing? Don’t worry. It will all make sense in the next step. 

1. Navigate to Users in Setup, and click Edit next to Maya Lorrette.
   
2. Deselect the Active checkbox to deactivate Maya’s user license.
   
3. On the warning message, click OK, then click Save.
   
4. Repeat the same steps to deactivate Ted Kim.
   

Now that you’ve deactivated two users, you have two additional Salesforce Platform licenses available. Let’s assign them to our new users. 

1. Select New User and fill in the details.
   

   Field	Value
   First Name	Noah
   Last Name	Larkin
   Alias	nlark
   Email	Enter your own email address
   Username	This auto-populates with your email address-replace using formula: first initial and last name of user @your initials and your favorite color.com.Example: nlarkin@wbpurple.com
   Nickname	nlarkin
   Title	VP Services
   Department	Customer Support
   User License	Salesforce Platform
   Profile	Standard Profile - No Acct Delete
   Role	Customer Support, International

2. Next, fill in his Locale settings, including time zone and language.

   Field	Value
   Time Zone	Pacific Time (America/Los_Angeles)
   Locale	English (United States)
   Language	English

3. Click Save & New. You have one more user to add, then you’re all set. Let’s add sales engineer, Amy Daniels.
   

   Field	Value
   First Name	Amy
   Last Name	Daniels
   Alias	adani
   Email	Enter your own email address
   Username	This auto-populates with your email address-replace using formula: first initial and last name of user @your initials and your favorite color.com.Example: adaniels@wbyellow.com
   Nickname	adaniels
   Title	Sales Engineer
   Department	Sales
   User License	Salesforce Platform
   Profile	Standard Profile - No Acct Delete
   Role	Western Sales Team

4. Fill in her Locale settings, including time zone and language.

   Field	Value
   Time Zone	Pacific Time (America/Los_Angeles)
   Locale	English (United States)
   Language	English

5. Click Save.
   

Allow a User to Delete Accounts Using Permission Sets

1. From Setup, enter Permission Sets in the Quick Find box and select Permission Sets.
   
2. Click New and complete the Create screen.
   

• Label: Delete Accounts
• Description: Grants Delete Accounts permission. Note: A description is required to associate the applicable license to this permission set.
  
• Select the type of users who will use this permission set: Salesforce Platform.
  

3. Click Save.
   
4. In the Apps section, click Object Settings and select Accounts.
   
5. Click Edit and select the Delete checkbox under Object Permissions. Note: Edit and Read will be automatically checked. 
   

6. Click Save and select Manage Assignments.
   
7. Click Add Assignments and in the Action column, check the box next to Noah Larkin.
   
8. Click Next, Assign, and Done.
   

Log in as Noah Larkin to test the permission set.

1. From Setup, search Users in the Quick Find box, and select Users.
   
2. In the action column, click Login next to Noah Larkin.
   
3. From the App Launcher, click Accounts. From List View picklist, select All Accounts.
   
4. In the Account Name column, click GenePoint. Notice that the Delete button is now available at the top of the Account Detail page because Noah has the Account: Delete permission set.
   

5. Click Log out as Noah Larkin at the top of the page. Note: If this logs you out of Salesforce, click Launch to relaunch your Trailhead Playground.
   

You’ve just ensured that Noah Larkin has the appropriate permissions for his role. Now it has come to your attention that some users have multiple roles within the organization. In the next step, you create a role hierarchy and assign users to their new roles.