Since permission sets are controlled by our repository, the starting point to implement more permissions is to create some simpler basic permission sets.
I'm not sure what a fundamental most basic one would be, but it should not include access to Background Check, any of the demographic fields, addresses or phone numbers.
We don't have unlimitted salesforce accounts, so we can keep some of this simpler than i had to do in sharepoint.
We have
admins who get everything= you and me [this is covered w/ Atlas Super User & System Admin profile]
users who get everything = molly, laura [this is covered w/ Atlas Super User & Advanced Standard User profile]
users who get everything minus background check and demographic info <- not sure who this might be , but i think we need to have the ability to demonstrate we are intentional here in explicitly adding in those permissions.
users who we will ultimately limit to not access clients, but can see background check and demographic for the contacts we allow them to. these people have no need to access a lot of our custom objects (ceus, dogs, logs). they would need files, related people, and program assignments as well as reports and dashboards they have been given access to <- thinking volunteer coordinator role
you said we can have multiple permission sets assigned.
so could one simply have background check and demographic (edit access) that gets added and our base one leaves these out?
I'm not sure how you assign more than one permission set.
thoughts?
i have directions on how we might use public groups to handle limiting who can access list views and essentially lock certain users to certain contact list views, namely ones that have volunteer. that combined w a more restricted permission set and profile should get us where we need to go.
Since permission sets are controlled by our repository, the starting point to implement more permissions is to create some simpler basic permission sets.
I'm not sure what a fundamental most basic one would be, but it should not include access to Background Check, any of the demographic fields, addresses or phone numbers.
We don't have unlimitted salesforce accounts, so we can keep some of this simpler than i had to do in sharepoint.
We have
admins who get everything= you and me [this is covered w/ Atlas Super User & System Admin profile]
users who get everything = molly, laura [this is covered w/ Atlas Super User & Advanced Standard User profile]
users who get everything minus background check and demographic info <- not sure who this might be , but i think we need to have the ability to demonstrate we are intentional here in explicitly adding in those permissions.
users who we will ultimately limit to not access clients, but can see background check and demographic for the contacts we allow them to. these people have no need to access a lot of our custom objects (ceus, dogs, logs). they would need files, related people, and program assignments as well as reports and dashboards they have been given access to <- thinking volunteer coordinator role
you said we can have multiple permission sets assigned. so could one simply have background check and demographic (edit access) that gets added and our base one leaves these out? I'm not sure how you assign more than one permission set.
thoughts?
i have directions on how we might use public groups to handle limiting who can access list views and essentially lock certain users to certain contact list views, namely ones that have volunteer. that combined w a more restricted permission set and profile should get us where we need to go.