In Spider-Man*, Uncle Ben tells his nephew Peter Parker “With great power comes great responsibility.” Long before Peter Parker sensed the challenges inherent in being Spiderman, Uncle Ben recognized the super powers granted to his nephew were both a gift and a curse. I hear Uncle Ben’s words when I log into a client’s instance of Salesforce and see a long list of users with the System Administrator profile.
Many nonprofits take an egalitarian approach to data access because it fits their philosophy or their needs. Smaller nonprofits often have staff members with a range of responsibilities that require them to have access to different sets of data. Giving everyone the system administrator is an easy way to ensure users have an ‘all access’ pass to Salesforce. It is, however, dangerous.
Assigning the System Administrator profile to a user in Salesforce is like granting that user a series of super-powers. The system administrator has access to nearly everything in Salesforce. “View all data” and “Modify all data,” which are checked by default for system administrators, give users the right to see and modify all data. The ability to see and edit any field in Salesforce is powerful, but these checkboxes override other security settings. Field level security is meaningless and read only fields are read/write.
The System Administrator has access to more than just data – they have full rights to change the configuration of Salesforce – applications, tabs, objects and fields They can download and install packages from the Salesforce Appexchange, create new users, and be granted the rights to login as another user. There are over 100 specific permissions that are granted to the System Administrator. Wielded wisely, those permissions can allow them to manage the system, troubleshoot problems, and help users. However, inexperienced or accidental admins often make changes to the system without understanding the impact of their actions. In a blog post from last year, my colleague, Will Nourse noted, “The more admins you have, the more changes that can be made and the harder it is to control them.”
In general, users should be granted the minimum permissions needed for them to work effectively in Salesforce. Profiles and permission sets are two tools that work in conjunction with sharing settings and can be used to appropriately grant access to users in Salesforce. Both profiles and permission sets should be tailored to users’ needs and very few users should have the System Administrator profile.
Profiles control the access to applications, tabs, objects and fields and ability to create, read, edit and delete. Where and when a user can login can also be controlled via a profile. Best practice dictates that profiles should be created for groups of users that share business processes like donor and donation management or client intake. Creating custom profiles can be daunting, but Salesforce comes with standard user profiles that can be cloned and customized. The Standard User profile is a safe place to begin as it has good basic access. Clone the Standard User profile and begin to craft a profile tailored to a specific function by enabling or disabling access to standard and custom objects, page layouts and fields. Iterate by making changes, logging in as a user with that profile and test the limits. Can you perform all needed functions with this profile? Do you see the data you need? Do you see too much?
Users can have only one profile, but their access to specific features can be boosted with permission sets. Permission sets are groups of functionality that can created and layered on top of a user’s profile to grant, but not deny, access to additional features. For smaller organizations where staff may have responsibilities in multiple areas, permission sets are perfect for creating the unique combinations of functionality that are needed. Instead of assigning the System Administrator profile to a user who creates Salesforce user accounts, a “user management” permissions set could be created that allows a user to deactivate users, create users or reset passwords.
Before assigning the System Administrator profile to a user, think carefully about the power and responsibility you are conveying on that user and try to right-size their access with a combination of a custom profile and permission sets.
* – The line was first associated with Spider-Man when it was published in 1962 in Vol 1, #15 of the Marvel Comic Amazing Fantasy. The quote, however, originates from the work of Voltaire and was first published in 1832. Image by Style Weekly.