Security has taken over our lives.The average person has over 6 passwords that they use regularly. Our homes, phones and computers are flooding with security controls, apps and codes. But can we really control this?
Salesforce has layers of security features to create a super strong infrastructure. There are features to secure your org, your users and your data. A general understanding of the available options is essential to creating a powerful and complex security model. The best place to start learning this is by watching this video series.
- Password Policies: Studies have show that most people create simple and easily guessed passwords for even the most sensitive of data. As an administrator, you should consider enforcing password policies regarding the length, character usage and expiration time of each password.
- Login IP Ranges: Set this for your organization (users can request an authentication code to login from an outside IP) and/or on a profile level to limit user’s access to predetermined IP ranges.
- Login Session Times: Limit the time a user (based on profile) can login to Salesforce. **Note, that leaving it blank does not lock them out, it gives unlimited time for that day. The start and end time should be the same to lock them out for a specific date**
- Object Access, Organization-Wide Defaults, CRED Permisions, Hierarchy etc: There are the key to data security, control, access and visibility in your org! Again, There are the key to data security, control, access and visibility in your org!
- Data Backup: If you don’t have your data regularly backed up, do so now. I mean it. Stop reading this….go backup your data!
BEAR IN MIND:
CRED = What a user can DO
OWD = What a user can SEE
These serve as a baseline for your organization security. settings. For example, although a user may be granted access to see records through role hierarchy, they will not be able to edit unless they have “Read” permissions for that object.
Always start with the most restrictive settings and open access as needed. It is easier to open then restrict as needed (think Hierarchy and Permission sets – they open access).
Create a chart listing all all users/profiles along with the CRED and OWD settings they should have per object. This will guide you as you build you security model. Ask yourself questions as to what data a user needs to see, to edit. This will help you determine the appropriate features and settings needed for your org.
“With great power comes great responsibility”