SlideShare a Scribd company logo

Df16 - Troubleshooting user access problems

Buyan Thyagarajan
Buyan Thyagarajan

These slides helps to troubleshoot user access issues for salesforce admins. One of the greatest presentations in Dreamforce 2016.

1 of 23
Download to read offline
Belinda Wong Director, Product Management belinda.wong@salesforce.com @BelindaWong Troubleshoot User Access Problems the Salesforce Way Salesforce on Salesforce Jordan Mangini System Specialist jmangini@salesforce.com @JordanMangini
Forward-Looking Statements ​ Statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Agenda ​  Best Practices ​  Statistics ​  Problem Solving Funnel ​  Demo ​  Permissions Roadmap ​   
Standard Profiles Custom Profiles + Permission Sets Multiple Organizations Best Practices for Using Profiles & Permission Sets ​ Security Progression with Complexity Increasing # of Users, Processes & Objects
​ Profiles •  Limit One per User •  Baseline authorization •  Page Layout and other user interface defaults ​ Permission Sets •  Built for layering •  Perfect for role or task-based authorizations Best Practices for Using Profiles & Permission Sets ​ Division of Labor between Profiles & Permission Sets
​ 7 ​ 1,000​ 20,000 Scale Scope Volume User Access Cases per Week (on average) Employees Salesforce Organizations Statistics on Salesforce’s Internal Orgs ​ 
Monitr ​ Tool to gather statistics and monitor key “uber” permission
User Access Problem Resolution Funnel ​  Missing: • Data • Fields • Bu1on Reasons: • New role • New feature Problem Definitions Identify Elements Check Access Isolate & Iterate Resolution • Page Layout • Object (CRUD) • Field Level Security • Apex Class & Visualforce Security • Sharing Rules • App & System Permissions • User & Profile Comparisons • Permission Set • Login As User & Verify • Public Groups
Troubleshoot Scenario ​ Who – Robbie Renewals ​ What – He can’t see the “Get Help” action for his opportunities ​ Why – The “Get Help” Sales team feature is being extended to Renewals team ​  ​ Access issues after a Business Requirement Change
Apply Problem Funnel to our Demo ​  Analyze elements the “Get Help” Custom Action Use our tools to find differences between users Create new permission set Login-as target user Goal: Happy Users! Identify Problem Details Check Access Isolate & Iterate Test
Features Roadmap •  Custom Permissions •  Delegated Administration •  Public Group management •  Metadata API •  Session-based Permission Sets (Developer Preview) – Summer ’16 •  Sobject API updates for Profiles – Winter ‘17 •  Permission Set License auto-assignment – Winter ‘17 •  Permission Set Hierarchy or Grouping •  Lightning Experience for User Management with Salesforce Einstein •  Delegated Administration •  Queue management •  Application level delegation ​ Permissions and Delegated Administration Recent Features Longer Term
Additional Resources Where the trail never ends
Links to Additional Resources •  Grey Tab chrome extension (search for Grey Tab in Chrome Webstore) •  https://perm-comparator.herokuapp.com •  https://audittrailyo.herokuapp.com •  https://developer.salesforce.com documentation for objects used the highlighted tools •  Profile and Permission Set Object Relationship Diagram •  Profiles API guide •  Permission Sets API guide •  Setup Audit Trail API guide and Salesforce Hacker Blog ( http://www.salesforcehacker.com ) •  Recommended Trailhead Modules •  Data Security ( https://trailhead.salesforce.com/module/data_security ) •  Identity ( https://trailhead.salesforce.com/trail/identity ) •  Event Monitoring ( https://trailhead.salesforce.com/module/event_monitoring ) ​ 
Thank Y u
Perm Comparator Demo A Connected App (hosted on Heroku) to visually compare between profile, permission set, and/or users
Perm Comparator ​ 
Grey Tab Demo Chrome browser extension to check api access within the same UI display
Grey Tab ​ 
Workbench Demo Web tool to explore data schema & Rest APIs and run SOQL queries
Workbench ​ 
Audit Trail Yo Demo A Connected App (hosted on Heroku) to query, filter and visualize your org’s audit trail
Audit Trail Yo ​ 
​ Users with same role/ job but different profiles ​ Tools: •  Perm Comparator •  Workbench ​ Multiple users reporting similar issues ​ Tools: •  AuditTrailYo •  Workbench ​ Display problems ​ Create Debug Logs ​  Tools: •  Grey Tab •  Workbench Login-As Comparisons Forensics 3 Troubleshooting Approaches    

More Related Content

Df16 - Troubleshooting user access problems

  • 1. Belinda Wong Director, Product Management belinda.wong@salesforce.com @BelindaWong Troubleshoot User Access Problems the Salesforce Way Salesforce on Salesforce Jordan Mangini System Specialist jmangini@salesforce.com @JordanMangini
  • 2. Forward-Looking Statements ​ Statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • 3. Agenda ​  Best Practices ​  Statistics ​  Problem Solving Funnel ​  Demo ​  Permissions Roadmap ​   
  • 4. Standard Profiles Custom Profiles + Permission Sets Multiple Organizations Best Practices for Using Profiles & Permission Sets ​ Security Progression with Complexity Increasing # of Users, Processes & Objects
  • 5. ​ Profiles •  Limit One per User •  Baseline authorization •  Page Layout and other user interface defaults ​ Permission Sets •  Built for layering •  Perfect for role or task-based authorizations Best Practices for Using Profiles & Permission Sets ​ Division of Labor between Profiles & Permission Sets
  • 6. ​ 7 ​ 1,000​ 20,000 Scale Scope Volume User Access Cases per Week (on average) Employees Salesforce Organizations Statistics on Salesforce’s Internal Orgs ​ 
  • 7. Monitr ​ Tool to gather statistics and monitor key “uber” permission
  • 8. User Access Problem Resolution Funnel ​  Missing: • Data • Fields • Bu1on Reasons: • New role • New feature Problem Definitions Identify Elements Check Access Isolate & Iterate Resolution • Page Layout • Object (CRUD) • Field Level Security • Apex Class & Visualforce Security • Sharing Rules • App & System Permissions • User & Profile Comparisons • Permission Set • Login As User & Verify • Public Groups
  • 9. Troubleshoot Scenario ​ Who – Robbie Renewals ​ What – He can’t see the “Get Help” action for his opportunities ​ Why – The “Get Help” Sales team feature is being extended to Renewals team ​  ​ Access issues after a Business Requirement Change
  • 10. Apply Problem Funnel to our Demo ​  Analyze elements the “Get Help” Custom Action Use our tools to find differences between users Create new permission set Login-as target user Goal: Happy Users! Identify Problem Details Check Access Isolate & Iterate Test
  • 11. Features Roadmap •  Custom Permissions •  Delegated Administration •  Public Group management •  Metadata API •  Session-based Permission Sets (Developer Preview) – Summer ’16 •  Sobject API updates for Profiles – Winter ‘17 •  Permission Set License auto-assignment – Winter ‘17 •  Permission Set Hierarchy or Grouping •  Lightning Experience for User Management with Salesforce Einstein •  Delegated Administration •  Queue management •  Application level delegation ​ Permissions and Delegated Administration Recent Features Longer Term
  • 12. Additional Resources Where the trail never ends
  • 13. Links to Additional Resources •  Grey Tab chrome extension (search for Grey Tab in Chrome Webstore) •  https://perm-comparator.herokuapp.com •  https://audittrailyo.herokuapp.com •  https://developer.salesforce.com documentation for objects used the highlighted tools •  Profile and Permission Set Object Relationship Diagram •  Profiles API guide •  Permission Sets API guide •  Setup Audit Trail API guide and Salesforce Hacker Blog ( http://www.salesforcehacker.com ) •  Recommended Trailhead Modules •  Data Security ( https://trailhead.salesforce.com/module/data_security ) •  Identity ( https://trailhead.salesforce.com/trail/identity ) •  Event Monitoring ( https://trailhead.salesforce.com/module/event_monitoring ) ​ 
  • 15. Perm Comparator Demo A Connected App (hosted on Heroku) to visually compare between profile, permission set, and/or users
  • 17. Grey Tab Demo Chrome browser extension to check api access within the same UI display
  • 19. Workbench Demo Web tool to explore data schema & Rest APIs and run SOQL queries
  • 21. Audit Trail Yo Demo A Connected App (hosted on Heroku) to query, filter and visualize your org’s audit trail
  • 23. ​ Users with same role/ job but different profiles ​ Tools: •  Perm Comparator •  Workbench ​ Multiple users reporting similar issues ​ Tools: •  AuditTrailYo •  Workbench ​ Display problems ​ Create Debug Logs ​  Tools: •  Grey Tab •  Workbench Login-As Comparisons Forensics 3 Troubleshooting Approaches