Salesforce.com For Dummies, 5th Edition (2014)

Part VII. Designing the Solution with Force.com

For more advice for the Salesforce developer, go www.dummies.com/extras/salesforcedotcom.

In this part …

· Secure Salesforce with Roles, Profiles and Sharing

· Add custom fields to tailor Salesforce to meet your business

· Learn how to play safely in a Sandbox

· Explore the infinite possibilities of the AppExchange

Chapter 19. Fine-Tuning the Configuration

In This Chapter

Modifying your corporate profile

Building the role hierarchy

Developing your sharing model

Setting up users

Delegating administrative duties

Customizing the user interface

In earlier chapters, you discover how to add custom fields, define picklists, and create standard templates so that Salesforce looks like it was made exactly for your business. If you’re starting to think about additional ways to tweak the system so that each user sees only pertinent information, you’ve come to the right chapter.

For administrators or members of your customer relationship management (CRM) project team with the right privileges, Salesforce allows you to easily configure your system so that users can access and share information according to your goals. Regardless of which Salesforce edition your company has chosen, you have a variety of ways to control access and sharing of data, from system-wide sharing rules to assigning profiles. And, if you have Enterprise or Performance Edition, you have industrial-strength flexibility, even to the point of field-level security.

In this chapter, we show you all the steps you can take (or should consider) for configuring Salesforce, including modifying your configuration, creating the role hierarchy, assigning profiles, determining field-level security, creating users, setting up your sharing rules, and managing groups. We also show you other methods for controlling security, which include password policies, session settings, audit trails, and delegating administrative privileges.

Figuring Out Configuration

All the things that you can change can be conveniently accessed from the Setup menu of Salesforce. If you have administrative permissions, log in to Salesforce and follow these steps:

1. Choose the Setup link from the upper-right corner of your Salesforce window.

The Force.com home page appears displaying three columns, as shown in Figure 19-1, containing

· A Quick Find search bar on the left, to help system administrators quickly locate sections or settings

· A collapsible and expandable navigation menu below the Quick Find search bar

· A middle section with a Getting Started area, a list of recent administrator-related items you were last looking at, Quick Links to common administrator tasks, and a Community section that provides resources in case you have additional Salesforce questions that this wonderful book hasn’t been able to cover

· Additional technical resources on the right, as well as information on content, events, and AppExchange apps that salesforce.com wants to feature

Figure 19-1: Visiting the Force.com home page.

2. In the left sidebar, click the arrow buttons to expand some of the first folders under the Administer section: Manage Users, Company Profile, and Security Controls.

These are your basic options and the first things that you should use when configuring Salesforce.

3. The section heading can also be clicked on to reveal additional subsections below each of the folders, as shown in Figure 19-2.

The Administer page appears too, with the page title that includes the edition (or version) of Salesforce that you’re using.

Figure 19-2: Summarizing the Administer section.

Breaking down basic elements

Before jumping into the guts of system configuration, take a minute to review five basic configuration elements:

· Users: These are the specific people who use your Salesforce system.

· Sharing model: Defines the baseline, general access that users have to each other’s data. Also known as organization-wide defaults, org-wide defaults, or simply, OWD. If you already know that certain groups should not be seeing other groups’ information, you want to start with the most restrictive sharing model and use things like the role hierarchy and sharing rules to open access to information. It’s easier to provide more access than it is to selectively restrict it.

· Roles and role hierarchy: Define who reports to whom in your organization, for the purposes of running reports. Roles determine who is able to see and report on records owned by others. Think of roles as a way to provide “vertical access” to data (that is, up and down a hierarchy). People higher up in the hierarchy are able to report on those below them in the hierarchy. For example, if you’re a manager of a team of sales reps, you will have a role above your team and be able to see all the account, contact, and opportunity data owned by your team. Individual sales reps, however, might not be able to see opportunity information owned by their peers. This does not always have to mimic your company’s org chart exactly, however. Another example is that a sales operations analyst may not have any direct reports, but must run reports on the entire sales team. This person could share a role with the head of sales, only because of her reporting needs. Each user should have an assigned role within your defined role hierarchy.

· Profiles: Control a user’s capability to access different fields within a record in Salesforce. For example, service reps will find some fields on an account record more relevant than other fields that may be very important to a marketing operations analyst. To make the service reps’ view of the account record more pertinent and less confusing, you could hide certain irrelevant fields from their view. You must assign a profile to each user.

· Sharing rules: Opens up access to data for specific users or groups of users. Think of this as opening lateral or horizontal access to your data, by giving certain peer groups or individuals this exception.

You use these five elements as the primary levers to deliver the proper level of access and control for your company in Salesforce.

Planning configuration to achieve success

Put the major stakeholders of your Salesforce solution in a room and ask them one question: “How do you envision people sharing information in Salesforce?” More often than not, you’ll get blank stares.

Discuss sharing issues with your CRM project team after you hear about their current CRM processes. Current business processes, explained without any Salesforce jargon from the team, can often help you formulate an opinion based on what you believe would be best for your company. Take into consideration the culture, size, and type of sales organization at your company. Use this opinion to guide the specific nature of your questions.

Now, you should ask that question, but we suggest following it up with scenarios. Here are a few ideas to get you started:

· Should a sales development rep be able see what the CEO sees?

· Should a sales rep be able to view data from other reps? Should one sales rep be allowed to edit another’s lead record?

· Do certain groups need wider access than others? For example, does a call center team that supports all customers need more or less access than a team of sales reps? What about a professional services team member who both helps during the sales cycle as well as the implementation, and any postlaunch questions for up to a certain number of days?

· Do you have marketing operations or sales operations staff? How will they be interacting with Salesforce? Should they be able to see everything that VPs of their organizations see, especially because they’ll probably be doing all the leg work for them?

· Does a manager require different permissions than a rep?

· Do multiple people commonly work on the same account or opportunity?

· Do you have any concerns with a fully open or completely private sharing model?

Use these types of questions and their answers to guide your configuration.

Verifying Your Company Profile

In the Company Profile section, you can modify many basic settings for your organization that include default time zone, language, and currency. If you’re the administrator, you can also use this section to monitor and anticipate your future needs relative to purchased licenses.

This is an easy but important step. If you’re an administrator beginning your implementation, get this done before you even think of adding a new user.

To update your company information, click the Setup link in the upper-right corner of Salesforce and follow these steps:

1. Choose Administer⇒Company Profile⇒Company Information.

The Company Information page appears. You can also find a lot of information here about the number and type of licenses that you’ve purchased. This comes in handy as you amass more licenses and have users that need different extra-cost features, or aren’t using Salesforce as often as you are.

2. Click the Edit button.

The Edit Organization Profile page appears. Review all the fields. Pay closest attention to verifying the accuracy of the three or four required fields in the Locale Settings section:

· Default Locale: From this drop-down list, select your company’s primary geographic locale. Note: This setting affects the format of date and time fields (for example, 06/30/2014 versus 30/06/2014) as well as calendar display (week starts Monday versus Sunday).

· Default Language: Set language from this drop-down list.

· Default Time Zone: Verify that your time zone is correctly set from this drop-down list.

· Currency Locale: If you use a single currency, choose the proper location from this drop-down list. This sets the corporate currency. (You won’t see this field if you set up multiple currencies.)

Users can still modify their individual locale settings in the future.

3. Click Save.

The Company Information page reappears with any changes you made.

Defining Your Sharing Model

As an administrator or member of your CRM project team, one of your biggest decisions in Salesforce is how users will share information. A sharing model controls the level of access that users have across an organization’s information, not just up and down the chain. You can use the sharing model with the role hierarchy, public groups, personal groups, and the default access for each role to get pretty specific about what you want people to view or change. You use the organization-wide sharing model and, if necessary, public groups and expanded sharing rules in Salesforce to configure your sharing model.

For smaller, younger organizations, start with an open, collaborative sharing model, as opposed to a secretive sharing model in which no one knows what anyone else is doing. (A secretive sharing model sounds like any oxymoron, right? Well, it can be because if you don’t carefully think about ramifications, you could be back to where you started with giant heaps of information.) If collaboration is one of your goals, a more-restrictive sharing model can have a greater potential negative impact on end-user adoption. You can always change the sharing model in the future if people scream loudly enough. But nine times out of ten, the value of collaboration overcomes the initial concerns with users viewing other users’ data.

Setting organization-wide defaults

The organization-wide defaults (OWDs) set the default sharing access that users have to each other’s data. Sharing access determines how data created by users in a certain role or public group is viewed by users within another role or public group. For example, you many want your Sales Operations team to see the dollar value of won opportunities so that they can calculate commissions, but you probably don’t want them editing the amount of that opportunity. If any role or public group possesses data that at least one other role or group shouldn’t see, your sharing model must be private; all other levels of openness must be granted as an exception via groups (more on that later).

No matter which defaults you set to the sharing model, users will still have access to all data owned by or shared with users below them in the role hierarchy.

To configure the organization-wide defaults, click the Setup link and follow these steps:

1. Choose Administer⇒Security Controls⇒Sharing Settings.

The Sharing Settings page appears, showing org-wide defaults for several objects, as well as specific sharing rules for those objects.

2. Click the Edit button in the Organization Wide Defaults list.

The Organization Sharing Edit page appears.

3. Select the desired settings.

Click some picklists to see the different options. The options are typically Private, Public Read Only, and Public Read/Write. For example, if you want the most restrictive model, choose the following as your defaults: Private for the major records and Hide Details for Calendar. Some standard objects, like the Lead and Case objects, have extra special powers and have an additional option, Public Read/Write/Transfer. This assumes that someone working heavily in leads or cases will often need to transfer a lead or case record that isn’t owned by him to someone else.

Remember what we said about role hierarchy providing “vertical access” to data? A Private sharing setting on an object still assumes that people with a role above yours in the role hierarchy can see and report on those records. Salesforce always, by default, respects the hierarchy structure — sharing settings determine only how peers and those outside your typical chain of command see your data. For more complex sharing scenarios, you can have the option to deselect the ability to grant access to records based on role hierarchy, but, you may want to consult with Salesforce support or a Salesforce Partner before making such a complex change.

4. Click Save.

The Sharing Settings page reappears with your settings listed under the Organization Wide Defaults list.

Creating groups

You can create public and personal groups in Salesforce to extend greater sharing privileges through the use of sharing rules. Groups comprise users, roles, or even other groups. So, if your organization-wide default is geared toward a private sharing model, use groups and sharing rules to create exceptions.

Public groups work in combination with sharing rules to expand sharing access to information beyond the organization-wide defaults. You can access public groups from the Manage Users heading on the sidebar on the Administer page.

To create a public group, click the Setup link in the upper-right corner and follow these steps:

1. Choose Administer⇒Manage Users⇒Public Groups.

The Public Groups page appears.

2. Click the New button.

A Group Membership page appears.

3. Enter a name for the group in the Group Name field, as shown in Figure 19-3.

Figure 19-3: Creating a new public group.

4. Highlight users, roles, roles and their subordinates, or other groups in the Available Members list box and click the right arrow to add them to the Selected Members list box.

5. Click Save.

The Public Groups page reappears with groups that you added.

Granting greater access with sharing rules

By using public groups, roles, or roles and subordinates, you can create sharing rules to extend access above and beyond the organization-wide defaults. For example, if your default sharing model is read-only but you want a group of call center agents to have edit privileges on account records, you could do this with a custom sharing rule.

To add a sharing rule and apply it to your data, click the Setup link and follow these steps:

1. Click the Sharing Settings link under the Administer⇒Security Controls heading on the sidebar.

The Sharing Settings page appears.

2. Scroll down and click the New button next to any of the standard or custom object Sharing Rules lists, as shown in Figure 19-4.

All lists operate much the same but relate to different records. A Sharing Rule page appears for your selected record.

Figure 19-4: Adding a new sharing rule.

3. Use the drop-down lists to define the data you want to share and the related roles or groups that you want to share that data with, as shown in Figure 19-5.

For example, you might create a public group for your call center team and then grant the team read-write privileges to data owned by members of the Entire Organization group.

Figure 19-5: Showing a sharing rule.

4. Click Save.

The Sharing Settings page reappears with your new rule listed under the appropriate related list.

When you add a new sharing rule, Salesforce automatically reevaluates the sharing rules to apply the changes to all your records. If your modifications are substantial, you’ll be warned with a dialog box that the operation could take significant time, and Salesforce will e-mail you when complete. When you click OK, the dialog box closes, and the Sharing Settings page reappears. Use the Recalculate button in the appropriate related list to manually apply the changes when you’ve made modifications to groups, roles, or territories.

Defining the Role Hierarchy

Think of a role hierarchy as the Salesforce system’s data-access trickle-down org chart: If you’re assigned to the role at the top of the chart, you have full access to your own data, and that privilege trickles down to the data of everyone below you in the hierarchy — and life is good.

When you’re constructing your hierarchy, don’t confuse your actual company org chart with the role hierarchy. Role hierarchy is all about access to data to perform your duties in Salesforce and how you want to organize certain sales-related reports. As such, hierarchies often have fewer layers than a typical org chart. For example, if your executive team will be users, you might simply create a role called Executive Team, assuming that many of those users will have similar trickle-down viewing and editing privileges.

You can use the role hierarchy in Salesforce as a primary method to control a user’s visibility and access to other users’ data. After you assign a role to a user, that user has owner-like access to all records owned by or shared with subordinate users in the hierarchy. For example, if you set up a hierarchy with a Sales Rep role subordinate to a Sales Manager role, users assigned to Sales Manager would have read and write access to records owned by or shared with users in the Sales Rep role.

To set up your company’s role hierarchy, click the Setup link in the upper-right corner and follow these steps:

1. Choose Administer⇒Manage Users⇒Roles.

The Understanding Roles page appears, and you see a sample hierarchy, as shown in Figure 19-6.

Figure 19-6: Seeing a sample role hierarchy.

2. (Optional) To select a different sample hierarchy, make a selection from the View Other Sample Role Hierarchies drop-down list.

3. Click the Set Up Roles button.

The Creating the Role Hierarchy page appears.

4. (Optional) To select a different view of the hierarchy, make a selection from the drop-down list on the right side of the page.

Salesforce provides three standard views for displaying the role hierarchy: tree, list, and sorted list. For this example, we’re opting for the default, Tree view.

5. In Tree view, click the Add Role button.

A Role Edit page appears for the new role.

6. Complete the fields.

The fields are pretty obvious, but here are some tips:

· This Role Reports To: Use this lookup field to define the role’s place in the hierarchy. Because the lookup field is based on roles you already created, add roles by starting at the top of your hierarchy and then working your way down, as shown in Figure 19-7.

Figure 19-7: Creating a new role in the hierarchy.

· Contact, Opportunity, and Case Access: Select these options that fit your company’s objectives. (You may not see these fields if you have a very public sharing model — more on that in the following section.) You can provide an account owner with read-write access to related opportunities or cases that she doesn’t own, has view-only access, or has no access to. This flexibility comes in handy in heavily regulated industries, in which you might have to prevent an account executive from knowing about certain deals or issues going on with her account.

7. Click the Save button or the Save & New button.

· Save: The Role: Role Name page appears, displaying the detail information you just entered and listing any users in this role. From the users in the Role Name Role detail list, you may also assign existing users to this role or create new users with this role. (Check out the section “Adding Users to Salesforce,” later in this chapter.)

· Save & New: A New Role page appears, and you can continue building the hierarchy. Repeat Steps 3–6 until your hierarchy is done.

Setting Up Profiles

In Enterprise and Performance Editions of Salesforce, you can use profiles to control a user’s permission to view and perform many functions. Roles and sharing rules determine which objects a person sees, and a profile determines what details a person sees on that object. Depending on which edition you’re using, you can use profiles to

· Define which page layouts a user will see

· Control field-level access

· Determine the apps viewed by a user

· Alter the tabs displayed to users

· Make record types available to certain users

· Secure certain login settings

Reviewing the standard profiles

Most editions of Salesforce come with five or six standard profiles, which can’t be altered except for the tab settings. Many large organizations can stick to these standard profiles and address the majority of their company’s requirements related to user permissions. If you have Group or Professional Edition, you can’t actually view the settings on the standard profiles.

If you have Enterprise or Performance Edition, choose Setup⇒Administer⇒ Manage Users⇒Profiles to see your profiles. Otherwise, here’s a brief explanation of the more common standard profiles for Salesforce license types and how they’re typically applied:

· System Administrators have full permissions and access across all Salesforce functions that don’t require a separate license. You’d typically grant this level of control only to users administering the system or who play a critical part in configuring and customizing Salesforce.

· Standard Users can create and edit most record types, run reports, and view but not modify many areas of the administration setup. If you can’t create custom profiles, you’d probably choose to assign sales reps to the standard user profile.

· Solution Managers have all the rights of standard users and can review and publish solutions.

· Marketing Users have all the rights of standard users and can perform a variety of marketing-related functions, including importing leads and managing public documents and e-mail templates. If your Salesforce edition has campaigns, marketing users can also administer campaigns.

· Contract Managers can add, edit, approve, and activate contracts. They can also delete nonactivated contracts.

· Read Only is just what its name implies. Users assigned to this profile can view data and export reports, but can’t edit anything.

Profiles never conflict with your organization’s sharing model or role hierarchy. For example, a Standard User profile allows a user to create, edit, or delete leads, but if your sharing model is read-only for leads, the Standard User won’t be able to delete leads owned by others.

Over the years, salesforce.com has expanded the types of licenses you can buy, to better accommodate your organization’s users and how often and what they need to access in Salesforce. To get the latest comprehensive list with definitions, click the Help & Training link from within any Salesforce page and type license types into the search bar.

Creating custom profiles

If you have Enterprise or Performance Edition, you can build custom profiles that provide you greater flexibility than the standard permissions granted to users and the layouts that they see. For example, you may want to create a custom profile for your Finance team so that only users with that profile can edit check boxes on the opportunity that track whether certain signed forms have been submitted when you close a deal. See Chapter 20 for details on creating custom layouts, business processes, and record types.

To create a custom profile, you can start from scratch, but we suggest cloning and modifying an existing profile by following these steps:

1. Choose Setup⇒Administer⇒Manage Users⇒Profiles.

The User Profiles page appears. You can see which profiles are standard or custom ones.

2. Click the Standard User link in the Profile Name list.

The Profile: Standard User page appears. In practice, you can clone from any of the profiles, but by starting from the Standard User profile, you can simply add or remove permissions.

3. Click the Clone button.

The Clone Profile page appears.

4. Type a title in the Profile Name field and then click Save.

The Profile page for your new profile appears.

5. Click the Edit button to modify the permissions, as shown in Figure 19-8.

The Profile Edit page appears.

Figure 19-8: Previewing a Profile Edit page.

Salesforce packs a plethora of possible permissions into a profile page. Some of those permissions aren’t obvious; others are dependent on your selecting other permissions. If you have questions as you’re working through the Profile Edit page, click the Help for This Page link in the upper-right corner of the page to go directly to the relevant Help documentation. If you place your cursor over the i icons, located next to certain Administrative Permissions on the Profile Edit page, rollover text appears with tips on other required settings.

6. Under the Custom App Setting section, determine which standard and custom apps are visible for a profile and which one is the default.

This determines the content of the AppExchange app drop-down list.

7. Under the Tab Settings section, use the drop-down lists to determine the tab settings for your new profile.

Choose from the three possible options:

· Default On: You want a tab to be displayed.

· Default Off: You want a tab not to appear while still allowing a user assigned to the profile the choice to turn the tab back on. For example, if you created a profile for sales reps and you want to hide the Contracts tab but give the rep the option to display it, select Default Off on the Contracts field.

· Tab Hidden: You want the tab to be hidden without an option for the user to turn the tab back on. For example, if your company isn’t going to use cases, you might decide to hide the tab.

Making a tab hidden in a user’s profile doesn’t prevent the user from accessing those records (in reports, for example). To prevent a user from accessing a particular type of record altogether, remove the Read permission on that type of data from the Object Permissions sections of the page.

8. (Optional) Select the Overwrite Users’ Personal Tab Customizations check box if you want to overwrite the user’s current personal customization settings with the settings for the new profile that you’re applying.

9. Under the Administrative Permissions header, select or deselect check boxes to modify administrative permissions from the profile.

Most of these settings are designed for administrators, but some of these might be important, depending on your goals for a custom profile. For example, if you want to build a manager’s profile, you might retain permissions such as Manage Public Reports and Manage Public List Views so that managers can create public reports and list views for their teams.

10. Under the General User Permissions header, select or deselect check boxes to modify common user permissions from the profile.

For example, if you don’t want sales reps to be able to export customer data to a file, you could create a custom profile for reps and remove the Export Reports setting.

11. Under the Standard Object and Custom Object Permissions headers, select or deselect check boxes to modify standard or custom object permissions from the profile.

For example, if you don’t want support reps to be able to modify opportunities, you could create a custom profile for support reps and select only the Read check box in the row for opportunities.

12. Click Save.

The Profile page reappears for your new profile. Your new profile will now appear the next time you follow the instructions in Step 1.

13. Click the View Users button if you want to assign users to the profile.

A Custom: Custom Profile Name list page appears in which you can view, add, or reset passwords for users in the profile. See the following section to add users to Salesforce.

Adding Users to Salesforce

When salesforce.com supplies user licenses for your organization, administrators can add users into Salesforce. (See the “Setting Up Profiles” section, earlier in this chapter, for the scoop on viewing and modifying your company profile.) You don’t have to create the roles and profiles before you add users, but we recommend doing so because Role and Profile are required fields when you’re creating a user record.

To add users, click the Setup link and follow these steps:

1. Click the Users link under the Administer⇒Manage Users heading on the sidebar.

A users list page appears.

2. (Optional) Use the View drop-down list if you want to select from standard or custom list views of your users.

Salesforce presets your views with three standard options: All Users, Active Users, and Admin Users.

3. Click the New User button to add users one at a time.

A New User page appears in Edit mode.

To enter a list of users (instead of one at a time) that need to be created, click the Add Multiple Users button instead.

4. Complete the fields, paying close attention to selecting appropriate Role and Profile values.

Select the Generate New Password and Notify User Immediately check box at the bottom of the New User page if you want the user to immediately receive an e-mail with her username and temporary password. If you’re in the midst of an implementation, we recommend deselecting this check box and doling out passwords when you’re good and ready.

5. Click Save.

The User detail page appears.

Using Other Security Controls

Beyond the major configuration settings (such as roles, profiles, and sharing model), as an administrator, you have other settings for managing the use and security of your data in Salesforce. You can find these features by choosing Setup⇒Administer⇒Security Controls.

In the following sections, we discuss how to manage field-level access and delegate a subset of administration to others.

Setting field-level security

If you have Enterprise or Performance Edition, you have three primary ways to control access and editing on specific fields: profiles (which we discuss earlier in this chapter), page layouts (Chapter 20 covers these), and field-level settings (stay right here for the details). With field-level security, you can further restrict users’ access to fields by setting whether those fields are visible, editable, or read-only.

To view and administer field-level security, click the Setup link and follow these steps:

1. Choose Administer⇒Security Controls⇒Field Accessibility.

The Field Accessibility page appears, listing all objects.

2. Click the link for the type of record for which you want to view and manage field-level security.

A Field Accessibility page for the selected record type appears, as shown in Figure 19-9. For example, click the Account link if you want to review the security settings on account fields.

Figure 19-9: Preparing to view field accessibility.

3. Under the Choose Your View header, click the View by Fields link.

The Field Accessibility page for the record type reappears with a Field drop-down list. If you want to see a different view of this information — in which you get to see one profile and the security levels for all the fields for the selected data type — click the View by Profiles link.

4. Select a field from the Field drop-down list.

The page reappears with a table displaying your company’s profiles and the profiles’ accessibility to the selected field.

5. In the Field Accessibility table, click a link in a cell to edit the profile’s field access for a specific record type.

An Access Settings page for the selected profile and selected field appears, as shown in Figure 19-10.

6. Select the check boxes to modify the field-level settings, and then click Save.

The Field Accessibility page for the selected record type reappears.

Figure 19-10: Modifying field-level access on a profile.

If you modify a field-level security setting for a profile by deselecting the Visible check box, this means that the record related to that field is still searchable. The field will never be viewable to a person with that profile, and thus that person won’t be able to create reports or search using it, but he can use reports created by others that leverage that field. So if an account, ABC Corp., had its Employees field filled out with the number 1001, but that field was not visible to Watson who has the Standard User profile, Watson could still run a report created by Holmes, who, with a different profile, was able to customize a report looking for all accounts where the Employees field was greater than 1000. In that report, ABC Corp. would be listed and Watson would see ABC Corp., but he would not see the Employees field in the output. Watson would also not be able to customize a report using the Employees field because he can’t see it to modify a query.

If you need to provide someone with similar access to records as an existing user, with the exception of visibility to a few fields, we (and salesforce.com!) recommend that you do this via field-level security on a new custom profile, versus removing the field from the page layout. It might not be visible on a page, but that field is still visible elsewhere in Salesforce — like when creating and running reports and list views. Even if you’re not strict about a group of people not seeing a field, field-level security can help reduce end users seeing an overwhelming number of fields that they have to wade through when creating reports.

Delegating administration

As an administrator for your growing world of Salesforce users within your company, you hold the key to who accesses your Salesforce instance. You shouldn’t try to cut corners by making everyone system administrators just because you’re annoyed each time they bug you to add a new user, or because they get impatient about your asking “why?” to their requests. Salesforce allows you to delegate some administrative duties to nonadministrators. Delegated administrators can help you create and edit users in roles you specify, reset passwords for those users, assign users to certain profiles, and manage custom objects. For example, if your marketing department is growing quickly, you may want to allow a manager in the Marketing Manager role to create and edit users in the Marketing Manager role and all subordinate roles.

To delegate administration, you must first define the groups of users to whom you want to delegate these new privileges. Then you have to specify what you want those newly delegated administrators to do. To define delegated administrators, follow these steps:

1. Choose Setup⇒Administer⇒Security Controls⇒Delegated Administration.

The Manage Delegated Groups page appears.

2. Click New.

The Edit Delegated Group page for the new delegated group appears.

3. Enter the Delegated Group Name.

In our example, we selected Sales Operations.

4. Click Save.

The Delegated Group page for your new group appears.

5. Click the Add button in the Delegated Administrators related list to specify which users will belong in this group.

The Delegated Administrators page appears.

6. Use the Lookup icons to find and add users to this group.

7. Click Save.

The Delegated Group page for your group reappears.

8. To specify which roles and subordinate roles a delegated administrator can manage, click the Add button in the User Administration related list.

The Roles and Subordinates page appears.

9. Use the Lookup icons to find and add roles that your delegated group may manage.

10. Click Save.

The Delegated Group page for your group reappears.

11. Click Add in the Assignable Profiles related list to specify which profiles these delegated administrators may assign to users.

The Assignable Profiles page appears.

12. Use the Lookup icons to find and add profiles that your delegated group may assign.

13. Click Save.

The Delegated Group page for your group reappears.

14. Click Add in the Custom Object Administration related list to specify which custom objects and related tabs a delegated administrator may manage.

The Custom Object Administration page appears.

15. Use the Lookup icons to find and add custom objects that your delegated group may assign.

16. Click Save.

The Delegated Group page for your group reappears.

Customizing the Look and Feel

If your business wants to take advantage of some optional and advanced customizations that improve your efficiency, keep reading!

Drag and drop, hovers, and other tweaks

To update your organization’s look and feel, the User Interface page allows you to turn on some timesaving functions that will greatly increase your organization’s productivity.

Here’s a quick summary of just some of the features available to you:

· Enable Collapsible Sections lets users minimize or maximize page sections on a record, which is especially helpful if you have many departments all with their specific fields on one record. By collapsing certain sections that aren’t relevant to you, you can scroll to your section that much faster. Look for the little triangle icons to the left of a page section — they look like the ones to the left of the Force.com Home navigation folders.

· Enable Hover Details displays an interactive overlay with details about a record when you leave your mouse hovering over a lookup link to that record.

· Enable Related List Hover Links adds shortcuts to related lists to the top of each record so that you never have to scroll to see your related lists. In Figure 19-11, you see an example of the Contacts related list hover link, above the Business Account Detail information.

Figure 19-11: Adding related list hover links to your records.

· Enable Inline Editing allows you to edit a field on a record just by double-clicking it. You don’t have to click the Edit button and wait for the page to reload anymore.

· Enable Enhanced Lists turns your existing Custom Views into a spreadsheet-like page on which you can mass-edit values across multiple records.

· Enable Home Page Hover Links for Events allows you to see more information about an event on your Salesforce calendar just by hovering your mouse over it.

· Enable Drag-and-Drop Editing on Calendar Views allows you to rearrange events on your Salesforce calendar simply by dragging the event from one time to another.

· Enable Hover Links for My Tasks List allows you to see more information about a task in your Salesforce task list just by hovering your mouse over it.

All these tweaks and more can be made from the User Interface page as follows:

1. Choose Setup⇒Build⇒Customize⇒User Interface.

The User Interface settings page appears, as shown in Figure 19-12.

Figure 19-12: Tweaking user interface settings.

2. Select one or more of the user interface setting check boxes.

3. Click Save.