Developer &

Administrator
Workshop
Day 2
Securing and Sharing Data
Custom Workflow and Approval Processes
Agenda 1
Securing and Sharing Data

• Data Access Concepts

• Controlling Access to Objects
• Profiles
• Permission Sets
• Field-Level Security
• Record Types
• Controlling Access to Records
• Organization-Wide Defaults
• Role Hierarchies
• Manual Sharing
Agenda 2
Custom Workflow and Approval Processes

• Workflow Rules & Workflow Actions

• Visual Workflow
• Approvals
• Validation Rules
• Queues & Public Groups
• Email Templates
 But First…

Review Day 1
What Can You Remember?
Let us see…

• What is a Standard Object?

– Give an example
• What is a Custom Object?
– What are the difference between Standard and Custom objects?
• What are the components of an App?
• What are the differences between Standard and Custom fields?
• What different Field types are there?
– What happens if you delete a field?
– What are the stages in creating a field?
• What does the Page Layout editor allow you to do?
– What properties can you add to fields on a page layout?
What Can You Remember?
And there are more…

• What are the rules for Dependent Picklists?

– Can a checkbox be a dependent field?
• How do you link Objects together?
– What capabilities does a Lookup relationship provide?
– How many Lookup relationships can an object have?
– What capabilities does a Master-Detail relationship provide?
– How many Master-Detail relationships can an object have?
• How do you design a Many-Many relationship?
• How do you add a filter on a relationship?
Securing and Sharing Data
 Video: Managing Your User Experience
• Learn how to set up users with appropriate permissions. See how
licenses and profiles dictate a user's access to an application.
(25 min)
• - Types of Licenses
• - Profiles
• - System Permissions & Permission Sets
• - Field Level Security
• - Customizing User Interface
• - Record Types & Page Layouts

http://bit.ly/1sEcHiw

https://help.salesforce.com/HTTrainingModulesDetail?courseId=a
1S30000000gvGyEAI&Catalog=Premier
What is a User?
What is a Profile?
Permissions – What Users Can Do!
What are the Profile Permissions?
System Permissions – e.g. Customize Application
What are the Profile Permissions?
Object Permissions Create, Read, Update (Edit), Delete
CRUD
What are the Profile Permissions?
Field Level Security by Object - FLS
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 1 “Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/5596bde8-0a05-4a03-9568-3470e908c053/presentation_con
tent/external_files/managingyourusersexperienceexerciseguide.pdf

• Exercise 8-1: Create Custom Profiles

• Exercise 8-2: Create Permission Sets
• Exercise 8-3: Change Access Using Field-Level Security
• Exercise 8-4: Create Record Types
• Exercise 8-5: Create Page Layouts
• Exercise 8-6: Create Page Layouts and Record Types
Exercise 8-1: Create Custom Profiles
Create a new profile for recruiters.

At Universal Containers (UC), recruiters need to be able to create,

view, and modify any position, candidate, job application, or review
that is in the system.
To comply with state and federal public records laws, all recruitment-
related information must be saved for several years. Consequently,
recruiters should NOT have the ability to delete any records in the
Recruiting Application.
Tasks:
1. Enable the Enhanced Profile User Interface.
2. Create a custom recruiter profile.
3. Define the recruiter profile to accomplish the business requirements.
4. Assign users to this new profile.
5. Modify the existing profiles for the new objects.
What are Permission Sets?
Additional Profile Permissions assigned to specific users

• Collection of settings and permissions

• Represent a concept, like a user’s job title
• Handle the system requirements that previously existed on profiles
What are Permission Sets?
Additional Profile Permissions assigned to specific users

• Users have only one profile but can have multiple permission sets
• Use profiles to assign most restrictive permissions and access
settings
• Use Permission Sets to grant additional permissions individually
What are Permission Sets?
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 1 “Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/5596bde8-0a05-4a03-9568-3470e908c053/presentation_con
tent/external_files/managingyourusersexperienceexerciseguide.pdf

• Exercise 8-1: Create Custom Profiles

• Exercise 8-2: Create Permission Sets
• Exercise 8-3: Change Access Using Field-Level Security
• Exercise 8-4: Create Record Types
• Exercise 8-5: Create Page Layouts
• Exercise 8-6: Create Page Layouts and Record Types
Exercise 8-2: Create Permission Sets
Create permission sets for the hiring manager and interviewers

Hiring managers and interviewers have different needs and different

levels of access to the information that will be stored in the Recruiting
Application.
In addition, the access of hiring managers and interviewers to other
portions of the organization needs to be maintained.

Tasks:
1. Create a new permission set for hiring managers.
2. Create a new permission set for interviewers.
3. Assign users to the new permission sets.
What is Field Level Security?
Determines access to edit or read individual fields by profile

• Restricts Access to fields within a profile

• Overrides less-restrictive page layout settings
• Can make a field read-only or totally hidden
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 1 “Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/5596bde8-0a05-4a03-9568-3470e908c053/presentation_con
tent/external_files/managingyourusersexperienceexerciseguide.pdf

• Exercise 8-1: Create Custom Profiles

• Exercise 8-2: Create Permission Sets
• Exercise 8-3: Change Access Using Field-Level Security
• Exercise 8-4: Create Record Types
• Exercise 8-5: Create Page Layouts
• Exercise 8-6: Create Page Layouts and Record Types
Exercise 8-3: Change Access Using
Field-Level Security
Use field-level security to remove access to Social Security Numbers
on candidate records

In an effort to secure personal information on candidates, Universal

Containers wants to ensure that recruiters cannot see or edit the
Social Security Number of a candidate.

Tasks:
Modify the field-level security for candidates to hide the Social
Security Number field for recruiters.
What are Record Types?
Determines the required fields by page layout and the valid pick list
values by business process to ensure users only complete valid
•fields
Defineand values.sets of values for Standard and Custom picklist
different
fields
• Implement custom business process by associating them to specific
page layouts
What are Record Types
Things to Know

• On which objects can I create multiple record types?

– Multiple record types may be created for every tab, with the exception of the
Home, Forecasts, Documents, Reports, Consoles, and Web tabs.
• What happens if I need to add a picklist value?
– You will be prompted to select which record types should include the new value.
• If I’m looking at a detail page, how do I know what record type it is?
– For tabs that have multiple record types defined, you can look at the Record
Type field on the page.
– This field needs to be added to all the page layouts used by all the record types
• Dousers have to display the jump page every time they create a new
record?
– No, users can choose to accept their profile’s default record type.
• A userwho does not have access to create a named record type will see a
record in the defined record type providing they have access rights.
Page Layouts, Record Types, and Business
Processes

Business
Process

Page
Layout

Record
Type
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 1 “Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/5596bde8-0a05-4a03-9568-3470e908c053/presentation_con
tent/external_files/managingyourusersexperienceexerciseguide.pdf

• Exercise 8-1: Create Custom Profiles

• Exercise 8-2: Create Permission Sets
• Exercise 8-3: Change Access Using Field-Level Security
• Exercise 8-4: Create Record Types
• Exercise 8-5: Create Page Layouts
• Exercise 8-6: Create Page Layouts and Record Types
Exercise 8-4: Create Record Types
Create a custom record type that limits the picklist choices
available to hiring managers.

Technical hiring managers can open new positions, but they should
only open positions in the IT and Engineering departments. The
Position object has a department field that contains a picklist of
values. When creating a technical position, hiring managers should
have access only to the IT and Engineering values. When creating a
non-technical position, hiring managers should have access to the
other department values. Recruiters should be able to see and use
all department values.

Tasks:
1. Create a technical position record type.
2. Repeat the process, creating a non-technical position record type.
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 1 “Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/5596bde8-0a05-4a03-9568-3470e908c053/presentation_con
tent/external_files/managingyourusersexperienceexerciseguide.pdf

• Exercise 8-1: Create Custom Profiles

• Exercise 8-2: Create Permission Sets
• Exercise 8-3: Change Access Using Field-Level Security
• Exercise 8-4: Create Record Types
• Exercise 8-5: Create Page Layouts
• Exercise 8-6: Create Page Layouts and Record Types
Exercise 8-5: Create Page Layouts
Create a new page layout to reflect differences between
technical and non-technical positions.

When creating new positions, technical hiring managers need to

specify technical criteria desired for their candidates, such as
programming language or operating system. Recruiters need to be
able to create all kinds of positions.

Tasks:
1. Create fields for Operating System and Programming Language.
2. Create a new page layout for technical positions. On the new page
layout, show the
Operating System and Programming Language fields in a separate
section.
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 1 “Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/5596bde8-0a05-4a03-9568-3470e908c053/presentation_con
tent/external_files/managingyourusersexperienceexerciseguide.pdf

• Exercise 8-1: Create Custom Profiles

• Exercise 8-2: Create Permission Sets
• Exercise 8-3: Change Access Using Field-Level Security
• Exercise 8-4: Create Record Types
• Exercise 8-5: Create Page Layouts
• Exercise 8-6: Create Page Layouts and Record Types
Exercise 8-6: Create Page Layouts
and Record Types
Create page layouts and record types for approved positions.

Universal Containers would like to implement an approval process for

each position. This process will route positions to the approvers
specified on the position. Once the position has been approved, the
approvers no longer need to be listed on the position.

Tasks:
1. Create new page layout for approved positions.
2. Create new record types for approved positions.
 Video: Controlling Access to Records
• Examine different ways in which users receive access to records:
through ownership, organization wide defaults, roles and sharing
rules. (25 min)
• - Record Ownership
• - Record Access
• - Organization wide Defaults
• - Roles & Role Hierarchy
• - Sharing Rules
• - Access Rights

https://help.salesforce.com/HTTrainingModulesDetail?
courseId=a1S30000000gvGyEAI
Record Ownership

• By Default an owner of a record can Read, Edit, Delete or change Ownership of the
record
• Child Records inherit ownership from the parent
• Users or Queues can be the owner of records
• If the read permission for the object is revoked from the users profile, the user will
not be able to see their own record
• Queue ownership allows multiple users to own a record
• The Profile determines the objects level access
• Sharing controls record access
Record Ownership
Individual Record Ownership

• Child Records inherit ownership from the

parent

• Users or Queues can be the owner of records

• If the read permission for the object is

revoked from the users profile, the user will
not be able to see their own record

• Queue ownership allows multiple users to

own a record

• The Profile determines the objects level

access

• Sharing controls record access

What are Queues?

• Queues are virtual storage bins used to group records based on

criteria
• Every queue member has visibility into all leads within that queue.
• Queues can be found in the List Views for the object
• All Custom Objects can have Queues
• Only Leads and Cases (Standard Objects) have queues

37
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
• Exercise 3-8: Create Apex Sharing Reasons
Exercise 3-1: Create Custom Object Queues
Create a custom queue for the Recruiting department to
hold position and candidate records.

Universal Containers wants to use the queue feature to manage the

pool of recruiters working with open positions and candidates.

Tasks:
Create a queue for positions and candidates.
What are the Organizational Wide Defaults?
Determine the base-line visibility of each record in an object
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
• Exercise 3-8: Create Apex Sharing Reasons
Exercise 3-2: Set Organization-Wide Defaults
Use organization-wide defaults (OWD) to restrict edit
permissions for position data.

At Universal Containers, standard users (who are not recruiters),

hiring managers, and interviewers, are only allowed to view position
data. There will never be any position that a standard user is not
permitted to see.

Tasks:
Change the organization-wide default setting for Positions.
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
• Exercise 3-8: Create Apex Sharing Reasons
Exercise 3-3: Set Organization-Wide Defaults
Establish appropriate organization-wide defaults for
Candidates, Job Applications, and Reviews.
The accessibility for Candidate, Job Application, and Review records as follows:
1. Individuals in Human Resources should be able to read, create, and edit any
of Candidate, Job Application, or Review record. This includes the VP and any
subordinates.
2. Interviewers should be permitted to see only those Candidate and Job
Application records to which they’ve been assigned as interviewers. Additionally,
they should only be permitted to view, create, and modify their own Review
records.
3. Hiring managers should only be able to see a Candidate, Job Application, or
Review record if it is related to a Position for which they are responsible.
4. Other users should not have access to Candidate, Job Application, and
Review records.
Tasks:
Update organization-wide defaults for Candidates, Job Applications and Reviews
to limit general viewing of records.
What are the impact of OWDs on relationships?

45
What are Roles and Role Hierarchy?
First step in relaxing the security constraints as defined by the OWD

• What is a role?
– Controls the level of visibility that users have to an organization’s data
– A user may be associated to one role
• What is a role hierarchy?
– Controls data visibility
– Controls record roll up, forecasting and reporting
– Users inherit the record ownership ability of data owned by or shared
with users below them in the hierarchy
– Not necessarily the company’s organization chart
Custom Objects and the Role Hierarchy
Need to check “Grant Access Using Hierarchies” box
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
• Exercise 3-8: Create Apex Sharing Reasons
Exercise 3-4: Implement a Role Hierarchy
Complete the role hierarchy by adding a role for product managers.

Universal Containers has added a new role called Product Manager

and would like their hierarchy to reflect the addition.

Tasks:
1. Add a new Product Manager role.
2. Assign users to the new role.
3. Log in as a Product Manager and as the Director of Product
Management to test the changes to the hierarchy.
What is a Public Group
A way to group users together who may not have any connection

• A combination of any the following groups:

– Users
– Other Public Groups (nesting)
– Roles
– Roles and Subordinates
• Used in Sharing Rules—for simplification (when more than a few
roles need to be shared to)
• Also used when defining access to Folders and List Views
• Public group membership is automatically updated if the
membership of a nested role and/or other public group changes.
– E.g. if a new user is assigned a role that belongs to an existing public
group, that user will be automatically added to the public group
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
• Exercise 3-8: Create Apex Sharing Reasons
Exercise 3-5: Create a Public Group
Create a new public group including all interviewers

Universal Containers would like to create a public group that includes

all interviewers so that they can easily share records and documents
with them.

Tasks:
Create a public group called All Interviewers.
Role Hierarchy still not giving access
Role Hierarchy works fine for downward visibility – what about across
the organization?
What are Sharing Rules
Ability to access records across the hierarchy, the 2 nd method of
relaxing security imposed by the OWD
Sharing Rules
The 4 rules…

1. Which Object to be shared

2. Who Owns the object
OR What Selection Criteria
3. Who Wants to Share the object
4. What Access Mode

• Choose from
– Role,
– Role & Subordinate,
– Group
• Global Public Group – All Internal Users
Criteria Based Sharing Rules
Used when records are not owned by roles, roles and subordinates
or public groups
• Determine which records to share based on field values in records
• Are ideal for companies with complex sharing requirements
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
• Exercise 3-8: Create Apex Sharing Reasons
Exercise 3-6: Implement Sharing Rules
Allow recruiters, recruiting managers, and the VP of Human
Resources to view all elements of the recruiting process.

Recruiters and their management should be able to read and update

every position, candidate, job application, and review record in the
application.

Tasks:
Create sharing rules to give recruiters the access they need to
positions, candidates, job applications, and reviews.
What is Manual Sharing
One-off individual sharing of a record – further relaxation of the OWD

• Click on the Sharing button to share the record in Read/Only or

Read/Write
• Owner, Above Owner in Hierarchy or Administrator can see button
• If owner should not be able to share – remove button from page
layout
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
Hands-on Exercise

View the hands on exercise steps in the Designing Apps for Multiple Users
“Managing Your Users’ Experience” Exercise Guide

https://lms.cfs-api.com/v1/content/74504714-0d8d-456e-bf33-f0132b6a4f67/data/downloads/co
ntrollingaccesstorecordsexercises.pdf

• Exercise 3-1: Create Custom Object Queues

• Exercise 3-2: Set Organization-Wide Defaults
• Exercise 3-3: Set Organization-Wide Defaults
• Exercise 3-4: Implement a Role Hierarchy
• Exercise 3-5: Create a Public Group
• Exercise 3-6: Implement Sharing Rules
• Exercise 3-7: Manual Sharing
Exercise 3-7: Manual Sharing
Add manual sharing for various users to grant access on records
where they are invested in the information.

Establish manual sharing at Universal Containers to accomplish the

remaining access levels:
• Grant hiring managers read and update access on positions and
candidates where they are the hiring manager.
• Grant interviewers read access on job application and candidate
records for people they are interviewing.

Tasks:
Establish manual sharing for an existing position.
Sharing Review
This is the order the system will follow to see if a user can view a
record
The Big Picture
Profiles and Security Model combined
 Video: Who Sees What: Overview
• This quick overview covers the main features in Salesforce that
determine the visibility of, and access to data that every administrator
will need to set up for their Salesforce organization. This is the first in a
series called "Who Sees What".. (5 min)

• bit.ly/devadmwhoseeswhat
 Video: Who Sees What: Organization Access
• This second video in the "Who Sees What" series describes how to
grant users access to your org by specifying both login ranges, as well
as login hours.. (6 min)

• https://www.youtube.com/watch?annotation_id=annotation_38130
10209&feature=iv&src_vid=Hm3bT01Fxpw&v=twOefyyhc5I
 Video: Who Sees What: Object Access Security
• This third video in the "Who Sees What" series describes how to grant
users access to objects by using profiles. Profiles determine which
objects users have access to, and what rights they have on each
object. (6 min)

• https://www.youtube.com/watch?annotation_id=annotation_49650
0545&feature=iv&src_vid=9hxRSxWRmAc&v=VuF31-7Wc6c
 Video: Who Sees What: Organization-Wide
Defaults
• This fourth video in the "Who Sees What" series describes how to set
the default sharing settings. These settings determine the access users
have to records owned by other users. Please view the entire series to
get a complete picture of visibility and access.
(6 min)

• https://www.youtube.com/watch?annotation_id=annotation_26990
26523&feature=iv&src_vid=u9PHTLwtomo&v=8rzn-DtG8nc
 Video: Who Sees What: Record Access via
Sharing Rules
• This video in the "Who Sees What" series describes how to open up
access to records, if you have set the default sharing settings to
anything more restrictive than Public Read/Write. You can use Sharing
Rules to extend access to users in roles, public groups, or territories.. (6
min)

• https://www.youtube.com/watch?annotation_id=annotation_40654
50945&feature=iv&src_vid=OF-ZeS66Qr0&v=JEKZ2OjwzS8
 Video: Who Sees What: Field Level Security
• The sixth video in the "Who Sees What" series describes how to use
field level security to prevent access to specific fields on a profile by
profile basis. (6 min)

• https://www.youtube.com/watch?v=Ikn1LWsz9xY
 Video: Designing Data Access Security
• This module provides a summary of security and access features.
Through a number of business scenarios, students will have the
opportunity to apply the knowledge that they have gained about
determining user access. (13 min)
• - Determine Data Access
• - Apply OWD, Public Groups and Manual Sharing to create conditional
access to data
• - Analyze suitability of FLS, Page Layouts and Record Type to satisfy
business requirements

Link to video tutorial

Employing Data Security Techniques
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 2 “Designing Data Access Security” Exercise Guide

https://lms.cfs-api.com/v1/content/d8713df2-f015-49c2-9d89-6d82a242d493/presentation_cont
ent/external_files/designingdataaccesssecurityexerciseguide.pdf

• Exercise 10-1: Establish Data Access

• Exercise 10-2: Restrict Data Access
Exercise 10-1: Establish Data Access
Create a process by which position access is determined by the
status of a position.

Universal Containers has determined that new and open positions

should be visible to all users,
but a closed position should only be visible to recruiters, and the
related hiring manager. Only
recruiters and their managers should be able to add sharing to a
position.

Tasks:
1. Set the organization-wide default for positions to Private.
2. Create a criteria-based sharing rule that gives the entire
organization access to new and
open positions.
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 2 “Designing Data Access Security” Exercise Guide

https://lms.cfs-api.com/v1/content/d8713df2-f015-49c2-9d89-6d82a242d493/presentation_cont
ent/external_files/designingdataaccesssecurityexerciseguide.pdf

• Exercise 10-1: Establish Data Access

• Exercise 10-2: Restrict Data Access
Exercise 10-2: Restrict Data Access
Ensure that the salary for any position is visible only to the recruiter,
the hiring manager, and the hiring manager’s boss.

Universal Containers has decided that salary information for any

position should be visible only to the recruiter, the hiring manager for
that position, and the hiring manager’s boss. The recruiter should
control the salary data.

Tasks:
1. Create a new Salary object.
2. Add custom fields to the Salary object.
3. Give hiring managers and recruiters access to the new Salary
Object.
4. Set organization-wide defaults for Salaries.
5. Remove the Min Pay and Max Pay fields and the Compensation
section from the Position page layouts.
Custom Workflows
 Video: Automating Business Processes with
Workflow
• Learn how workflow rules can be used to create automated
processes. Take a look at the actions that can be triggered by
workflow rules. Look at how to automate processes using an
immediate action workflow rule and a time-based workflow rule.
Additionally, see how to monitor time-based workflow queues.
(14 min)
• - List the actions that can be triggered by a workflow rule
• - Create a Workflow rule
• - Describe the differences between time-dependent and immediate
workflow actions

https://help.salesforce.com/HTTrainingModulesDetail?courseId=a1S3
0000000gvH3EAI&Catalog=Premier
What is Workflow?
Workflow is a feature that allows the automation of business
processes
A Workflow Rule:
• Triggers and action when a record meets the criteria for a rule.
• Can trigger actions that either occur immediately or can be time-
dependent
• Needs good naming convention
• Is evaluated only for records created or edited after the rule has
been created. It does not retro act on existing records
Process to Create a Workflow Rule
Three Steps…

• Select the object

– E.g. Position
• Select Evaluation Criteria

• Define Rule Criteria

Workflow Actions
Can fire immediately or at some time in the future
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 2 “Automating Business Processes with Workflow” Exercise Guide

https://lms.cfs-api.com/v1/content/0d1e5119-39d5-4980-a706-981313857527/presentation_cont
ent/external_files/automatingbusinessprocesseswithworkflowexerciseguide.pdf

• 13-1: Creating Workflow Rules Exercise

• 13-2: Setting Up Time-Dependent Workflow
• 13-3: Setting Up Time-Dependent Workflow
Exercise 13-1: Creating Workflow Rules
Create custom workflow rules and associated field updates for
routing new Positions and Candidates to the recruiters.

At Universal Containers, recruiters are responsible for approving or

rejecting proposed positions created by hiring managers.
When a new candidate has been created, the candidate should be
assigned to the Recruiter Queue and a New Candidate Notification
should automatically be sent out to all queue members.

Tasks:
1. Create a workflow rule with a field update to route new Positions to
the Recruiting Queue.
2. Create a workflow rule with a field update to assign new candidates
to the Recruiting Queue.
Time Dependent Workflow
Time Dependent Workflow Considerations
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 2 “Automating Business Processes with Workflow” Exercise Guide

https://lms.cfs-api.com/v1/content/0d1e5119-39d5-4980-a706-981313857527/presentation_cont
ent/external_files/automatingbusinessprocesseswithworkflowexerciseguide.pdf

• 13-1: Creating Workflow Rules Exercise

• 13-2: Setting Up Time-Dependent Workflow
• 13-3: Setting Up Time-Dependent Workflow
Exercise 13-2: Setting Up Time-Dependent
Workflow
Create a workflow rule that will escalate offers that have been open
for two days.

When an offer is made to a candidate, it is valid for only two days.

Universal Containers would like to set up a time-dependent workflow
rule that evaluates offers in a sent status, and sends a task to the
offer owner to remind them to follow up with the candidate.

Tasks:
1. Create a workflow rule with time-dependent actions.
2. Create a new offer to test the process and monitor the time-based
workflow queue.
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 2 “Automating Business Processes with Workflow” Exercise Guide

https://lms.cfs-api.com/v1/content/0d1e5119-39d5-4980-a706-981313857527/presentation_cont
ent/external_files/automatingbusinessprocesseswithworkflowexerciseguide.pdf

• 13-1: Creating Workflow Rules Exercise

• 13-2: Setting Up Time-Dependent Workflow
• 13-3: Setting Up Time-Dependent Workflow
Exercise 13-3: Setting Up Time-Dependent
Workflow
Create a workflow rule that will escalate positions if there are no
interviewers after 30 days.

At Universal Containers, positions have interviewers associated with

them. If a position has no interviewers attached to it after 30 days, an
email should be sent to the position owner.

Tasks:
1. Create a new field to count the number of interviewers associated
with a position.
2. Create a workflow rule with time-dependent actions.
3. Create a new position to test the process and monitor the time-
based workflow queue.
 10 Time Triggers per Rule
Trigger
(Criteria) Time Trigger Time Trigger
Eg. 1 Day Eg. 2 Days

Workflow

Task(s) Task(s) Task(s)

Email Alert(s) Email Alert(s) Email Alert(s)

Workflo
w
Field Update(s) Field Update(s) Field Update(s)
Actions
80 per
Outbound Message(s) Outbound Message(s) Outbound Message(s)
Rule

Immediate Time-Dependent

40 Actions per Time Trigger | Maximum 10 of each type

Validation Rules
 Video: Preserving Data Quality with Validation
Rules
Explore a number of different implementations of validation rules to
enforce conditionally required fields, data format and data consistency as
well as validation rules to prevent data loss (13 min)
• - Create a validation rule to enforce conditionally required fields
• - Create a validation rule to enforce proper data format
• - Create a validation rule to enforce data consistency
• - Create a validation rule that prevents the addition or deletion of records

https://lms.cfs-api.com/v1/12/lms.aspx?hash=WUlRa1pjd0RRUDVoU291dk
MveG5idFVYNXNpTVNQaXp3WDVoV0dyWjQ2a1lneE91VG15cUd4eEhJdzZ4
L3dCN0VIbDYya1I5Q0lsbHduSDhjcUlwYTVZSm9Vdm9wMVlBZ1VoVzEyeGp
DZE5uMXNUNGNrY0VSWkJNUW05YU0xWXRnbW1IZVFlK0pEUHRMTmJGa
m9aWkJHL0xHSFJrd3
Hands-on Exercise

View the hands on exercise steps in the Building Applications with Force.com -
Part 2 “Preserving Data Quality” Exercise Guide

https://lms.cfs-api.com/v1/content/7ed29c50-201f-4eb5-ae62-5de8f2312a68/present
ation_content/external_files/preservingdataqualityexerciseguide.pdf

• Exercise 12-1: Create Validation Rules

• Exercise 12-2: Build Validation Rules to Enforce Conditionally Required Fields
• Exercise 12-3: Build Validation Rules to Enforce Data Format
• Exercise 12-4: Build Validation Rules to Enforce Consistency
• Exercise 12-5: Create Validation Rules to Prevent Data Loss
Using Data Validation to Maintain Data Quality
Data validation allows you to ensure the integrity of data before it is
saved, by preventing users from saving invalid field values. There are two
types:
▪ Standard data validation involves setting simple field properties to
ensure valid data entry:
– Field data type
– Required field
– Unique field
▪ Custom validation rules allow you to enforce more complex
conditions, involving one or more fields, specific to your business
processes.

Custom validation rules are only executed if there are no errors from
standard validations.

© Copyright 2011 salesforce.com, inc.

94
Standard Data Validation: Required and Unique
Fields
Certain custom fields can be marked as required and/or unique to force
users to always enter a value, or to prevent records with duplicate values.

Required Unique

Universally required on save Stops duplicate values on save

Auto-added to all page layouts
Existing duplicates cause error
Cannot be hidden
Email, number, text fields only
Editable on all profiles (FLS)
Text fields can be treated as case-
Not for picklists, text area (long) sensitive

Search For: Required fields, unique fields

© Copyright 2011 salesforce.com, inc.

95
Custom Data Validation: Validation Rules
A validation rule allows you to specify your own business-specific criteria
to prevent users saving invalid data in one or more fields.
Example: Opportunity discounts must not exceed 20 percent.

User enters invalid Validation rule uses a If statement is true, save is

value(s) and tries Boolean statement stopped and custom
to save. to evaluate data. message displayed.

Your Name | Setup | Customization | Name of Object | Validation Rules

© Copyright 2011 salesforce.com, inc.

96
Some Common Data Validation Examples
1. As opportunities advance to later stages of the sales process, it is
important to collect additional information. Validation rules could be used to
make fields conditionally required based on the Opportunity stage.
2. When sales reps backdate the Close Date of opportunities before the
current period, it can cause management reporting to be inaccurate.
Validation rules can be used to prevent sales reps from entering close
dates prior to the current period.
3. The VP of Global Sales needs a way to enforce her policy that discounts
cannot exceed 20 percent. Validation rules can be used to enforce this
policy.
4. The VP of Services needs a way to enforce her policy that consultants
cannot charge more than 60 hours per week on timesheets. A validation
rule can be used to ensure that the total number of hours recorded
does not exceed 60.

Useful Validation Rules (in Tip Sheets & User Guides)

© Copyright 2011 97
Validation Rule Design Methodology
Follow a consistent process to ensure you have well-designed rules.

1. State your business ▪ User must enter a Support Plan Expiration

requirements in descriptive
Date when Has Support Plan is selected.
terms.

2. Break down the description
into one or more simple
statements describing error
conditions.
▪ User must not be able to save opportunity if
– Has Support Plan is selected.
– Support Plan Expiration Date is blank.

3. Express the error condition ▪ Has_Support_Plan__c = True &&

as a boolean statement ISBLANK( Support_Plan_Expiration_Date__
using the formula language. c)

4. Compose an error message ▪

The expiration date must be entered when
that corresponds to this
an account has a support plan.
error condition.

© Copyright 2011 salesforce.com, inc.

98
Addendum: Formula Examples

https://help.salesforce.com/HTViewHelpDoc?id=customize_functions_i_z.
htm

99
Queues & Public Groups
Queues
Queues are locations where records await processing by assigned
members. Queues can contain public groups, roles, roles + subordinates,
and users.
▪ When you create a queue, a view is
automatically added to the lead
(or case) home page.
▪ Members of the queue are free to
accept leads (or cases) from the queue.

Your name | Setup | Manage Users | Queues

© Copyright 2011 salesforce.com, inc.

101
Email Templates
Folders
Folders provide organization and security for reports, dashboards, documents, and email
templates.
▪ Folders can be created from:
– The Reports tab.
– The Dashboards tab.
– The Documents tab.
Setup | Communication Templates | Email Templates
▪ You can delegate folder administration by assigning the appropriate “Manage” permissions
to create folders.

© Copyright 2011 salesforce.com, inc.

103
Setting Folder Security
▪ The content within folders
can be made Read Only
or Read/Write.
▪ Folders can be hidden
from users, or shared
using public groups or
your role hierarchy.

© Copyright 2011 salesforce.com, inc.

104
Email Templates
Email templates ensure that company branding is consistent and saves
users time. Several sample email templates are included in the app.
▪ Email templates need to be set up for:
– Web-to-lead
– Web-to-case
– Email-to-case
– Assignment rules
– Escalation rules
– Auto-response rules
– Workflow

Your name | Setup | Communication Templates | Email Templates

© Copyright 2011 salesforce.com, inc.

105
 Video: Mass Email for End Users
• This demo shows you how to leverage the mass email tool in
Salesforce, so you can quickly contact your customers and keep track
of these emails within the Salesforce app. (5 min)

• https://www.youtube.com/watch?v=5i4yuCkyoNY