Newer Version Available
Delegating Data Administration
- A hiring manager is retiring and has forty open positions that need to be transferred to another manager
- A current Recruiting app user needs immediate access to private data owned by another user who happens to be on vacation
- Duplicate records have piled up in the Recruiting app and need to be removed
- A new employee just got hired and needs access to the Recruiting app
- “View All Data”—View all data owned by other users in your organization
- “Modify All Data”—Modify all data owned by other users in your organization, mass update and mass delete records, and undelete records that other users deleted
- “Customize Application”—Customize just about anything in Salesforce, from page layouts to the data model
- “Manage Users”—Add and remove users, reset passwords, grant permissions, and more
For smaller companies, it makes sense to have a single administrator be the “go-to” person for all Salesforce issues. But for medium to large companies, assigning all Salesforce responsibilities to one person is not practical, especially when you consider that a company can run its entire business in the cloud using a different Force.com app to suit each of its business needs. This could add up to dozens of apps and hundreds or thousands of users! Your primary Salesforce administrator will likely go insane unless other folks can help with the administration. At the same time, every administrative privilege you grant increases the risk of exposing your company's sensitive data, so you need precise control over the amount of access you enable.
To preserve both your administrator's sanity and your company's security, the Force.com platform provides two ways to quickly delegate restricted data administration access: object-level permissions and delegated administration groups.