Newer Version Available

This content describes an older version of this product. View Latest

Delegated Administration Groups

We just saw how the “View All” and “Modify All” object permissions can be used to take a considerable load off of the primary administrator's shoulders; however, there are still a few other administrative responsibilities that you might want to delegate but can't with object permissions. For example, you might not want to burden the primary administrator with the tasks of manually adding every new employee to Salesforce or resetting a user's password every time it's forgotten. Also, as time passes, your company may need a new field or two added to review records, or a new record type for positions. Sometimes, it's more efficient to delegate basic administrative tasks like these to members of a group so the primary administrator can focus on other things.

A delegated administration group is a group of non-administrator users with limited administrative privileges. These privileges can include:
  • Creating and editing users and resetting passwords for users in specified roles and all subordinate roles
  • Assigning users to specified profiles
  • Logging in as a user who has granted login access to an administrator
  • Managing custom objects created by the primary administrator
Let's define a delegated administration group in our Recruiting app that enables its members to manage our Recruiting app's users and make adjustments to the app's custom objects without having access to all of the other data in Salesforce.