203 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Excel in Continuous Integration
Mon, Oct 2nd 2017 3
Static APEX code analysis with PMD
Wed, Jul 26th 2017 0
From Blogsphere to a Static Site (Part 5) - Comment front-end
Thu, Jul 20th 2017 5
Ownership flow of customer community created cases
Sun, Jul 16th 2017 5
Using FontAwesome in your VisualForce pages
Fri, Jul 14th 2017 6
Salesforce Community License Overview
Mon, Jul 10th 2017 7
Sharing is caring - Salesforce edition
Fri, Jul 7th 2017 1
Top 10
Meeting a CxO
Thu, Jun 8th 2017 7
The Decline and Fall of IBM
Mon, May 1st 2017 7
Salesforce Community License Overview
Mon, Jul 10th 2017 7
Using FontAwesome in your VisualForce pages
Fri, Jul 14th 2017 6
From Blogsphere to a Static Site (Part 4) - Comment backend
Thu, May 4th 2017 5
Goodbye IBM, hello Salesforce!
Sat, Apr 1st 2017 5
@Formula on JSON
Sat, Apr 1st 2017 5
Ownership flow of customer community created cases
Sun, Jul 16th 2017 5
From Blogsphere to a Static Site (Part 5) - Comment front-end
Thu, Jul 20th 2017 5
Excel in Continuous Integration
Mon, Oct 2nd 2017 3


Sharing is caring - Salesforce edition
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

I like declarative security to give access exactly to the extend a user requires. When learning Salesforce, I discovered to my delight the portfolio of possibilities to tailor access. With great powers, as we know, come great responsibilities. Learning the Salesforce lingo can be quite daunting. So here is my little overview:

Salesforce Sharing Terminology, click for full size
  • Access to data in Salesforce is based on two principles: everything is owner based and a generally restricted access can be extended for given conditions, but not limited. This single vector of access makes systems cleaner that the ability to add and remove privileges based on conditions. It avoids the need to resolve conflicts where condition 1 gives access, while condition 2 would remove it. These conflict solution rules are a security flaw in waiting (prime vector for human error). Nevertheless access in Salesforce need to be well planned (How much does any role need to see: give to little and you invite data duplicates, give too much and you increase leakage risks) - How to plan is another story for another time
  • Access has 3 element: access to objects (that would be access to classes in OO), access to records (instances of a class) and fields (properties of a class instance)
  • Computation starts from the organization wide settings, which are the most restrictive settings for a given organisation and then gets extended with various means (see image above)
  • There's a general distinction between internal access and access via a community. This reflects the need to be able to interact with customers, suppliers and partners in a controlled fashion
  • Owner based: I've seen this quite often: data exists, gets used, but nobody wants to own it, the owner has left or data gets inaccessible when the owner gets deleted. All this issues don't happen in Salesforce since no object data can exist that doesn't have an owner and owner transfer capability is baked into the platform (even rule based, but that's another story for another time)
  • Hierarchical: access rules know the role and reporting hierarchy. So access can be granted to a user and her entire reporting hierarchy including subordinates etc. Quite extensive possibilities worth exploring

As usual YMMV



---------------------
2017/07/sharing-is-caring-salesforce-edition.html
Jul 07, 2017
2 hits



Recent Blog Posts
3
Excel in Continuous Integration
Mon, Oct 2nd 2017 3:28p   Stephan H. Wissel
Business Users like Excel. Besides its original use case of calculating, lists are a favourite use case. They also serve as poor man's requirement and bug tracker, so they siep into software development too. While Excel sheets are great for interaction, they are a beast for anything automation. The irony of it: Modern Excel files (the xslx flavour) are nothing less than zip files with XML content. However that format is, let's say, [insert expletives here]. From an XML representation I would e
0
Static APEX code analysis with PMD
Wed, Jul 26th 2017 12:55p   Stephan H. Wissel
Coding standard are only as good as they are followed. One venerable tool to check source code is PMD. When you, like I did, wonder what acronym PMD represents, you will be disappointed. PMD supports the usual suspects like C, C++, C#, Fortran, Java, JavaScript, Go, Groovy, XML... as well as Apex and Visualforce. The default ruleset for Apex contains 34 rules and are the ones also used by CodeClimate PMD is a Java application and you have a number options to run it: As a command line applicati
5
From Blogsphere to a Static Site (Part 5) - Comment front-end
Thu, Jul 20th 2017 3:58p   Stephan H. Wissel
In Part 4 I described the comment backend. This installment sheds a light on the comment front-end. Comments can be tricky. One lesson I learned early: When your comment form is standard HTML form, it attracts spam like a light bulb attracts moths. So the requirement were: The original blog entry should not contain any HTML form. It should be loaded on a button click using JavaScript. Nota bene: this isn't hide/show, but actual manipulation of the DOM The dynamic form shall not contain a POS
5
Ownership flow of customer community created cases
Sun, Jul 16th 2017 2:53p   Stephan H. Wissel
In a previous entry I mapped out sharing abilities the Salesforce platform is capable of. In this entry I will put these capabilities to practial use. The scenario starts with a customer logging into the customer community and raising a ticket. Client representative, the partner and support staff need/want access to the case. The case needs to flow along the same processing as cases created by other means (call, email, IoT). The following diagram explains the flow (click for a larger version):
6
Using FontAwesome in your VisualForce pages
Fri, Jul 14th 2017 8:43a   Stephan H. Wissel
I'm a big fan of Font Awesome (including backing Version 5). It allows to add icons without the overhead of loading tons of small graphic files. In a recent internal project I had to integrate FontAwesome into a Salesforce VisualForce page Installing FontAwesome In theory you could load the font from a CDN. However based on security settings this might or might not work. So I decided to add FontAwesome as resource to my project: Download FontAwesome 4. Or support the team and use Version 5 A
7
Salesforce Community License Overview
Mon, Jul 10th 2017 9:40a   Stephan H. Wissel
To facilitate collaboration across corporate boundaries, Salesforce offers Salesforce Communities. The licence for communities come in three flavours: customer community, customer community plus and partner community. There are similarities and differences between the entitlements. The biggest difference can be seen between customer community and customer community plus. There's a simple rationale behind it: a customer community account uses simplified sharing access, so the computational load
2
Sharing is caring - Salesforce edition
Fri, Jul 7th 2017 8:52a   Stephan H. Wissel
I like declarative security to give access exactly to the extend a user requires. When learning Salesforce, I discovered to my delight the portfolio of possibilities to tailor access. With great powers, as we know, come great responsibilities. Learning the Salesforce lingo can be quite daunting. So here is my little overview: Access to data in Salesforce is based on two principles: everything is owner based and a generally restricted access can be extended for given conditions, but not limite
7
Meeting a CxO
Thu, Jun 8th 2017 9:28a   Stephan H. Wissel
These are my notes on a role play we did in Salesforce to better cater to successful CxO meetings. Most of the topics do apply to any meeting, so no surprises here. We had actual CxO as participants. They shared that the most common item wanting is clear meeting agendas with outcomes, including them being time managed during the meeting. Second in line were unclear outcomes and not asking for a follow-up meeting.
5
From Blogsphere to a Static Site (Part 4) - Comment backend
Thu, May 4th 2017 7:32a   Stephan H. Wissel
The blog needed a comment function. While there are social options around (Facebook, Disqus etc), I decided I want to roll my own. Partly because I want tighter control and partly, well, because I could. My comment backend would: Provide a REST API to create comments in a JSON structure. The comment body will be Markdown. Reading would provide comments in ready to use HTML (I hear howling from the API crowd). No delete or update functionality Cleanup content considered harmful (code injection
7
The Decline and Fall of IBM
Mon, May 1st 2017 12:35p   Stephan H. Wissel
I wrote this quite a while ago, never finished the article until now. Enjoy. Yeah right! With this words Robert X Cringley a.k.a Mark Stephens celebrates himself when he asserts something clever. His book The Decline and Fall of IBM created quite some stir and was a hot topic of discussion especially among IBMers and alumni. So I got myself a copy and had a look. Clearly he has an axe to grind with IBM and everybody is invited. Many came. Half of the book consists of mostly grieving comments




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition