Happy Business Starts Here

Re: Improve Salesforce Profile Permissions and Permission Sets - Status changed to: Under Consideration

Improve Salesforce Profile Permissions and Permission Sets

The Salesforce packages only have two Profile Templates when you install them: No Access, and Full Access. Full Access gives full Read/Create/Edit/Delete to every object in the packages, including those that should not be modified in Salesforce that are synced from Zuora, like Billing Account, Subscription, etc as well as the "back-end" objects that a rep should never need to see or interact with. The data integrity issues are mitigated by the next sync overwriting any changes the users may have tried to make in SFDC; but the user experience suffers that they think they can update Zuora from within Salesforce but they really can't, their changes don't stick, if they don't know the changes don't stick then they don't know they have to notify Accounting, etc. It would be better if they just couldn't edit at all.

This idea should provide better out-of-the-box permissions, including:

  • At least one additional Profile Template in the Salesforce Package Installation which provides only the minimum required permissions to interact with Zuora (in between "No Access" and "Full Access"), e.g. read-only on Billing Accounts, Subscriptions, Invoices, etc; Read/Create/Edit on the Quote related objects, etc.
  • Include pre-defined Permission Sets out of the box.  As packages are updated, new fields are added, etc, it is easier to update one Permission Set than many Profiles.  If the package was installed with "Full Access" because that was the only option, then all the Profiles were manually modified to pull those permissions back to Read-only, then a subsequent package install/update will again only allow "Full Access" or "No Access" so you either have to grant Full Access and then go back and undo all the Create/Edit/Delete permissions all over again to get it back to read-only, or install with "No Access" and then you need to know which components need to be manually added to a Profile or Permission Set.  If the package included the Permission Sets, we would have the option to use "No Access" then apply the update to one Permission Set instead of many (sometimes dozens) of Profiles.
Community Manager
Status changed to: More Feedback Needed
Community Manager
Status changed to: Under Consideration