A lot of businesses start their life on Salesforce in a pretty straightforward way. Not all that many people have access to the CRM, and it’s OK for everyone to see everything.
As time goes on, more people get access to Salesforce. That’s when things get a bit more complicated.
Time to bring in Salesforce User Management. For Endiem, this is a real hot potato. Our clients are usually at the complex stage, with many different departments working from the same instance of Salesforce. While every organization we meet is unique, there are two things that we can say apply to every one of our clients orgs:-
User Management is not just about data security; it’s also about streamlining Salesforce for users and removing unnecessary clutter.
For example, how about an organization that manages professional liability insurance claims for the healthcare sector? Naturally, data security is paramount, but locking too much down would make it impossible for teams to do their jobs. So while the Accounts team needs enough information to send invoices, they don’t need access to every (personal) detail of every claim. It presents issues in terms of data privacy, but also it’s distracting! Of course, the lawyers on the team need access to the information in the claims, but only their own claims.
The challenge is to find a sweet spot where everyone gets what they need and no more.
How do you manage this?
Ok, not really. User Management.
With Salesforce’s configurable and flexible data sharing settings, you can ensure everyone has access to the correct data, no matter the number of users.
Let’s walk through how this works for our Healthcare professional liability insurance client example across four primary levels of security.
First, the Organisation level, e.g., quite simply who gets access to your Org. You’re not on the User list? You are not coming in! You can fine-tune this further, limiting access to specific hours of the day and only from certain locations.
Next up, Objects. You can control which people in your organization get to create, view, edit or delete specific objects. So in the case of our healthcare customer, all the details of legal cases could be held in a custom object, ‘Claims,’ which only lawyers can fully access.
Note the use of the term ‘fully access.’ While the Accounts team will not need to see personal data in a claim, other claim info will be relevant, e.g., whether a lawsuit had been settled and closed and on what date. This is where Field-level security comes in; you can assign the Accounts team access to specific relevant fields on the Claims object, e.g., ‘Status’ and ‘Closed date.’
Finally, you can also manage your team’s access at a record level. So that’s to say, you can set up your org so that lawyers only have access to the claims they are working on, not their colleague's claims. If you want senior lawyers overseeing claims across their team, then configure Role Hierarchies.
There’s a lot more you can do to fine-tune Salesforce User Management, but hopefully, this post will give you an overview of why getting this set up right is so critical to the success of your business. Our advice would be to map out exactly what powers you want your users to have and then enable your plan with precision. If you have any concerns about best practices on this score, it’s worth engaging an expert partner. Getting your data security right is crucially important.
If you’d like to talk to us a little more about your data visibility challenges, then get in touch, and we’d be happy to chat.