Control access to the organization in Salesforce refers to a broad set of features and settings that allow administrators to manage user permissions and data access within their Salesforce instance.
Access to an organization (Salesforce User Management) can be restricted by four means:
- Allowing only authorized users to access Salesforce
- Setting Password Policies
- Restricting IP Ranges for Users
- Restricting Login Hours for Users
What is User Management in Salesforce?
Adding users is an anticipated step when you get set up in Salesforce. After all, your users are the ones who will be entering data in Salesforce and using it the most.
A user is anyone who logs in to Salesforce; they are primarily the employees in your organization. Every user in Salesforce has a user account. The user account identifies the user, and the account settings determine what features and records the user can access.
Each user account contains at least the following:
Usernames
Usernames are unique across all Salesforce instances globally, not just within your organization. This ensures consistent identification across different Salesforce environments.
Choose usernames that are memorable for users but also avoid personally identifiable information (PII) to enhance security.
User Licenses
Salesforce offers various licenses with different feature sets and functionalities. Popular ones include:
- Salesforce Lightning User: Standard license for most users with access to core CRM features like contacts, leads, opportunities, and reports.
- Salesforce Platform App Builder: Allows custom applications and extensions to be built within Salesforce.
- Chatter Free: Enables access to the social collaboration platform Chatter without access to other Salesforce data.
It determines which features the user can access in Salesforce. For example, you can allow users access to standard Salesforce features and Chatter with the standard Salesforce license.
But, if you want to grant a user access to only some features in Salesforce, you have a host of licenses. For example, suppose you have to present a user access to Chatter without allowing them to see any data in Salesforce. In that case, you can give them a Chatter Free license.
Profiles
Profiles help determine what users can do in Salesforce. Profiles should be selected based on a user’s job function. Salesforce provides pre-built profiles for typical roles, but you can also create custom profiles with specific field-level access, object permissions, and record types.
Profiles can be organized into hierarchies to inherit permissions from higher-level profiles, simplifying management for large organizations.
Roles
Roles are not required for every user, but they can grant additional access based on their position within your organizational hierarchy. It determines the user’s other access in Salesforce based on their location in the role hierarchy.
Roles are arranged in a hierarchy where higher roles inherit permissions from lower ones. Roles often grant maintenance to manage teams, approve records, or view additional data fields.
Alias
An alias is a short name to identify the user on list pages, reports, or other places where their name doesn’t fit. By default, the alias is the first letter of the user’s first name and the first four letters of their last name.
Example: a user named ‘Rohan Sharma’ will have the alias ‘Rshar’ User records in Salesforce can’t be deleted; they can only be deactivated or frozen.
You can customize user aliases for better recognition and readability. Aliases are also used in search functions within Salesforce to locate users quickly. When customizing aliases, ensure they are still respectful and avoid offensive language.
Difference Between Deactivating And Freezing A User
| Deactivate a User | Freeze a User |
| Users cannot be deleted so to stop the user from logging in to the Salesforce organization administrators need to deactivate them. | A user cannot be deactivated immediately when a user is selected in a custom hierarchy field. So to prevent the user from login into the organization while administrators perform the steps to deactivate them, they can simply freeze that user first. |
| The license assigned to the user is not free by Freezing a user. | The license assigned to the user does not free by Freezing a user. |
