How to Use UX Principles to Shape Your Security Model

How to Use UX Principles to Shape Your Security Model

By

Congratulations! Your organization, Awesome Admin Automotive, made the investment in Salesforce. You’ve absorbed so much great content and can’t wait to dive right in and try out all the new bells and whistles!

While it’s a very exciting journey ahead, as Simon Sinek’s book “Start With Why” suggests, it’s important to first take some time to reflect on why the users will be excited to use Salesforce. What’s in it for them? What’s most important for them to do to fulfill their job duties? How can Salesforce enhance their workflow?

User a persona exercise for brand new orgs

I like to approach this with a user persona exercise as laid out in the steps below.

1. Sketch out or create a document of the users who will be using Salesforce (below is an example of what this could look like).

Example of personas in an org chart visualization; 4 columns reporting into the CEO; the four columns are Sales, Marketing, Service, and Salesforce Admin.

2. Review the Company Information and take note of the features and licenses your org has.

GIF depicting clicking Setup and then Company Information to see license and feature counts

3. Create user stories to see what the ultimate goal of each persona is for using Salesforce. (Here’s a Trailhead module on user stories and here’s an episode of How I Solved It on Salesforce+.)

I like to have fun with the personas and sometimes give them a short name, as you’ll see below, because I’ve found the more complex orgs become, the longer the internal lingo and acronyms are to remember.

As a...

I want to...

so that I can...

Persona Name 

Marketing Supervisor

• create, view, and edit leads

• create, read, edit, and delete campaigns

• view and create reports and dashboards

• manage and nurture incoming prospects.

• manage and track marketing initiatives.

• generate information on campaign performance.

Mark

Marketing Associate

• create and view leads

• create and view campaigns

• view and create reports and dashboards

• nurture incoming prospects.

• track marketing initiatives.

• generate information on campaign performance.

Marsha

Sales Manager

• view accounts, contacts, leads, and opportunities that I own or someone below me in the reporting hierarchy owns

• edit opportunities and leads that I own or someone below me in the reporting hierarchy owns

• view and create reports and dashboards

• keep track of opportunities in our pipeline and collaborate with my colleagues within Salesforce to close deals.

• generate information on pipeline performance.

Sally

Sales Associate

• view accounts, contacts, leads, and opportunities that I own

• edit opportunities and leads that I own • view and create reports and dashboards

• keep track of opportunities in our pipeline and collaborate with my colleagues within Salesforce to close deals.

• generate information on pipeline performance.

Sam

Service Supervisor

• view all cases

• edit and delete cases I own or anyone below me in the role hierarchy owns

• view accounts, contacts, and leads

• view and create reports and dashboards

• keep track of customer inquiries and problems.

• make updates to cases I am actively working.

• generate information on case performance for my team.

Sergio

Service Associate

• view all cases

• edit cases I own

• view accounts, contacts, and leads

• view and create reports and dashboards

• keep track of customer inquiries and problems.

• make updates to cases I am actively working.

• generate information on case performance.

Serena

Salesforce Admin

• have the highest level of access

• maintain the security of our org and provision colleagues appropriately.

Annie

4. After creating the user stories for each persona, we can use that to shape our security model.

I try to pick apart each user story to see which tool in our admin toolkit is the best solution to solve that requirement.

Here’s a mind map that helps me think about it.

Mind map that outlines how each user story may impact data or metadata.

Let’s take Sergio, the Service Supervisor from my table, as an example. One of his requirements is to “edit and delete cases I own or anyone below me in the role hierarchy owns.” Since the Case object is a standard object, Grant Access Using Hierarchies is enabled by default, so as long as users with the job title of Service Associate have a role below Service Supervisor, this feature will fulfill Sergio’s requirement.

If, for example, we needed to do a nonvertical share (for example, if Sally the Sales Manager needed to have Read access to cases), we would then utilize sharing rules, which extend access to users in public groups, roles, or territories. Sharing rules give particular users greater access by making automatic exceptions to the org-wide sharing settings.

Understanding user personas for existing orgs

While the above example is nice in theory, in my experience, typically I was working on an org that was already in progress. What’s the best way to quickly get up to speed if there’s no documentation or the documentation is outdated?

Luckily, Salesforce has some great tools to help with this scenario! I approach these scenarios with a combination of Optimizer and the new User Access and Permissions Assistant.

Salesforce Optimizer

Salesforce Optimizer is included with Professional, Enterprise, Performance, Unlimited, and Developer Editions. After successfully running the Optimizer, I hit Type to sort, and then I focus on the User Management categories and ask myself the following questions.

  • Are there any custom profiles with a low number of users that we can migrate to permission sets/permission set groups?
  • Do we have unassigned custom profiles? Can we remove them?
  • Do we have unassigned permission sets? Can we remove them?

Salesforce Optimizer results; By clicking Type, we're able to sort the feature results.

By reviewing the Optimizer, we can typically identify some tech debt that we may be able to remove and focus on the remaining items for the next step.

User Access and Permissions Assistant

User Access and Permissions Assistant is a new tool that permissions Product Manager Cheryl Feldman announced at Dreamforce! You can download it from the AppExchange here. This tool is very helpful in validating the current permissions versus what was laid out in the user stories. It also provides a visually appealing way of looking at the profiles and permissions holistically for when you’re getting familiar with an org that’s newer to you.

If I want to validate a requirement of “Who is able to delete account records?” I can do it via User and Permission Analyzer.

The User Access and Permission Analyzer app; the tab of Permission Analyzer is selected. We're analyzing by Permission. The Permission Type is Object. The object is Account and the permission is Delete. This shows us that two users have this permission.

If I want to understand the differences between the four CRM Analytics permission sets, for example, I can do so via the Report tab. I can also export the data for more in-depth analysis.

GIF walking through the process of comparing CRM permission sets. The user clicks into the User Access and Permission Analyzer app. Then the user selects the Report tab. The user is reporting by permission set. The user is reporting on all the user permissions available and selected for permission sets that have CRM Analytics in the name.

In conclusion, I hope this helps you use some of my favorite concepts, such as user stories and personas, along with Salesforce tools like Optimizer and the new User Access and Permissions Assistant to set your organization up for success!

Check out the resources below to learn more.

Resources

Core responsibilities of a Salesforce Admin

Core Responsibilities of a Salesforce Admin: Your Blueprint for Success

As admins, you hold the keys to success for your users and companies to get the most out of Salesforce. You have the unique opportunity to build and manage trusted solutions that drive productivity and innovation through five core admin responsibilities: security, user management, data management, analytics, and a new core responsibility: product management.  The […]

READ MORE
User management enhancements Winter '25

User Management Enhancements | Winter ’25 Be Release Ready

Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]

READ MORE
Troubleshoot user access with SOQL

How to Troubleshoot User Access with SOQL (Beginner Friendly)

Awesome Admins, we know that troubleshooting user access is a common task. You’re frequently asked questions like “Why can Jane access this field, but John can’t?” or “Why can John view this record when he shouldn’t be able to?” In Summer ’24, we introduced helpful summary views for users, public groups, permission sets, and permission […]

READ MORE