Salesforce User Management

Photo of author
Jerome Clatworthy

Certified Salesforce Administrator

If you’re in charge of Salesforce at your workplace, managing users is a key part of maintaining your system.

Salesforce user management involves creating and maintaining user accounts, assigning roles and permissions, and managing access to data.

With proper user management, you can ensure that your team members have access to the data they need to do their jobs, while also keeping sensitive information secure.

To manage your Salesforce users effectively, you’ll need to have a good understanding of the platform’s user management features. This includes creating and managing user accounts, assigning roles and permissions, and setting up security controls.

With the right tools and knowledge, you can ensure that your Salesforce users have the access they need to be productive, while also keeping your data secure and compliant with industry regulations.

In this article, we’ll explore the key features of Salesforce user management, and provide resources on the specifics of setting up and de-activating Salesforce users.

Understanding Salesforce User Management

Vector image of multiple faces connected by lines to represent inerconneced team of Salesforce users.

As a Salesforce admin, you are responsible for managing user access to your Salesforce org. This includes creating and managing usernames, passwords, and profiles. The user management process is critical to maintaining the security and integrity of your org.

When managing users, there are some critical concepts to understand, including:

  • Licenses
  • Profiles
  • Permission Sets
  • Permission Set Licenses
  • Roles

Salesforce License

Screenshot of User License list in Salesforce
Salesforce user Licenses

Salesforce offers various license types that determine the features and functionality available to users. The license type also determines the cost of the user license. Some common license types include:

  • Salesforce Platform: This license provides access to custom apps, objects, and tabs, but does not include access to standard Salesforce objects like Accounts and Contacts.
  • Salesforce: This license provides full access to all Salesforce features and functionality.
  • Chatter Only: This license provides access to Chatter, Salesforce’s social collaboration tool.
  • Customer Community: This license provides access to a Salesforce community for your customers.
  • Partner Community: This license provides access to a Salesforce community for your partners.

The available license types and the quantity of each license will be determined by your contract with Salesforce.

The license types available in your Org (and how many are allocated etc.), can be found by going into Setup, then typing ‘Company Information’ in the quick search box, and scrolling down until you see the ‘User Licenses’ section.

Salesforce Profiles

Screenshot of User Profile list in Salesforce
Salesforce User Profiles

The profile assigned to a Salesforce user dictates what a user is allowed to do within the Salesforce Org.

As an administrator, you can create and edit profiles in whatever way you see fit for your Org.

The key thing that Profiles dictate is what Objects a user is able to access (e.g. Accounts, Contacts, Products) what Apps they see, what tabs are visible, and what they can do with those objects (create, read, edit, and delete records). It also impacts the way page layouts appear and whether certain record types are visible.

A profile is considered a ‘base’ level of access and should be designed to remove access and the ability to do things to things the user does not need to do in their role.

IMPORTANT

Salesforce has announced that Profiles will be changing in 2026. The permissions configured on the profiles at the moment will no longer be available and will be configured using permission sets alone. Roles will have a simplified role in user management.

Understanding Permission Sets

Sreenshot of Permission Set list in Salesforce
List of default permission sets

Permission sets are a way to grant additional permissions to users who already have a profile. They allow users to access objects, fields, and records that are not included in their profile. Permission sets can be assigned to individual users or groups of users.

Given Profiles are a ‘blunt’ instrument designed to be used by a large number of users, there may be times were you want to give a small number of users extra permissions or abilities in the system.

You can do this with a Permission Set. For example, in your Org, the Standard user may be able to read Account information, but not edit information, because you want to maintain data quality.

But there will be times when Account details do change, so you give the ability for one person to update these details on behalf of the team, using a permission set.

Please note: Permission sets are playing a larger role in user access, and in the future are going to replace Roles. So you might want to consider relying more on roles, rather than permission sets moving forward, as they provide the same functionality.

Understanding Permission Set Groups

Screenshot of permission Set Groups page in Salesforce Setup.
Permission Set Groups

In Salesforce, permission set groups are collections of permission sets that can be assigned to users or groups of users. They are useful when you have a large number of permission sets and want to assign them to users all at once.

You can create, modify, or remove permission-set groups using the User Access and Permissions Assistant.

To create a permission set group, you first need to create the individual permission sets that will be included in the group.

Once you have created all the necessary permission sets, you can create a new permission set group and add the permission sets to it. You can then assign the permission set group to users or groups of users.

Customization of Profiles and Permission Sets

Customization of profiles and permission sets is a critical aspect of Salesforce user management. Salesforce admins can customize profiles and permission sets to meet the specific needs of their users.

This customization can include adding or removing object and field permissions, record type access, and more.

When customizing profiles and permission sets, it is essential to understand the implications of each change. Ensure that the changes you make do not compromise the security of your org or violate any compliance regulations.

As a Salesforce admin, it is your responsibility to ensure that profiles and permission sets are set up correctly. Regularly review the profiles and permission sets to ensure that they are still relevant and up-to-date.

Overall, profiles and permission sets are essential components of Salesforce user management. Understanding how they work and how to customize them correctly is critical to ensuring that your users have the access they need while maintaining the security and compliance of your org.

Roles and the Role Hierarchy in Salesforce

While Profiles and Permission Sets determine what abilities a user has in Salesforce (what apps and objects someone can see, and what they can do with those objects) Roles determine what specific records users can access.

A role hierarchy is a way to easily manage and structure your roles.

Org-Wide Defaults

Screenshot of Salesforce Sharing Settings Page in Setup Area.
Salesforce Sharing Settings Page

Salesforce org-wide default record-sharing settings determine the default level of access that users have to records in the organization.

These settings are used to define the default sharing settings for each object in the organization. There are three types of org-wide default sharing settings: Public Read/Write, Public Read Only, and Private.

  • Public Read/Write: When an object is set to Public Read/Write, all users in the organization can view, edit, and delete any record of that object.
  • Public Read Only: When an object is set to Public Read Only, all users in the organization can view any records of that object, but they cannot edit or delete them.
  • Private: When an object is set to Private, only the record owner and users with higher levels of access (in the role hierarchy) can view, edit, or delete the record.

If there is no record ‘privacy’ in your Org, and all users are allowed to see and edit all records of all objects, then you don’t need the Roles and a Role Hierarchy.

I would personally recommend the consideration of some record access limitations unless specifically required though.

If you consider a company that uses Salesforce to manage their Sales Teams, they might have requirements such as:

  • Sales staff can ONLY see Opportunity records that they own/are managing
  • Managers of a sales team can see all records of the Sales staff they manage
  • VP of Sales can see all records of all the Sales teams that their Sales Managers look after

In this case, the Org-Wide level of access should be ‘Private’. This means no one will be able to see Opportunity records they do not own.

With this foundation of privacy in place, you can then use Roles and a Role Hierarchy to give managers and executives access to records of the people they manage. Here is a screenshot of how a potential role hierarchy can look in Salesforce (just an example):

Screenshot of Role hierarhcy in Salesforce Setup
Sample Salesforce Role Hierarchy

Some people make the mistake of thinking that your role hierarchy needs to mirror your organizational hierarchy, but this is not accurate. The sole focus of Roles and the Role Hierarchy is to determine the appropriate record access.

In some cases, this will mirror the corporate structure of your Company or Organization and in some other cases, it will be very different.

How To Memorize The Difference Between Roles and Profiles and Permissions?

When I was first learning about Salesforce User Management and studying for my Salesforce Administrator certification, it took me a long time to memorize the differences between Roles, Profiles, and Permission sets.

However, I developed a little mnemonic (memorization technique) for myself based on the first letter of each word.

The key saying that helped was ‘Roles are about Records‘, so the R was a giveaway. Once I had locked that firmly in my brain I could then build on that with ‘Profiles are about Permissions‘ in terms of the things a user could see and do inside Salesforce.

But even if you can just remember ‘Roles are about Records‘, you can then use deduction to determine the other ones if you ever need to. If you cannot remember what Roles impact in Salesforce, at least remember that the other word starts with R. Then you will be left with Records, and you can then deduce the rest from there.

Strategy for Salesforce User Management

As a Salesforce Admin, developing a user management strategy is crucial to ensure that your organization’s data is secure and accessible only to those who need it.

In this section, we will discuss two key sub-sections of developing a user management strategy: Developing a User Management Strategy and Scenario Planning for User Management.

Developing a User Management Strategy

To develop a user management strategy, you must first understand the different types of users in your organization. This includes identifying the roles and responsibilities of each user and the data they need to access.

Once you have identified the user roles, you can then create profiles and permission sets that grant access to specific objects and fields.

In addition to creating profiles and permission sets, you should also establish processes for adding and removing users from your organization.

This includes creating a standard onboarding process for new users and a protocol for deactivating users who no longer require access to Salesforce.

Scenario Planning for User Management

Scenario planning for user management involves anticipating potential changes to your organization and preparing for them in advance.

This includes scenarios such as adding new users, changing user roles, and implementing new features in Salesforce.

To prepare for these scenarios, you should create a roadmap that outlines the steps required to add or remove users, update profiles and permission sets, and modify security settings.

You should also establish a process for testing these changes before implementing them in your production environment.

By developing a user management strategy and scenario planning for user management, you can ensure that your organization’s data is secure and accessible only to those who need it.

How To Reset A Salesforce User’s Password

Screenshot of 'All Users' list in Salesforce with 'Reset Password' button highlighted.

Resetting a Salesforce user’s password is a straightforward process that can be performed in a few simple steps. Here’s how you can reset a user’s password:

  1. Log in to your Salesforce account and navigate to the Users section by entering Users in the Quick Find box and selecting Users from the dropdown menu.
  2. Select the checkbox next to the name of the user whose password you want to reset. If you want to change the passwords for multiple users, check the box in the column header to select all rows.
  3. Click on “Reset Password” to send an email to the user with instructions on how to reset their password. The email will contain a link that the user can click to reset their password.
  4. If the user is a Single Sign-On (SSO) user, they will not be able to reset their password using this method. Instead, they will need to contact their system administrator to reset their password.

It is important to note that resetting a user’s password will prevent them from accessing Salesforce until they have reset their password. Additionally, if your organization has password policies in place (requirements for password complexity etc.), the user’s new password will need to meet those requirements.

RELATED RESOURCE: How To Reset a Salesforce User’s Password [Screenshots]

Salesforce User Management Frequently Asked Questions

How do I manage user permissions in Salesforce?

To manage user permissions in Salesforce, you need to have administrative privileges. Once you have the necessary permissions, you can use the User Management section to create, edit, and delete user accounts. You can also assign user profiles, roles, and permissions to control access to objects, fields, and data.

Where can I find the user management section in Salesforce?

To access the User Management section in Salesforce, you need to log in to your Salesforce account and navigate to the Setup section. From there, you can click on the Users tab to view and manage all user accounts.

What is the recommended best practice for managing Salesforce users?

The recommended best practice for managing Salesforce users is to follow a strict set of guidelines to ensure that user accounts are created, edited, and deleted in a controlled, consistent, and secure manner.

These guidelines should include procedures for creating and assigning user profiles, roles, and permissions, as well as for managing user access to objects, fields, and data.

How can I view a list of all users in my Salesforce organization?

To view a list of all users in your Salesforce organization, navigate to the Users tab in the User Management section. From there, you can view a list of all user accounts and filter them by various criteria, such as user type, profile, and role.

You can also use Salesforce Reports to create custom reports that display information about your users.

Jerome Clatworthy
Salesforce Administrator
+61483911893
217 Flinders Street, Adelaide, 5000
South Australia, Australia

Home About Contact Blog Sitemap Privacy Policy

Jerome Clatworthy © 2024