Overview of Data Security Configuration
Learn some of the ways you can configure and troubleshoot data security for sales and service users by reviewing the information in this chapter.
How sales database resources are secured in your environment depends on when you were provisioned with the sales and service application:
- If you started using the sales application before release 22B, then the database resources of
your enterprise are secured using data security policies, which are assigned to job
roles. Data security policies specify the roles that can perform a specified action
on an object and the conditions under which the action can be carried out.Note: If you've configured one or more access groups or object sharing rules, your users receive data access through a combination of data security policies and access group rules.
- If you're using the sales application for the first time in release 22B or later, your database resources are secured using system access groups and rules. When you assign job roles to users, they're automatically assigned membership of an associated system access group, and receive all the data permissions provided by the access group object sharing rules. These rules specify the access groups that can perform a specified action on an object, and the conditions under which the action can be carried out.
The conditions specified in both data security policies and access group rules control visibility to record-level data associated with a business object, such as an opportunity. Conditions can use a number of components, such as team or territory access, as mechanisms for sharing data. The scope of visibility varies by object, and multiple visibility levels are supported by an object for a role.
Regardless of whether your environment was provisioned with data security policies or system access groups rules, it's recommended that you use custom access groups to supplement the data access your users receive through their job role assignments.
The following table shows your options for reviewing, configuring, and troubleshooting data security.
| Work Area | What You Can Do | When to Use |
|---|---|---|
| Access Groups |
From the Access Groups page you can configure data security by creating custom access groups, adding members to these groups, and defining rules to specify the access that group members should have to object data. |
It's recommended that you use access groups and rules to configure data security. Access groups are easy to create and manage, and are processed more efficiently than data security policies. Note: If you're using the sales application for the first time in
release 22B or later, you have to use access groups to configure
user access to object data.
|
| Sales and Service Access Management | From the Sales and Service Access Management work area you can review and configure the data access provided by data security policies assigned to job roles. You can also review all a user's access to object data, whether from data security policies or access group rules. | Use this work area to get an overview of a user's access to data, to troubleshoot user access issues, and to review the data security policies assigned to job roles. |
| Security Console |
From the Security Console, you can review and configure the access provided by the data security policies assigned to a role. You can also create database resources, and define custom conditions for a resource. |
It's recommended that you use access groups and rules to configure data security when possible. But you can optionally use the Security Console to define database resources and custom conditions. You can also edit data security policies when creating, copying or editing roles on the Roles tab of the Security Console. |
Review this chapter for information about how to use the Sales and Service Access Management work area to configure data security, or for information about managing database resources and editing data security policies on the Security Console. For information about configuring access using access groups, see the Access Groups chapter in this guide.