SlideShare une entreprise Scribd logo
1  sur  35
Télécharger pour lire hors ligne
—
Sr. Onboarding Consultant August 2015
Hugo R. Gracia
Using Remedyforce SaaS Help
Desk / Cloud IT Service
Management
for Record Level Data Segregation
Agenda
• Overview
• Data Segregation
• Remedyforce & Salesforce Concepts
• User Types
• Profiles & Permission Sets
• Role Hierarchy
• Sharing Rules
• Configuration Steps
• Summary
—
What is data segregation?
01
Overview and best practices
Data Segregation Overview
Data segregation is achieved through the corroboration of various
components working together to achieve a tailored solution for each
individual company.
System
Administrator
Human
Resources
Finance
General
Population
IT Staff
Record Level Data Segregation
User Types
Profiles
and
Permission
Sets
Roles and
Role
Hierarchy
Sharing
Rules &
Org Wide
Defaults
Components
Administrators
Staff
Clients
User Types
System Administrator
Service Desk Staff
Service Desk Client
Profiles and Permission Sets
System
Administrator
Human
Resources
Finance
General
Population
IT Staff
Role Hierarchy
Role Hierarchy
Best Practice
• Keep the number of non-portal roles to 25,000.
• Keep the number of portal roles to 100,000.
• Keep the role hierarchy to no more than 10 levels of branches in the hierarchy
There are a few other things to take into consideration when working with
roles:
• When a user's role changes, any relevant sharing rules are evaluated to correct
access as necessary.
• Peers within the same role don't guarantee them access to each other's data.
• Modeling the role hierarchy begins with understanding how the organization is
structured.
Record Ownership and Queues
• Every record must be owned by a single user or a queue.
• The owner has full access to the record.
• Users higher in a hierarchy inherit the same data access as their
subordinates for standard objects.
Record Ownership
If a single user owns more than 10,000 records, as a best
practice:
• The user record of the owner should not hold a role in the role
hierarchy.
• If the owner's user record must hold a role, the role should be at
the top of the hierarchy in its own branch of the role hierarchy.
Sharing Rules and Organization-Wide
Defaults
Organization-wide sharing settings specify the default level of
access users have to each other’s records. You use organization-
wide sharing settings to lock down your data to the most
restrictive level, and then use the other record-level security and
sharing tools to selectively give access to other users.
—
02
Configuration
Configuration of Components
• Roles
• Role Assignment
• Profiles and Permission Sets
• Profile Assignment
• Permission Set Assignment
• Sharing Settings
Role Hierarchy Configuration
Role Hierarchy Creation
Manage Users > Roles
Role Hierarchy
From this screen you can:
• Add Roles
• Modify Roles
• Assign Roles
Add Role
• Under the role that you wish to
add another, click on Add Role.
• Fill in the information
Populating Role
Information
Fill in the information for the Role
according to the design.
Role
The new role has been created and
added to the hierarchy.
Additional configuration steps might
be necessary if this role is to have
other roles reporting to it.
Sharing Settings Configuration
Navigate to Setup > Administer > Security Controls > Sharing
Settings
Incident Object Sharing Settings
Incident Object Settings
Sharing Rule
Used to either over ride the hierarchy
based sharing settings
Sharing can be performed across:
• Roles
• Queues
• Public Groups
Sharing Rule Settings
As part of the design process, it will
have been determined what sharing
rules will be necessary if any.
If sharing rules are needed, the design
will state how the sharing will take
place.
You use sharing rules only to grant
wider access to data, not to restrict
access.
Sharing Rule Configuration
Sharing Calculation
Upon hitting SAVE on a new sharing
rule, a recalculation of access takes
place.
Depending on the number of records
and number of other sharing rules in
place, the duration of the calculation
will vary.
Sharing Rule List
The new rule is now in effect.
—
Troubleshooting
03
Troubleshooting
What do you do when some one says they can’t see a record they
should?
• The security layers you have architected will determine
where you start. If you know the sharing model well,
then you will probably know what component should
have provided the access and should start there
Troubleshooting Steps
1. Verify that the user has permissions to access to the object.
2. Identify the user's role who can't see the record and note it.
3. Identify the owner's role of the record and note it.
4. Review the role hierarchy and verify these two roles are in two different branches (they
should be).
Troubleshooting Steps
5. Review the sharing rules for the object and make sure there is no rule that will grant the user
access.
a) This can also cause you to look in public groups as well. Maybe the user just got left
out of a group where there is a sharing rule, or does it make sense to create a new
sharing rule to grant the user access? This depends on the architecture you are trying to
maintain, and applies to both ownership-based sharing rules and criteria-based sharing
rules.
b) If you are using teams, should this user be on the team for that record? How are teams
maintained and how did the miss occur?
c) If manual sharing is used, the user may have lost access because the record owner
changed. Manual shares are dropped when ownership changes. The manual share could
also have been removed using the Share button.
Troubleshooting Steps
6. If you are using territory management, determine if the user missing from one of the
territories. Where is the membership of territories maintained and how did the miss occur? Or,
maybe the record did not get stamped with the territory where the user is a member.
7/ If you are creating programmatic shares and there are criteria for creating the share in code,
review the code to understand why this user was omitted.
—
Summary
04
Summary
Data segregation can be, and usually is, a complex undertaking. The rule of
thumb that is applied here is that 80% is planning and 20% is configuration.
Although this document focuses on a non-multi-tenancy organization, the
principles apply just the same, with the one exception being that, in a multi-
tenancy organization, you will also be dealing with accounts and account
hierarchy.
Nonetheless, a well-planned out sharing architecture can serve the organization
for a long time to come, providing secure record access.
—
Bring IT to Life.™
Thank You

Contenu connexe

Tendances

Enspirix's NextStep Process Engine
Enspirix's NextStep Process EngineEnspirix's NextStep Process Engine
Enspirix's NextStep Process Enginejleno
 
Agent-Based Workflow
Agent-Based WorkflowAgent-Based Workflow
Agent-Based WorkflowLarry Suarez
 
Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...
Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...
Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...Little Logic
 
WSM - Document Management presentation
WSM - Document Management presentation WSM - Document Management presentation
WSM - Document Management presentation Praxeva
 
Document Management System(DMS)
Document Management System(DMS)Document Management System(DMS)
Document Management System(DMS)Nishant Shah
 
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...Omni - www.omni-ts.com
 
Cloud - NDT - Presentation
Cloud - NDT - PresentationCloud - NDT - Presentation
Cloud - NDT - PresentationÉric Dusablon
 
Hyperion Planning Security
Hyperion Planning SecurityHyperion Planning Security
Hyperion Planning Securityadivasoft
 
Saleswax - -public
Saleswax - -publicSaleswax - -public
Saleswax - -publicSaleswax
 
Matrix42 Service Catalog
Matrix42 Service CatalogMatrix42 Service Catalog
Matrix42 Service CatalogRich Walker
 
Introduction to Customization in dynamics crm 2016
Introduction to Customization in dynamics crm 2016Introduction to Customization in dynamics crm 2016
Introduction to Customization in dynamics crm 2016Firoz Muhammed
 
The golden-record
The golden-recordThe golden-record
The golden-recordOri Levi
 
4 a - SharePoint v3 (24).ppt
4 a - SharePoint v3 (24).ppt4 a - SharePoint v3 (24).ppt
4 a - SharePoint v3 (24).pptwebhostingguy
 
Document Management System
Document Management SystemDocument Management System
Document Management SystemSidhartha Sahoo
 

Tendances (20)

Enspirix's NextStep Process Engine
Enspirix's NextStep Process EngineEnspirix's NextStep Process Engine
Enspirix's NextStep Process Engine
 
Types of rule engine
Types of rule engineTypes of rule engine
Types of rule engine
 
DMS
DMSDMS
DMS
 
Kwantify-Intranet Portal
Kwantify-Intranet PortalKwantify-Intranet Portal
Kwantify-Intranet Portal
 
Agent-Based Workflow
Agent-Based WorkflowAgent-Based Workflow
Agent-Based Workflow
 
DMS SOLUTION - 1
DMS SOLUTION - 1DMS SOLUTION - 1
DMS SOLUTION - 1
 
Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...
Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...
Microsoft Dynamics CRM - Customization and Configuration Training Online Cour...
 
WSM - Document Management presentation
WSM - Document Management presentation WSM - Document Management presentation
WSM - Document Management presentation
 
Document Management System(DMS)
Document Management System(DMS)Document Management System(DMS)
Document Management System(DMS)
 
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
 
eDocumentus for IBM Maximo
eDocumentus for IBM MaximoeDocumentus for IBM Maximo
eDocumentus for IBM Maximo
 
Cloud - NDT - Presentation
Cloud - NDT - PresentationCloud - NDT - Presentation
Cloud - NDT - Presentation
 
Hyperion Planning Security
Hyperion Planning SecurityHyperion Planning Security
Hyperion Planning Security
 
Saleswax - -public
Saleswax - -publicSaleswax - -public
Saleswax - -public
 
Matrix42 Service Catalog
Matrix42 Service CatalogMatrix42 Service Catalog
Matrix42 Service Catalog
 
10 Steps for Customizing a Web App
10 Steps for Customizing a Web App10 Steps for Customizing a Web App
10 Steps for Customizing a Web App
 
Introduction to Customization in dynamics crm 2016
Introduction to Customization in dynamics crm 2016Introduction to Customization in dynamics crm 2016
Introduction to Customization in dynamics crm 2016
 
The golden-record
The golden-recordThe golden-record
The golden-record
 
4 a - SharePoint v3 (24).ppt
4 a - SharePoint v3 (24).ppt4 a - SharePoint v3 (24).ppt
4 a - SharePoint v3 (24).ppt
 
Document Management System
Document Management SystemDocument Management System
Document Management System
 

En vedette

Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your AppSalesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your AppBMC Software
 
The Power of Monitoring Studio in TrueSight
The Power of Monitoring Studio in TrueSightThe Power of Monitoring Studio in TrueSight
The Power of Monitoring Studio in TrueSightBMC Software
 
Salesforce Lightning Process Builder IS the next-generation workflow tool
Salesforce Lightning Process Builder IS the next-generation workflow toolSalesforce Lightning Process Builder IS the next-generation workflow tool
Salesforce Lightning Process Builder IS the next-generation workflow toolBMC Software
 
What Do Executives Need to Do to Go Digital?
What Do Executives Need to Do to Go Digital?What Do Executives Need to Do to Go Digital?
What Do Executives Need to Do to Go Digital?BMC Software
 
How Will Your Cloud Strategy Impact Your Cyber Strategy?
How Will Your Cloud Strategy Impact Your Cyber Strategy?How Will Your Cloud Strategy Impact Your Cyber Strategy?
How Will Your Cloud Strategy Impact Your Cyber Strategy?BMC Software
 
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2® MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2® BMC Software
 
Mission: Launch a Digital Workplace
Mission: Launch a Digital Workplace Mission: Launch a Digital Workplace
Mission: Launch a Digital Workplace BMC Software
 
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...BMC Software
 
Remedyforce Localization and Translation
Remedyforce Localization and TranslationRemedyforce Localization and Translation
Remedyforce Localization and TranslationBMC Software
 
Next Generation Technology Utility Benchmarks
Next Generation Technology Utility BenchmarksNext Generation Technology Utility Benchmarks
Next Generation Technology Utility BenchmarksBMC Software
 
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential GrowthDigital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential GrowthBMC Software
 
BSM for Cloud Computing
BSM for Cloud ComputingBSM for Cloud Computing
BSM for Cloud ComputingBMC Software
 
Netsuite 2014-annual-report-bookmarked
Netsuite 2014-annual-report-bookmarkedNetsuite 2014-annual-report-bookmarked
Netsuite 2014-annual-report-bookmarkedNetsuiteIR
 
Help your Enterprise Implement Big Data with Control-M for Hadoop
 Help your Enterprise Implement Big Data with Control-M for Hadoop Help your Enterprise Implement Big Data with Control-M for Hadoop
Help your Enterprise Implement Big Data with Control-M for HadoopBMC Software
 
Delivering the Digital Workplace Without the Chaos
Delivering the Digital Workplace Without the ChaosDelivering the Digital Workplace Without the Chaos
Delivering the Digital Workplace Without the ChaosBMC Software
 
LOGM - Roadshow Rresentation January 2017
LOGM - Roadshow Rresentation January 2017LOGM - Roadshow Rresentation January 2017
LOGM - Roadshow Rresentation January 2017irlogmein
 
IT Managers Answer Questions about the Future of the Digital Economy
IT Managers Answer Questions about the Future of the Digital EconomyIT Managers Answer Questions about the Future of the Digital Economy
IT Managers Answer Questions about the Future of the Digital EconomyBMC Software
 
Curating Your Digital Workplace: Key Steps for IT
Curating Your Digital Workplace: Key Steps for ITCurating Your Digital Workplace: Key Steps for IT
Curating Your Digital Workplace: Key Steps for ITBMC Software
 
Why NetSuite is Replacing Legacy On-Premise ERP Systems
Why NetSuite is Replacing Legacy On-Premise ERP SystemsWhy NetSuite is Replacing Legacy On-Premise ERP Systems
Why NetSuite is Replacing Legacy On-Premise ERP SystemsNet at Work
 

En vedette (20)

Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your AppSalesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
 
The Power of Monitoring Studio in TrueSight
The Power of Monitoring Studio in TrueSightThe Power of Monitoring Studio in TrueSight
The Power of Monitoring Studio in TrueSight
 
Salesforce Lightning Process Builder IS the next-generation workflow tool
Salesforce Lightning Process Builder IS the next-generation workflow toolSalesforce Lightning Process Builder IS the next-generation workflow tool
Salesforce Lightning Process Builder IS the next-generation workflow tool
 
What Do Executives Need to Do to Go Digital?
What Do Executives Need to Do to Go Digital?What Do Executives Need to Do to Go Digital?
What Do Executives Need to Do to Go Digital?
 
How Will Your Cloud Strategy Impact Your Cyber Strategy?
How Will Your Cloud Strategy Impact Your Cyber Strategy?How Will Your Cloud Strategy Impact Your Cyber Strategy?
How Will Your Cloud Strategy Impact Your Cyber Strategy?
 
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2® MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
 
Mission: Launch a Digital Workplace
Mission: Launch a Digital Workplace Mission: Launch a Digital Workplace
Mission: Launch a Digital Workplace
 
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
 
Remedyforce Localization and Translation
Remedyforce Localization and TranslationRemedyforce Localization and Translation
Remedyforce Localization and Translation
 
Next Generation Technology Utility Benchmarks
Next Generation Technology Utility BenchmarksNext Generation Technology Utility Benchmarks
Next Generation Technology Utility Benchmarks
 
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential GrowthDigital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
 
BSM for Cloud Computing
BSM for Cloud ComputingBSM for Cloud Computing
BSM for Cloud Computing
 
Netsuite 2014-annual-report-bookmarked
Netsuite 2014-annual-report-bookmarkedNetsuite 2014-annual-report-bookmarked
Netsuite 2014-annual-report-bookmarked
 
Help your Enterprise Implement Big Data with Control-M for Hadoop
 Help your Enterprise Implement Big Data with Control-M for Hadoop Help your Enterprise Implement Big Data with Control-M for Hadoop
Help your Enterprise Implement Big Data with Control-M for Hadoop
 
Delivering the Digital Workplace Without the Chaos
Delivering the Digital Workplace Without the ChaosDelivering the Digital Workplace Without the Chaos
Delivering the Digital Workplace Without the Chaos
 
LOGM - Roadshow Rresentation January 2017
LOGM - Roadshow Rresentation January 2017LOGM - Roadshow Rresentation January 2017
LOGM - Roadshow Rresentation January 2017
 
IT Managers Answer Questions about the Future of the Digital Economy
IT Managers Answer Questions about the Future of the Digital EconomyIT Managers Answer Questions about the Future of the Digital Economy
IT Managers Answer Questions about the Future of the Digital Economy
 
Curating Your Digital Workplace: Key Steps for IT
Curating Your Digital Workplace: Key Steps for ITCurating Your Digital Workplace: Key Steps for IT
Curating Your Digital Workplace: Key Steps for IT
 
What is AWS?
What is AWS?What is AWS?
What is AWS?
 
Why NetSuite is Replacing Legacy On-Premise ERP Systems
Why NetSuite is Replacing Legacy On-Premise ERP SystemsWhy NetSuite is Replacing Legacy On-Premise ERP Systems
Why NetSuite is Replacing Legacy On-Premise ERP Systems
 

Similaire à Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service Management

2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architectureJihun Jung
 
Sharing and setting in salesforce
Sharing and setting in salesforceSharing and setting in salesforce
Sharing and setting in salesforceVishesh Singhal
 
2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep DiveJihun Jung
 
Requirements Are Optional, Right?
Requirements Are Optional, Right?Requirements Are Optional, Right?
Requirements Are Optional, Right?thomstrat
 
Non-functional requirements
Non-functional requirements Non-functional requirements
Non-functional requirements Rohela Raouf
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Christian Buckley
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfMahmoudSOLIMAN380726
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security ManagementAhmed Alorage
 
Adm 201 study group session 1 user interface kathy c
Adm 201 study group session 1   user interface kathy cAdm 201 study group session 1   user interface kathy c
Adm 201 study group session 1 user interface kathy covalisgroup
 
Adm 201 study group session 1 user interface kathy c
Adm 201 study group session 1   user interface kathy cAdm 201 study group session 1   user interface kathy c
Adm 201 study group session 1 user interface kathy covalisgroup
 
Lecture 11 managing the network
Lecture 11   managing the networkLecture 11   managing the network
Lecture 11 managing the networkWiliam Ferraciolli
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarRobert Crane
 
SPSTC18 Laying Down the Law - Governing Your Data in O365
SPSTC18  Laying Down the Law - Governing Your Data in O365SPSTC18  Laying Down the Law - Governing Your Data in O365
SPSTC18 Laying Down the Law - Governing Your Data in O365David Broussard
 
SharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUGSharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUGJim Adcock
 
01 database security ent-db
01  database security ent-db01  database security ent-db
01 database security ent-dbuncleRhyme
 
Atlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdfAtlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdfSubrat Kumar Dash
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideCourtney Llamas
 
SharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101  - Austin O365 & SharePoint User GroupSharePoint Governance 101  - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User GroupJim Adcock
 

Similaire à Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service Management (20)

2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture
 
Sharing and setting in salesforce
Sharing and setting in salesforceSharing and setting in salesforce
Sharing and setting in salesforce
 
2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive
 
Requirements Are Optional, Right?
Requirements Are Optional, Right?Requirements Are Optional, Right?
Requirements Are Optional, Right?
 
Non-functional requirements
Non-functional requirements Non-functional requirements
Non-functional requirements
 
LDV.pptx
LDV.pptxLDV.pptx
LDV.pptx
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 
LDV-v2.pptx
LDV-v2.pptxLDV-v2.pptx
LDV-v2.pptx
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdf
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security Management
 
Adm 201 study group session 1 user interface kathy c
Adm 201 study group session 1   user interface kathy cAdm 201 study group session 1   user interface kathy c
Adm 201 study group session 1 user interface kathy c
 
Adm 201 study group session 1 user interface kathy c
Adm 201 study group session 1   user interface kathy cAdm 201 study group session 1   user interface kathy c
Adm 201 study group session 1 user interface kathy c
 
Lecture 11 managing the network
Lecture 11   managing the networkLecture 11   managing the network
Lecture 11 managing the network
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know Webinar
 
SPSTC18 Laying Down the Law - Governing Your Data in O365
SPSTC18  Laying Down the Law - Governing Your Data in O365SPSTC18  Laying Down the Law - Governing Your Data in O365
SPSTC18 Laying Down the Law - Governing Your Data in O365
 
SharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUGSharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUG
 
01 database security ent-db
01  database security ent-db01  database security ent-db
01 database security ent-db
 
Atlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdfAtlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdf
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners Guide
 
SharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101  - Austin O365 & SharePoint User GroupSharePoint Governance 101  - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User Group
 

Plus de BMC Software

The Accelerator's Guide to Digital Transformation
The Accelerator's Guide to Digital TransformationThe Accelerator's Guide to Digital Transformation
The Accelerator's Guide to Digital TransformationBMC Software
 
Flip the Switch On Continuous Delivery
Flip the Switch On Continuous DeliveryFlip the Switch On Continuous Delivery
Flip the Switch On Continuous DeliveryBMC Software
 
Peer Into the Bright Future on the Service Desk Horizon
Peer Into the Bright Future on the Service Desk HorizonPeer Into the Bright Future on the Service Desk Horizon
Peer Into the Bright Future on the Service Desk HorizonBMC Software
 
Remedyforce helps General Dynamics meet ever-changing user needs
Remedyforce helps General Dynamics meet ever-changing user needsRemedyforce helps General Dynamics meet ever-changing user needs
Remedyforce helps General Dynamics meet ever-changing user needsBMC Software
 
BMC Software Remedyforce Case Study
BMC Software Remedyforce Case Study BMC Software Remedyforce Case Study
BMC Software Remedyforce Case Study BMC Software
 
How to Manage MLC Costs to Optimize the Mainframe
How to Manage MLC Costs to Optimize the MainframeHow to Manage MLC Costs to Optimize the Mainframe
How to Manage MLC Costs to Optimize the MainframeBMC Software
 
BMC Remedyforce vs Other IT Service Management
BMC Remedyforce vs Other IT Service ManagementBMC Remedyforce vs Other IT Service Management
BMC Remedyforce vs Other IT Service ManagementBMC Software
 
3. ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...
3.	ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...3.	ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...
3. ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...BMC Software
 
Leverage your Salesforce Force.com Platform with Remedyforce Cloud ITSM
Leverage your Salesforce Force.com Platform with Remedyforce Cloud ITSMLeverage your Salesforce Force.com Platform with Remedyforce Cloud ITSM
Leverage your Salesforce Force.com Platform with Remedyforce Cloud ITSMBMC Software
 
Improving IT Skills the Right Way
Improving IT Skills the Right WayImproving IT Skills the Right Way
Improving IT Skills the Right WayBMC Software
 
How Big Data and Hadoop Integrated into BMC ControlM at CARFAX
How Big Data and Hadoop Integrated into BMC ControlM at CARFAXHow Big Data and Hadoop Integrated into BMC ControlM at CARFAX
How Big Data and Hadoop Integrated into BMC ControlM at CARFAXBMC Software
 
The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...
The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...
The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...BMC Software
 
What's New in the BMC Remedy Suite
What's New in the BMC Remedy SuiteWhat's New in the BMC Remedy Suite
What's New in the BMC Remedy SuiteBMC Software
 
Sanofi’s Journey to Service Resolution
Sanofi’s Journey to Service ResolutionSanofi’s Journey to Service Resolution
Sanofi’s Journey to Service ResolutionBMC Software
 
Growing Your Data Center, Not Your Overhead
Growing Your Data Center, Not Your OverheadGrowing Your Data Center, Not Your Overhead
Growing Your Data Center, Not Your OverheadBMC Software
 

Plus de BMC Software (15)

The Accelerator's Guide to Digital Transformation
The Accelerator's Guide to Digital TransformationThe Accelerator's Guide to Digital Transformation
The Accelerator's Guide to Digital Transformation
 
Flip the Switch On Continuous Delivery
Flip the Switch On Continuous DeliveryFlip the Switch On Continuous Delivery
Flip the Switch On Continuous Delivery
 
Peer Into the Bright Future on the Service Desk Horizon
Peer Into the Bright Future on the Service Desk HorizonPeer Into the Bright Future on the Service Desk Horizon
Peer Into the Bright Future on the Service Desk Horizon
 
Remedyforce helps General Dynamics meet ever-changing user needs
Remedyforce helps General Dynamics meet ever-changing user needsRemedyforce helps General Dynamics meet ever-changing user needs
Remedyforce helps General Dynamics meet ever-changing user needs
 
BMC Software Remedyforce Case Study
BMC Software Remedyforce Case Study BMC Software Remedyforce Case Study
BMC Software Remedyforce Case Study
 
How to Manage MLC Costs to Optimize the Mainframe
How to Manage MLC Costs to Optimize the MainframeHow to Manage MLC Costs to Optimize the Mainframe
How to Manage MLC Costs to Optimize the Mainframe
 
BMC Remedyforce vs Other IT Service Management
BMC Remedyforce vs Other IT Service ManagementBMC Remedyforce vs Other IT Service Management
BMC Remedyforce vs Other IT Service Management
 
3. ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...
3.	ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...3.	ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...
3. ITIL Categorization for Remedyforce- An Evolution into Service Desk Self S...
 
Leverage your Salesforce Force.com Platform with Remedyforce Cloud ITSM
Leverage your Salesforce Force.com Platform with Remedyforce Cloud ITSMLeverage your Salesforce Force.com Platform with Remedyforce Cloud ITSM
Leverage your Salesforce Force.com Platform with Remedyforce Cloud ITSM
 
Improving IT Skills the Right Way
Improving IT Skills the Right WayImproving IT Skills the Right Way
Improving IT Skills the Right Way
 
How Big Data and Hadoop Integrated into BMC ControlM at CARFAX
How Big Data and Hadoop Integrated into BMC ControlM at CARFAXHow Big Data and Hadoop Integrated into BMC ControlM at CARFAX
How Big Data and Hadoop Integrated into BMC ControlM at CARFAX
 
The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...
The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...
The Human Factor: Five Tips for Creating the Quintessential Hybrid IT Profess...
 
What's New in the BMC Remedy Suite
What's New in the BMC Remedy SuiteWhat's New in the BMC Remedy Suite
What's New in the BMC Remedy Suite
 
Sanofi’s Journey to Service Resolution
Sanofi’s Journey to Service ResolutionSanofi’s Journey to Service Resolution
Sanofi’s Journey to Service Resolution
 
Growing Your Data Center, Not Your Overhead
Growing Your Data Center, Not Your OverheadGrowing Your Data Center, Not Your Overhead
Growing Your Data Center, Not Your Overhead
 

Dernier

IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 

Dernier (20)

IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 

Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service Management

  • 1. — Sr. Onboarding Consultant August 2015 Hugo R. Gracia Using Remedyforce SaaS Help Desk / Cloud IT Service Management for Record Level Data Segregation
  • 2. Agenda • Overview • Data Segregation • Remedyforce & Salesforce Concepts • User Types • Profiles & Permission Sets • Role Hierarchy • Sharing Rules • Configuration Steps • Summary
  • 3. — What is data segregation? 01 Overview and best practices
  • 4. Data Segregation Overview Data segregation is achieved through the corroboration of various components working together to achieve a tailored solution for each individual company. System Administrator Human Resources Finance General Population IT Staff
  • 5. Record Level Data Segregation User Types Profiles and Permission Sets Roles and Role Hierarchy Sharing Rules & Org Wide Defaults Components
  • 7. System Administrator Service Desk Staff Service Desk Client Profiles and Permission Sets
  • 9. Role Hierarchy Best Practice • Keep the number of non-portal roles to 25,000. • Keep the number of portal roles to 100,000. • Keep the role hierarchy to no more than 10 levels of branches in the hierarchy There are a few other things to take into consideration when working with roles: • When a user's role changes, any relevant sharing rules are evaluated to correct access as necessary. • Peers within the same role don't guarantee them access to each other's data. • Modeling the role hierarchy begins with understanding how the organization is structured.
  • 10. Record Ownership and Queues • Every record must be owned by a single user or a queue. • The owner has full access to the record. • Users higher in a hierarchy inherit the same data access as their subordinates for standard objects.
  • 11. Record Ownership If a single user owns more than 10,000 records, as a best practice: • The user record of the owner should not hold a role in the role hierarchy. • If the owner's user record must hold a role, the role should be at the top of the hierarchy in its own branch of the role hierarchy.
  • 12. Sharing Rules and Organization-Wide Defaults Organization-wide sharing settings specify the default level of access users have to each other’s records. You use organization- wide sharing settings to lock down your data to the most restrictive level, and then use the other record-level security and sharing tools to selectively give access to other users.
  • 14. Configuration of Components • Roles • Role Assignment • Profiles and Permission Sets • Profile Assignment • Permission Set Assignment • Sharing Settings
  • 17. Role Hierarchy From this screen you can: • Add Roles • Modify Roles • Assign Roles
  • 18. Add Role • Under the role that you wish to add another, click on Add Role. • Fill in the information
  • 19. Populating Role Information Fill in the information for the Role according to the design.
  • 20. Role The new role has been created and added to the hierarchy. Additional configuration steps might be necessary if this role is to have other roles reporting to it.
  • 21. Sharing Settings Configuration Navigate to Setup > Administer > Security Controls > Sharing Settings
  • 22. Incident Object Sharing Settings Incident Object Settings
  • 23. Sharing Rule Used to either over ride the hierarchy based sharing settings Sharing can be performed across: • Roles • Queues • Public Groups
  • 24. Sharing Rule Settings As part of the design process, it will have been determined what sharing rules will be necessary if any. If sharing rules are needed, the design will state how the sharing will take place. You use sharing rules only to grant wider access to data, not to restrict access.
  • 26. Sharing Calculation Upon hitting SAVE on a new sharing rule, a recalculation of access takes place. Depending on the number of records and number of other sharing rules in place, the duration of the calculation will vary.
  • 27. Sharing Rule List The new rule is now in effect.
  • 29. Troubleshooting What do you do when some one says they can’t see a record they should? • The security layers you have architected will determine where you start. If you know the sharing model well, then you will probably know what component should have provided the access and should start there
  • 30. Troubleshooting Steps 1. Verify that the user has permissions to access to the object. 2. Identify the user's role who can't see the record and note it. 3. Identify the owner's role of the record and note it. 4. Review the role hierarchy and verify these two roles are in two different branches (they should be).
  • 31. Troubleshooting Steps 5. Review the sharing rules for the object and make sure there is no rule that will grant the user access. a) This can also cause you to look in public groups as well. Maybe the user just got left out of a group where there is a sharing rule, or does it make sense to create a new sharing rule to grant the user access? This depends on the architecture you are trying to maintain, and applies to both ownership-based sharing rules and criteria-based sharing rules. b) If you are using teams, should this user be on the team for that record? How are teams maintained and how did the miss occur? c) If manual sharing is used, the user may have lost access because the record owner changed. Manual shares are dropped when ownership changes. The manual share could also have been removed using the Share button.
  • 32. Troubleshooting Steps 6. If you are using territory management, determine if the user missing from one of the territories. Where is the membership of territories maintained and how did the miss occur? Or, maybe the record did not get stamped with the territory where the user is a member. 7/ If you are creating programmatic shares and there are criteria for creating the share in code, review the code to understand why this user was omitted.
  • 34. Summary Data segregation can be, and usually is, a complex undertaking. The rule of thumb that is applied here is that 80% is planning and 20% is configuration. Although this document focuses on a non-multi-tenancy organization, the principles apply just the same, with the one exception being that, in a multi- tenancy organization, you will also be dealing with accounts and account hierarchy. Nonetheless, a well-planned out sharing architecture can serve the organization for a long time to come, providing secure record access.
  • 35. — Bring IT to Life.™ Thank You

Notes de l'éditeur

  1. Hello, Today we will be looking at record level data segregation for a SaaS help desk solution in the cloud- Remedyforce. Remedyforce is built on Salesforce App Cloud for IT Service Management. This functionality will allow us to filter access at the record level. As it pertains to Remedyforce, this means who can see which help desk tickets and more importantly: Who can edit said help desk and service management tickets. One of the most important elements when it comes to your IT organization is information visibility and security, and that is data segregation’s primary function. This slide deck will show us how to deploy data segregation from a record ownership perspective along with the components and configuration steps necessary.
  2. Overview of the agenda: What is data segregation Does my company need it Configuration Steps High Level Walk Through Simple to accomplish Sources for assistance Summary Items to consider Summary
  3. Record-level security lets you give users access to some object records, but not others. As with most applications, data access begins with a user. The application needs to know who you are before it provides access. For Remedyforce, there are different types of users and, in some cases, the level of access is different by type. The most common types of users are Clients (End Users), Staff, and Administrators
  4. In order for data segregation to take effect, we need to determine the level of access that will be needed through out the organization for the various users that will be making use of the tool. We start by determining what type of users they will be. Based on the type of user we will know which profile to assign to them and where in the role hierarchy they will be placed. The role hierarchy is very important as it comes with inherited permissions so placement of users is critical.
  5. The three common user types are: Clients – Typical access for clients is their own tickets which they submit via self service, email, phone, or other means. This can change if the end user is a manager and needs visibility to the tickets of their respective areas. Staff – IT Staff users will typically have at minimum read access across all ticket types. This is on a per company basis. Many companies allow for read/write permissions across all tickets for IT staff. This usually allows for adding update notes, re-assigning tickets to other staff or queues, and sometimes resolving tickets themselves. Administrators – Admins have full access to all tickets across the board.
  6. Profiles and permission sets provide object-level security by determining what types of data users see, and whether they can edit, create, or delete records. For each object, the “View All” and “Modify All” permissions ignore sharing rules and settings, allowing administrators to quickly grant access to records associated with a given object across the organization. These permissions are often preferable alternatives to the “View All Data” and “Modify All Data” administrative permissions. Determining the level of access across your end users and staff is a critical step to properly design the security architecture of your Remedyforce instance. Profiles and permission sets also control field-level security, which determines the fields within every object that users can access. For example, an object may have 20 fields, but field-level security can be set up to prevent the users from seeing five of the 20 fields. A practical example usually comes up when Human Resource sensitive information may appear in the tickets; these fields can be set so that only personnel with the corresponding profile can see this information whereas everyone else will not know the field is present. System Administrator profiles are reserved for the admins of Salesforce / Remedyforce. These individuals will have full access to all objects and records within the tool. Service Desk Staff – This profile is typically assigned to anyone that will have console access and have the day to day requirement to work on tickets assigned to themselves or to their team. They will have full read/write access to any record they own and through data segregation configuration will determine what level of access they have to other records. Service Desk Clients – End users will be the recipients of this profile. It has limited access to the tool. The end user will typically access the tool via the self service portal to submit service requests or low priority incidents. They will also be able to view any notes or updates to the tickets.
  7. A role hierarchy represents a level of data access that a user or group of users needs. The role hierarchy ensures that managers always have access to the same data as their employees, regardless of the organization-wide default settings. Role hierarchies don't have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs. An organization is allowed 500 roles; however, this number can be increased by Salesforce.
  8. Modeling the role hierarchy usually starts from understanding a manager’s scope, starting from the top. The CEO oversees the entire company. The CEO usually has direct reports that can then be segmented by Business Unit (Sales or Support) or geographical region (EMEA, APAC). That person then has direct reports that could be further segmented, and so on. Although this sounds very much like an HR organizational chart, and we have said they might be very much alike, keep in mind, when modeling data access, you need to focus on data accessibility with a consideration to HR reporting. Overlays are always the tricky part of the hierarchy. If they're in their own branch, they'll require either sharing rules, teams, or territory management to gain needed access. If they are folded into the hierarchy, there might be reporting implications. It's important to spend the time setting up the role hierarchy because it's the foundation for the entire sharing.
  9. Every record must be owned by a single user or a queue. The owner has full access to the record. Users higher in a hierarchy inherit the same data access as their subordinates for standard objects. Managers gain the same level of access as their subordinates. If the subordinate has read-only access, so will the manager. This access applies to records owned by users, as well as records shared with them. Queues help your teams manage tickets such as incidents, tasks, change requests, problems, etc. Once records are placed in a queue manually or through a workflow rule, records remain there until they're assigned to a user or taken by one of the queue members. Any queue member (or users above them in the role hierarchy) can take ownership of records in a queue.
  10. For example, let’s say users have object-level permissions to read and edit opportunities, and the organization-wide sharing setting is Read-Only. By default, those users can read all opportunity records, but can’t edit any unless they own the record or are granted additional permissions. Organization-wide defaults are the only way to restrict user access to a record. Organization-wide default settings can be changed from one setting to another (private, to controlled by parent, then back to private); however, these changes require sharing recalculation and depending on volume could result in very long processing times. For custom objects only, use the Grant Access Using Hierarchies setting, which if unchecked (default is checked), prevents managers from inheriting access. This setting is found in the organization-wide default settings.
  11. Within the salesforce platform, we can configure the appropriate settings based on the company’s business requirements. When it comes to profiles and permission sets, they can be used as is or with some modifications to certain permissions. However, all profiles and permission sets need to be assigned to a user. These are not inherited. As far as sharing settings and role hierarchy, those components are configured once and the platform will then calculate level of access which in turn is inherited by anyone in that role or is part of the sharing settings.
  12. Speak on how to navigate to the Remedyforce Administration Tab
  13. Speak on getting to the Manage users tile and how this will take you to the Roles set up page. Discuss the difference between items with and without the ‘ + ‘ sign.
  14. Creating a role hierarchy is the easy part, designing it is what takes careful planning.
  15. Speak to the potential need for creating additional roles that report into the newly created role, or for the potential need to modify existing roles so they report into the new role.
  16. From this page, you can access each individual object to set the sharing settings. In our example we will be working with the incident object. From the picklist field labeled Manage sharing settings for: Select Incident
  17. From this screen you will see the overall settings currently in place for the organization. We will be working to configure an ownership-based sharing rule. Ownership-based sharing rules allow for exceptions to organization-wide default settings and the role hierarchy that give additional users access to records they don’t own. Ownership-based sharing rules are based on the record owner only. As you can see the setting for “Grant access using hierarchies” has been checked. This means that currently the only record visibility is being directed by the role hierarchy.
  18. One item in particular that stands out for this section is the introduction of public groups. A public group (not Chatter group) is a collection of individual users, roles, territories, and so on, that all have a function in common. Public groups can consist of:  Users  Roles  Roles and Subordinates  Other public groups (nesting) Groups can be nested (Group A nested into Group B), however don't nest more than five levels. Nesting has an impact on group maintenance and performance due to group membership calculation. As a best practice, keep the total number of public groups for an organization to 100,000
  19. The sharing can occur in any number of combination: Queue to Public Groups Queue to Role Queue to Roles and subordinates Public Group to Public Group Public Group to Role Public Group to Roles and subordinates Etc.
  20. In this example, we are going to share any record owned by any one assigned to the CEO role to anyone assigned to the North America IT Services role. Essentially, this will give the NA IT SVCS Role the visibility and access that the CEO role has. Step 1 – The information provided here is a name as well as an API name along with a description of what this sharing rule is intended to do. Step 2 – In this step we are selecting the sharing rule to be based on who owns the record. You have the option to also do it based on criteria as opposed to ownership. But for our example we are doing it on owner. Step 3 – this is where we select which owners are going to be sharing their records. We can select Roles, Roles and subordinates, Queues, and Public groups. In essence, this is our “source”. Step 4 – This is where we select the recipients of our sharing. We can select Roles, Roles and subordinates, and Public Groups. We cannot however, elect Queues as that functionality currently does not exist. Step 5 – In this step we state the level of access. We can selected between Read Only and Read/Write.
  21. Once you acknowledge the notification the recalculation will commence. Upon completion an email will be sent from the system to the person that initiated the recalculation.
  22. Once the recalculation has been completed, the rule will be in the list. The new level of access is now in place.
  23. Once you have completed your sharing model architecture, you will likely be challenged with why a user can or can't see a record. Typically, you won’t hear when someone can see something they shouldn’t, but should that arise, there is a way to see every user who has access to a record and why. You can access these settings by navigating to Setup > Administer > Security Controls > Sharing Settings. Once in there, select the object from the drop down list.
  24. Go through these steps and explain.
  25. Go through these steps and explain.
  26. Go through these steps and explain.