Profiles

What is a profile?

A profile is a collection of permissions and settings that is instrumental in determining a user’s functional access (apps, tabs, object-level permissions), how information is displayed to the user (page layouts, record types, field-level security), and a wide range of other permissions.  Each user must be assigned one profile.

Security
Org-Level Permissions
Object-Level Permissions
Field-Level Permissions
User Permissions
User Interface
Applications
Tabs
Page Layouts
Record Types

User Interface settings will be expanded upon in detail later in this guide.

What’s the difference between standard and custom profiles?

Standard profiles are included with Salesforce.  Object-level and user permissions cannot be changed on these profiles.  Standard profiles cannot be deleted.

Custom profiles are created by an administrator and can be fully customized.  Custom profiles can be deleted.

When should I create custom profiles?

Generally speaking you’ll want to create custom profiles prior to assigning users to profiles.  As you have limited ability to change standard profiles, it is generally a best practice to assign all users (with the exception of the system administrator) to custom profiles.

If users are assigned a standard profile and you later need to change their permissions (e.g. add read access to a custom object), you’d have to create a custom profile and then migrate all of those users to the custom profile.

42 Responses to “Profiles”

  1. martinh909 September 22, 2017 at 4:01 pm #

    Hi John can you clarify this for me please – the difference/similarities between Public Groups and Teams.

    Can the use of Public Groups give the same access as Opportunity Teams do?
    Could you solely use Public Groups to give user John Doe access to opportunities that he would normally not have access to?

    So by adding user John Doe to an Opportunity Team isn’t that giving John Doe redundant access?

    • JohnCoppedge September 25, 2017 at 1:51 pm #

      Public groups are used to put grant access to records and folders, while permission sets are used to grant permissions (object, field, etc.)

      Teams are used to designate who is working on a record (e.g. who is the account manager) as well as who grant access to the record.

  2. martinh909 September 22, 2017 at 3:54 pm #

    Hi John,
    I submitted this similar question yesterday under another topic but I can seem to find it now.
    So here is my question again.

    What are the functional uses differences between Public Groups and Permission Sets?
    How should each of these functional components be used?
    If I put user Joe Doe in a public group to be able to access certain Accounts that he would normally not have access to, does including user John Doe in a Permission Set make this redundant?

    In other words, can Public Groups or Permission Sets be used interchangeably to give more access for the user?

  3. lynnkrause799 September 5, 2017 at 12:48 pm #

    John,
    What is the capability of the salesforce platform user license? I thought that users assigned this profile could have access to custom apps. However, I can’t seem to understand why my profile doesn’t have access to a custom app I have in my instance. Thank you,

    • JohnCoppedge September 5, 2017 at 1:03 pm #

      The license can access custom apps yes- but you also need to configure your profile to ensure that they have access. If you are using the standard profile included for that license they probably do not…

  4. Whit1220 March 5, 2017 at 8:08 pm #

    Hi John, can the tabs settings be changed on a standard profile? For example, if I wanted to make the tab for the case object default off or hidden, can that be done on a standard profile? Thanks

  5. Chillikaps September 21, 2016 at 5:25 am #

    Hey John,

    I don’t get what the grid at the top of this page is trying to show… “Security” “User Interface”, is it just showing what Profiles include? Do profiles include Page Layouts?

    • JohnCoppedge September 27, 2016 at 1:18 am #

      Profiles set security which includes org-level permission, etc. and profiles influence the user interface which includes page layouts, apps, etc.

  6. g.levy@mamacash.org February 4, 2016 at 3:43 pm #

    Hi John,

    I have aquestion with regard to App access.
    We have a free source app installed on our live environment that allow MERGE for various objects (incl. custom). It was not installed by me and I see that it is not limited to number of licences.
    I allowed access to that app for a certain profile – successfully. However, when the user try to use that app she gets an error message that the app is not accessible for her.
    What am I missing here?

    Thank you,
    Gil

    • JohnCoppedge February 4, 2016 at 11:16 pm #

      There is probably a visualforce page or something like that contained within the app that they need access to as well- check the components in the managed package.

      Also check the docs in the managed package for advice. Lastly, see if there is a permission set included in the managed package that can easily assign the permissions without having to track all that down.

  7. pjonnala December 13, 2015 at 11:11 pm #

    John – How do you navigate to user permission on a profile

    • JohnCoppedge December 18, 2015 at 7:40 pm #

      Edit the profile- any of the checkboxes under the user section (with the class profile editor enabled)

  8. pjonnala December 13, 2015 at 11:08 pm #

    John – What is user permission on a profile regards to that they cannot be changed on standard profile. What are you referring to when you say user permissions

    • JohnCoppedge January 9, 2016 at 3:17 am #

      Edit a standard profile – if you are using the standard profile editor there is a section for user permissions (about half of the checkboxes for the profile)

  9. Sudheendra Karri December 6, 2015 at 1:14 am #

    Need help with setting up profiles / users

    I am on a test Dev environment trying to create some users on my Org and mapping them to some Custom profiles

    On None of the user records I create, I get an option to choose “Salesforce” user license. Is this a limitation on the Dev Org ?

    Only Options I see are “Salesforce platform” , “Force.com-Free” …. These Licenses do not let me choosed Custom profiles I created.

    Need advise please !

    • Raajesh Kumar December 6, 2015 at 2:36 am #

      You are limited to only two user license in dev org as its a free account. Note that two includes your admin profile too. So ideally you can create only one more user. Either you would have already used the license and that’s why you don’t see anymore. Try to disable the active user and then create a new user and add content. That’s how we do workaround. Hope it helps.

      • Sudheendra Karri December 9, 2015 at 1:14 am #

        Agree that’s a limitation.

        But curious to know what’s the workable alternative to set up a test org with a few users, profiles, roles for trying a lot of scenarios / quizzes hands on

        • JohnCoppedge January 9, 2016 at 3:16 am #

          A developer org from your company is the best bet- but that’s not available to everyone

  10. rits_bits November 29, 2015 at 5:35 am #

    Hi Jon

    I have purchased the licence .No one has replied to my queries. I hope I should get the answer to my queries as paid customer

    Regards

  11. rits_bits November 26, 2015 at 5:40 am #

    Hi Jon
    Couple of question

    1) If on profile level for the opportunity I have “Modify All Data” and on OWD it is Public Read only Only. Would I be able to edit the opportunity records I do not own ?

    2) I have enabled the role hierarchy .On Sales Rep Profile for opportunity CRED is enabled and I want that Sales Manager should only view(not edit and delete) the opportunity of the subordinate. How can I achieve this.?

    • JohnCoppedge December 1, 2015 at 1:43 am #

      1. Yes
      2. Not possible through standard security if they also need to edit their own opps. You can add a validation rule instead though.

  12. Farzana Hafiz August 19, 2015 at 9:44 am #

    Good

  13. Minhaj Arifin February 26, 2015 at 5:49 pm #

    Hi John, Great website!
    Under the first paragraph of this page, “What is a Profile?”, what are the two columns describing? For example, in the second row: is it showing that configuring the Object-Level Permissions is a way to control permissions to the Tabs in the User Interface?

    • JohnCoppedge February 27, 2015 at 9:32 pm #

      Yes – this is just describing the different components that the profile influences, split up by type (UI, security).

  14. john roy January 9, 2015 at 7:36 pm #

    On the salesforce video:”Who Sees What: Object Access”, they assign a custom profile to Karen Adams. They then assign it to all members on the inside sales team. I did not see how they assigned it to all the members of that sales team?

    • JohnCoppedge January 13, 2015 at 12:02 am #

      They assign the profile @ 5:22 in the video by editing the user and changing the profile from the drop down

  15. Raajesh Kumar November 27, 2014 at 1:39 pm #

    Its mentioned as “Object-level and user permissions cannot be changed on standard profiles”. Does it mean we cannot apply sharing or field level security and override default security in standard profile? So in real life, ideally the admin will always clone standard profile and create new one instead of directly using the standard profile?

    • JohnCoppedge November 28, 2014 at 3:01 am #

      “Sharing” (meaning record sharing) is typically applied via the role not profile, minor point of clarification. But yes, the admin can only modify a small portion of the standard profile permissions (e.g. field level security and/or object level security), so it is customary to create custom profiles.

  16. Mark Thomas October 16, 2014 at 4:15 pm #

    Just when I thought I was pretty good at security settings, I find out how limited my knowledge is. I can definitely eliminate some of my org’s profiles and create more permission sets to apply.

    • JohnCoppedge October 19, 2014 at 2:53 am #

      They can be pretty powerful but at the same time are harder to track than profiles – it definitely requires a balance!

  17. Alhaji Kamara July 6, 2014 at 6:12 pm #

    Hi John,
    For the statement: “If users are assigned a standard profile and you later need to change their permissions (e.g. add read access to a custom object)…” can’t we use permission sets to assign more permissions instead of having to create a custom profile and migrate all the users? Which of these two methods is more preferable?

    • Alex Messinger September 26, 2014 at 1:18 pm #

      I still like the recommendation of assigning users to custom profiles. While permission sets can add permissions, I don’t think they can remove them. And permission sets need to be applied individually to each user. Custom profiles allow you to add (or remove) a permission globally. More efficient, imho.

      • JohnCoppedge September 28, 2014 at 4:05 pm #

        It is a best practice to use custom profiles because you cannot modify most of the standard profiles. Yes you could use permission sets for everything, but you would end up with a lot of overhead managing all of the permissions on a per user basis. Generally I agree with Alex- start off while a profiles that meet the majority of the users needs. Then add permission sets to handle the ad-hoc or less frequent scenarios.

  18. swetha maddali March 23, 2014 at 1:06 pm #

    Hi John,

    Can a single user with one email id and different usernames be assigned to multiple profiles?

    Thanks in advance,
    Swetha

    • JohnCoppedge March 23, 2014 at 10:40 pm #

      One user record can only be assigned to one profile. It is possible to create more than one user with the same email address – however, the username (which is typically the user’s email address) must be unique across all orgs.

      • Mark Thomas October 16, 2014 at 4:13 pm #

        To add to this, users only need one profile, while they may need multiple permission sets to gain additional access.

  19. Vishal Raana March 16, 2014 at 7:51 pm #

    “User permissions” leads to a sfdc help page with no content. This is on iPad.

    Thanks!

    • JohnCoppedge March 16, 2014 at 9:26 pm #

      Hrm. Just tried on PC with no issues. Might be a mobile issue? Will have to investigate.

      • Shayleen Mason December 30, 2014 at 9:25 am #

        All sales force help pages do not display on iPads.

        • RomanPer July 24, 2016 at 12:59 am #

          They do display on iPad if you use Safari. They don’t display on iPad in Chrome

Leave a Reply