The solution section provides an overview of how to solve this scenario, and why that solution was chosen. The Solution Steps section immediately following outlines the exact steps used to replicate the solution.
Solution:
Standard profiles are essentially used as templates that remain mostly the same throughout all Salesforce orgs. As you can make only a very limited number of changes to a standard profile, the solution is to create a custom profile corresponding to the functionality needed by a set of users.
In this scenario, I would create a profile called “Inside Sales”, and enter in the description “standard profile w/o export report permission” along with details about the profile’s usage.
This serves two purposes:
- It removes the restrictions of a standard profile.
- It establishes a baseline set of permissions for specific users. For instance, if both the inside and outside sales teams use the same profile, then if I need to change permissions for only one team, I’ve got a lot more work to do. Where you draw the lines between profiles, permission sets, and the security model as a whole is an art, not science. Rely on those that know your business well, ask a lot of questions, and understand how Salesforce works.
Success Criteria:
These steps were generated with the enhanced profile editor disabled. If these steps do not match what you see in your org, go to Setup –> Customize –> User Interface, and ensure that ‘Enable Enhanced Profile User Interface’ is unchecked.
- Setup –> Manage Users –> Profiles
- New Profile (Button)
- Select Existing Profile “Standard User”, Profile Name “Inside Sales”, Save
- Edit Profile, Uncheck “Export Reports” (you may want to search the page), Save
- Setup –> Manage Users –> Users
- Edit James Smith, Select Profile “Inside Sales”, Save
- Click Login next to James Smith, Select Reports Tab, Run any Report, Verify that “Export Details” is not present
Hi John,
In Users, I only have the Edit option next to Smith, James. All users only have Edit, there’s no Login link beside their names. Is it something that I have to enable manually? Thanks
Yes you need to enable login as any user in login access policies
I don’t see the option to enable this under login access policies?
I cannot uncheck “Export Reports” box when I click on Edit, why is that?
Which profile are you editing? You can’t modify the standard profiles
Hi John,
I don’t have privilege to run report although I am an admin and didn’t modify anything. Why?
I can’t imagine a scenario where that would be the case- are you sure you’re logged in as a system admin and assigned the standard (non-custom) system administrator profile?
Hi John,
Thank you for reply.
Yes, I have the standard admin profile and still don’t have privilege. I try assigned to the “standard” profile but nothing changed.
Anyway, I created another account and did everything the same and it worked this time. Still couldn’t figure out what I did wrong for the first time.
Hi John.
I don’t see any login option next to John Smith. Please assist.
Regards
Akshay
Please make sure you’ve followed the config here: http://classic.certifiedondemand.com/users-scenario-1-solution/
Hi John,
I was not able to find the option where I can uncheck the box for run reports, and I was trying to do this from the James account as a System Administrator? Could you please help me with this?
You need to create a new profile while logged in as the system administrator (your primary developer edition login)… are you following the steps above?
Yes, I was trying to create the profile from System administrator account but Im not able to find the option to uncheck the export option?
while creating the new profile from the standard user profile , I didnt find an option to edit profile anywhere? Could you please tell where do I find an option to change the profile?
You can only modify custom profiles- you need to clone a standard profile
Hi, I am facing the problem. Any help ?
same* problem as svi
Make sure “Enable Enhanced Profile User Interface” is turned off in the user interface settings – that may be the issue.
Thanks I just completed exercise
Just to clarify
Steps to grant access were
personal setup—>my personal information–>grant login access
I have disabled the Enhanced Profile User Interface as you suggested before, so you might want to mention that you find the “Export Report” under “General User Permissions” towards the end of the page. If you have the Enhanced Profile active, you need to go half way down on the page , under System and click on “System Permissions” to see the “Export Reports” option.
Thanks Carlos – will look at updating
Yes, this is where I found it. Thank you.
When you say inside sales team what is it in salesforce. Is it a group. How would you assign a profile to a whole team
In this example it is a profile
Thank you
Hi John,
For the above exercise, do I need to create the fictitious user James Smith?
Thanks,
Mike
Yes, that’s done in the previous section (user management)
Thank you John!
In the enhanced profile view settings am I right in stating that the ability to export reports check box is now under the Systems Permissions settings. Once you edit this ‘view’ then the user can enable or disable the ‘Export Reports’ permission.
Thanks
Yes you can make that edit using the enhanced profile view or by directly modifying the profile
Dear John,
If I was to assign a permission set to a user for a certain period of time (ie during the manager’s holiday period), do I need to revoke this permission sets manually or is there an option of assigning them with time validity?
Thank you in advance.
Manually by default. You might be able to automate with a workflow/trigger.
Ugh – totally got that had to create a new profile but totally missed the uncheck export report part … 🙁
I found my error. I mistakenly tried to use a permission set to remove. When I figured out that was wrong, I failed to delete the permission set from the user. My bad (of course that means I pretty much did scenario two…)
Great, thanks for posting
I’ve tried this exercise twice, and it doesn’t seem to work. I created a new profile, and removed the check in the checkbox next to “Export reports”, under the sys admin login. assigned it to the Smith id and logged into the smith id. The export details option is still there and allows exporting. What am I doing wrong?
Hi John,
How do I log out as James Smith and back as an Admin? Only way of doing this is by logging out completely.
Uncheck Force relogin after Login-As-Use in session settings (security)
John, in item 7 , I can not see “Run any Report” in Reports tab. Do you know what is the reason?
That just means locate any report (there should be a few standard reports) and select it.
John, i have performed the above exercise,when i run the report the export detail button is enabled and i can export the details. what should i do to disable the export detail button. i m working on summer 14 developer edition
Thanks
Are you logged in as the user assigned to the new profile?
Instead of performing steps 2 & 3 in the solution above, can’t you just find the “standard user” profile, click ‘clone’, and then edit it to uncheck “export reports”, and save? Or is this method wrong?
Correct – the steps above are cloning the standard profile
John, I don’t see button for “login” next to user. Do I need to enable something in order for this button “login as user” to show up?
Thanks!
John can clarify further but I suspect your Org settings are such that the user needs to grant login permissions. Please see: https://help.salesforce.com/HTViewHelpDoc?id=logging_in_as_another_user.htm&language=en_US
If you want this set as a default so the user doesn’t have to grant access please see: https://help.salesforce.com/HTViewHelpDoc?id=controlling_login_access.htm&language=en_US
Hope this helps,
Tom
Yes – you need to login in as the user and grant the admin login access… this is done in a previous exercise.
You have a typo in the header – Secnario.
Thanks Eileen – updated!