Difference between revisions of "Access Profiles"
imported>Aeric |
imported>Aeric |
||
Line 22: | Line 22: | ||
{{:Login IP Address Restrictions}} | {{:Login IP Address Restrictions}} | ||
====Tasks and Appointments==== | |||
:* '''Create''' - Ability to create [[Tasks and Appointments]] | :* '''Create''' - Ability to create [[Tasks and Appointments]] | ||
:* '''Others' Records''' - Ability to '''View''', '''Update''' and '''Delete''' Tasks and Appointments created by others. | :* '''Others' Records''' - Ability to '''View''', '''Update''' and '''Delete''' Tasks and Appointments created by others. |
Revision as of 00:11, 8 June 2012
Settings > Administration > Access Profiles
An Access Profile specifies a collection of permissions that can be applied to multiple users.
About Access Profiles
Each User is assigned an access profile, which can be shared by other users.
An Access Profile specifies:
- The network locations (IP addresses) from which it is possible to login
- Record-access permissions for all application objects (view, create, update, delete)
- Additional administrative permissions
Note: The record-access permissions apply to those objects the user is allowed to see, by virtue of their Role in the application.
Working with Access Profiles
Users that have the Access Control/User Management permission can modify Access Profiles
Access Profile Information
Give the Profile a name, and a general description. (You reference the profile by name when assigning it to a user.)
Login IP Address Restrictions
For extra security, enter ranges of IP addresses from which users are allowed to access the platform. If a user attempts to login from a computer on a network outside of the specified range, access to the platform is denied.
Users that have the Access Control permission can specify the range of IP addresses from which user logins are allowed.
- To configure an IP address range
- Click > Administration > Access Management > Access Profiles
- Select the Access Profile of interest, or create a new one
- Enter an IP address range in the text area, following these guidelines:
- A maximum of 25 IP address ranges can be specified
- Enter one range per row in the text area
- Add, Modify and Delete the entries, as needed
- Accepted format is xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy, where:
- xxx and yyy are numbers in the range 0-255
- xxx.xxx.xxx.xxx is less than or equal to yyy.yyy.yyy.yyy
- To specify a single IP address, use the same IP address for the start and endpoint of the range: 192.168.1.10 - 192.168.1.10
- How it works
-
- When a user attempts to log in, the IP address of the system the request originated from is checked against the configured settings. If the address is in the allowed range, the user can continue the login process. Otherwise, login is denied.
- Access violations are recorded in the audit log, identifying both the user and the IP address from which the login attempt originated
- Login restrictions apply to all user logins - using a web browser, Email Edition, mobile access, or REST APIs.
- The restrictions do not apply to Customer Support logins.
Tasks and Appointments
- Create - Ability to create Tasks and Appointments
- Others' Records - Ability to View, Update and Delete Tasks and Appointments created by others.
Global Permissions
Specify the operations a user can perform on all objects that an application Role gives them access to:
- View Records
- Create Records
- Update Records
- Delete Records
Administrative Permissions
Administrative Permissions are assigned in an Access Profile. They allow a user to customize selected aspects of the platform. (Data Access Permissions, in contrast, determine what objects, records, and fields a user can see by virtue of their role and team memberships.)
Tip: Users given Administrative Permissions should have the following skills:
- Familiarity with the platform and your organization's business processes
- Good understanding of the Application Design Guide
- Excellent understanding of the area(s) they will be modifying
- User and Ownership Controls
- User Management - Create and manage users and teams
- Access Control - Manage roles and password policies
- Change Ownership of my Team's Records
- Manage Personal Setup
- Reporting Controls
- Data Management Controls
- Application Controls
- Customize Objects
- Manage Applications - Add/Update/Delete platform applications
- Manage Packages
- Manage Translation Workbench
- Development Controls
- Use Development Features - Work with classes, pages, sites, and other development features
- Manage Debug Log
- Manage Sandboxes (Only appears if sandboxes are enabled)
- Account Controls
- Manage Tenants and Company Capabilities
- Proxy Login Access
- Proxy Login Configuration
- Customer Support Login
- Support Cases - View and modify support cases filed by others