Introduction
TaroWorks comes with two custom profiles. One has the minimum permissions required to work with TaroWorks in Salesforce or the back-end. This is the TaroWorks User profile. The other is to work with TaroWorks via your mobile device with the TaroWorks Android app. This is the TaroWorks Partner User profile.
Users that are assigned the TaroWorks User profile are able to create Jobs and Surveys, set Performance Targets, conduct Reporting, and manage Mobile Users in the Salesforce back-end, but do not have full access to everything as a System Administrator would. These profiles will come pre-configured with the permissions listed, so there is no action necessary on your part if you are assigning users to these profiles. Should you want to clone these into custom profiles, the information below is meant for reference.
The below permissions are for TaroWorks version 4.4.X. If you are on a previous version, you can skip any fields, objects, apex classes, or Visualforce pages that you are not available in the Profile.
- A. Field Level Permissions - Once a user has at least read access to an object, they need to be granted visibility to fields on that object.
- B. Administrative Permissions - These need to be set to allow the user to do things such as manage users and access public reports.
- C. Object Permissions - There are many objects that are unique to TaroWorks that TaroWorks Users will need access to, in order to work with TaroWorks in Salesforce.
- D. Apex Class Access - There are some functions unique to TaroWorks that the TaroWorks User will also require access to.
- E. Visualforce Page Access - There are some custom pages that TaroWorks Users will need to access.
- F. Permissions by Release - For those of you that are managing access to TaroWorks with permission sets, here are the new additional permissions by release.
A. Field Level Permissions
Under Setup > Administer > Manage Users > Profiles > TaroWorks User Profile, the minimal field level security settings are as follows.
Note: If you add any custom fields that you want the TaroWorks User profile to have access to, you'll need to give visibility to those fields as well.
Under Standard Field-Level Security, Click View next to Contact object. The following fields on the Contact object need to be visible:
- Mobile User Password
- Mobile User Username
All of the fields for all of the objects in the green box under Custom Field-Level Security will need to be set to visible with two exceptions which are pictured below(Device and Mobile User).
All Custom objects in the green box above should have all fields set to visible when you click View. These include:
- Answer
- Application Version
- Assigned Target
- CascadingLevel
- Cascading Select
- Cascading Select Value
- Client Assignment
- Field Mapping
- Form
- Form Library
- Form Mapping
- Form Version
- Group
- Job
- Job Activity
- Job Template
- Member
- Mobile Money Collections
- Object Relationship Mapping
- Option
- Performance Target
- Poverty-assessment Tools Table
- Poverty-assessment Tools Table Data Set
- Poverty-assessment Tools Table Line
- Question
- Score Value
- Scoring Group
- Skip Condition
- SObject Filter Condition
- Sobjects Contact Association
- Submission
- Submission PAT Value
- Submission Score
- Target
- TaroWorks Mobile User
- Task
- Task Activity
- TW Folder
Example:
The Device object will only need the following fields set to visible:
The Mobile User object will only need the following fields set to visible:
B. Administrative Permissions
Check the following permissions:
- API Enabled
- Assign Permission Sets
- Chatter Internal User
- Create and Customize List Views
- Create and Customize Reports
- Create and Own New Chatter Groups
- Create Report Folders
- Customize Application
- Edit My Reports
- Invite Customers To Chatter
- Manage Content Permissions
- Manage Internal Users
- Manage IP Addresses
- Manage Login Access Policies
- Manage Macros Users Can't Undo
- Manage Password Policies
- Manage Profiles and Permission Sets
- Manage Public List Views
- Manage Reports in Public Folders
- Manage Roles
- Manage Salesforce CRM Content
- Manage Sharing
- Manage Users
- Reset User Passwords and Unlock Users
- Select Files from Salesforce
- Send Outbound Messages
- View All Users
- View Help Link
- View Reports in Public Folders
- View Setup and Configuration
General Permissions
Check the following permissions:
- Assign Topics
- Convert Leads
- Create and Share Content Deliveries for Salesforce Files
- Create Topics
- Deliver Uploaded Files and Personal Content
- Edit Events
- Edit Opportunity Product Sales Price
- Edit Tasks
- Edit Topics
- Export Reports
- Import Personal Contacts
- Manage Two-Factor Authentication in User Interface
- Mass Edits from Lists
- Mass Email
- Run Reports
- Send Email
- Send Stay-in-Touch Requests
C. Object Permissions
Set the following Read (R), Create (C), Edit (E), Delete (D), View All (V), Modify All (M) permissions:
- Answers - RCE
- Application Version - RCED
- Assigned Targets - RCED
- Cascading Levels - RCED
- Cascading Selects - RCED
- Cascading Select Values - RCED
- Client Assignments - RCED
- Devices - R
- Field Mappings - RCED
- Surveys - RCED
- Form Libraries - RCED
- Form Mappings - RCED
- Form Versions - RCED
- Groups - RCED
- Jobs - RCEDVM
- Job Activities - RCE
- Members - RCED
- Mobile Money Collections - RED
- Mobile Users - RED
- Object Relationship Mappings - RCED
- Options - RCED
- Performance Target - RCED
- Poverty-assessment Tools Results - RCE
- Poverty-assessment Tools Tables - RCED
- Poverty-assessment Tools Table Data Sets - RCED
- Poverty-assessment Tools Table Lines - RCED
- Questions - RCED
- Score Values - RCED
- Scoring Groups - RCED
- Skip Conditions - RCED
- SObject Filter Conditions - RCED
- SObject Contact Associations - RCED
- Submissions - RCE
- Submission PAT Associations - RCE
- Submission PAT Values - RCE
- Submission Score - RCE
- Targets - RCED
- TaroWorks Mobile User - RCED
- Tasks - RCED
- Task Activities - RCE
- TWError Log - RCED
- TWFolder - RCEDVM
D. Apex Class Access
Enable the following classes:
- gfsurveys.ApplicationUpdate
- gfsurveys.CascadingService
- gfsurveys.CascadingUploadBatch
- gfsurveys.ExportCsvBatch
- gfsurveys.FFSubmitJobs
- gfsurveys.FolderAssignmentController
- gfsurveys.JobTargetCleanUpBatch
- gfsurveys.JobTargetCleanUpSchedule
- gfsurveys.MobileUserLogin
- gfsurveys.MobileUserLogout
- gfsurveys.PerformanceManagementEndpoint
- gfsurveys.ProcessAnswerRecordsBatch
- gfsurveys.QuestionTriggerLogic
- gfsurveys.RemoteActionUtils
- gfsurveys.ResourceDownload
- gfsurveys.SFDCEncoder
- gfsurveys.SiteUrlRewriter
- gfsurveys.SurveyDistribution
- gfsurveys.SurveyFormList
- gfsurveys.SurveySubmissionService
- gfsurveys.SurveyTriggerLogic
- gfsurveys.SurveyVersionTriggerLogic
- gfsurveys.TaroRESTJobTemplates
- gfsurveys.TaroRESTJobTemplatesLogic
- gfsurveys.TaskSelector
- gfsurveys.TWErrorLogDomain
- gfsurveys.TWFolderDomain
- gfsurveys.TWFolderSelector
E. Visualforce Page Access
Enable access to the following Visualforce Pages:
- gfsurveys.ApplicationSettings
- gfsurveys.ContactGroupList
- gfsurveys.CreateCascadingSelect
- gfsurveys.CreateIndicatorTarget
- gfsurveys.CreateJobTarget
- gfsurveys.CreateJobTemplate
- gfsurveys.CreateNewSurvey
- gfsurveys.DeleteContactGroup
- gfsurveys.DownloadApk
- gfsurveys.DownloadCsv
- gfsurveys.EditContactGroup
- gfsurveys.FolderAssignment
- gfsurveys.GeneratePartnerUsers
- gfsurveys.JobActivitiesList
- gfsurveys.JobManager
- gfsurveys.JobPreview
- gfsurveys.LookupTables
- gfsurveys.Maps
- gfsurveys.MobileUserDetail
- gfsurveys.MobileUserManager
- gfsurveys.ObjectAssignment
- gfsurveys.PerformanceIndicatorManager
- gfsurveys.PerformanceTargetManager
F. Permissions by Release
TaroWorks 4.3.X
- Field Level Permissions (Make visible)
- Option_c.OptionalCode_c (Optional code field on Option object)
- Question_c.ResponseValidationExample__c (Example of Valid Response field on Question object)
- Question_c.ResponseValidation__c (Response Validation field on Question object)
- Question_c.SurveyVersion_c (SurveyVersion field on Question object)
- SurveyMapping_c.SurveyVersion_c (SurveyVersion field on SurveyMapping object)
- SurveyVersion_c.SurveyLibrary_c (SurveyLibrary field on SurveyVersion object)
- Enable Apex Class Access
- gfsurveys.CascadingLevelSelector
- gfsurveys.CascadingSelectDomain
- gfsurveys.ContentVersionSelector
- gfsurveys.JobManagerService
- gfsurveys.JobPreviewController
- gfsurveys.JobManagerController
- gfsurveys.QuestionTriggerLogic
- gfsurveys.SurveyManagerService
- gfsurveys.SurveyVersionTriggerLogic
- gfsurveys.TaskTemplateTriggerLogic
- Enable Visualforce Page Access
- gfsurveys.CreateNewSurvey
- gfsurveys.JobManager
- gfsurveys.JobPreview
TaroWorks 4.4.X
- Field Level Permissions (Make visible and editable)
- QuestionMapping_c.ScoringGroup_c
- Question_c.IsRepeatInTable_c
- Enable Apex Class Access
- gfsurveys.CascadingService
TaroWorks 4.5.X
- Object Level Permissions (RCEVM)
- TWFolder__c
- Field Level Permissions (Make visible)
- JobTemplate_c.TWFolder_c (TW Folder field on Job Template object)
- Survey_c.TWFolder_c (TW Folder field on Survey Object)
- TWFolder_c.Type_c (Type field on TW Folder Object)
- Question_c.Hidden_c (Hidden field on Question Object)
- Question_c.DynamicOperationType_c (Dynamic Operation Type field on Question Object)
- Question_c.DynamicOperation_c (Dynamic Operation field on Question Object)
- Enable Apex Class Access
- gfsurveys.FolderAssignmentController
- gfsurveys.TWFolderDomain
- gfsurveys.TWFolderSelector
- Visualforce Page Access (Enable)
- gfsurveys.FolderAssignment
- Enable Tabs (Default On)
- TWFolder
TaroWorks 4.6.X
- Object Level Permissions (RCEVM)
- TWErrorLog__c
- Layout
- TWErrorLog__c
- Enable Apex Class Access
- gfsurveys.TaskSelector
- gfsurveys.TWErrorLogDomain
- Enable Tabs - (Default On)
- TWErrorLog__c
- Field Level Permissions (Make visible)
- Answer_c. AnswerKeyMD5_c (AnswerKeyMD5 field on Answer object)
- Job_c. JobActivityMD5_c (JobActivityMD5 field on Job object)
- Task_c.TaskActivityMD5_c (TaskActivityMD5 field on Task object)
- TWErrorLog__c.Name (Name field on TW Error Log object)
- TWErrorLog_c.ErrorType_c (Error Type field on TW Error Log object)
- TWErrorLog_c.ErrorMessage_c (Error Message field on TW Error Log object)
- TWErrorLog_c.ErrorCode_c (Error Code field on TW Error Log object)
- TWErrorLog_c.Object_c (Object field on TW Error Log object)
- TWErrorLog__c.User(User field on TW Error Log object)
TaroWorks 4.7.X
- No new permissions required
TaroWorks 4.8.X
- No new permissions required
TaroWorks 4.9.X
- Fields make Visible (Read & Edit ) field level permission
- SObjectContactAssociation_c.SObjectFieldApiName_c (SObjectFieldApiName field on SObjectContactAssociation)
- Enable Apex Class Access
- gfsurveys.MobileUserService
TaroWorks 5.0.X
- No new permissions required
TaroWorks 5.1.X
- No new permissions required
TaroWorks 6.0.X
Go to Set Up - > Profiles - > TaroWorks User
- Enable Object permissions
- Mobile_Money_Collection__c - Read Access
- Client Assignments - Read,Create,Edit and Delete access
- Members - Read,Create,Edit and Delete access
- Mobile User object - Read, Edit and Delete access
- SobjectContactAsociation - Read,Create,Edit and Delete access
- Custom Field Level Security
- Mobile_Money_Collection_c.Collection_ID_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Remote_Transaction_ID_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Organization_c needs (Read) field level permission
- Mobile_Money_Collection_c.Currency_c needs (Read) field level permission
- Mobile_Money_Collection_c.Phone_Number_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Date_of_Collection_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Status_c needs (Read) field level permission
- Mobile_Money_Collection_c.Created_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Author_c needs (Read) field level permission
- Mobile_Money_Collection_c.Modified_c needs (Read) field level permission
- Mobile_Money_Collection_c.Updated_By_c needs (Read) field level permission
- Mobile_Money_Collection_c.Amount_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Reference_c needs (Read) field level permission
- Enable Tabs - Set Default On
-
Mobile Money Collections
-
- Enable Apex Class Access
-
gfsurveys.MobileMoneyCollectionDomain
-
gfsurveys.MobileMoneyCollectionDomainTest
-
gfsurveys.MobileMoneyCollectionSelector
-
gfsurveys.MobileMoneyCollectionSelectorTest
-
gfsurveys.MobileMoneyIntegrationCalloutMock
-
gfsurveys.MobileMoneyIntegrationJobSchedule
-
gfsurveys.MobileMoneyIntegrationJobScheduleTest
-
gfsurveys.MobileMoneyIntegrationProcess
-
gfsurveys.MobileMoneyIntegrationProcessTest
-
gfsurveys.TWErrorLogSelector
-
- Layout Assignment
-
Mobile_Money_Collection__c - Mobile Money Collection Layout
-
TaroWorks 6.1.X
- No new permissions required
TaroWorks 6.2.X
Go to Set Up - > Profiles - > TaroWorks User
- Enable Object permissions
- TaroWorks_Mobile_User__c - Read,Create,Edit and Delete access
- Custom Field Level Security
- TaroWorks_Mobile_User__c.Account__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Active__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Alias__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Assigned_Public_Group_IDs__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Assigned_Public_Group_Names__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Assigned_Record_Ids__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Assigned_Record_Objects__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Contact__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Contact_Record_Type__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Email__c needs (Read,Edit) field level permission- Read/Write access
- TaroWorks_Mobile_User__c.First_Name__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Language__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Last_Login__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Last_Name__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.License__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Manager__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Mobile__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Phone__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Profile__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Profile_Id__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Role__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Salutation__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.User__c needs (Read,Edit) field level permission
- TaroWorks_Mobile_User__c.Username__c needs (Read,Edit) field level permission
- Enable Tabs - Set Default On
-
TaroWorks Mobile Users
-
- Enable Apex Class Access
-
AssignPublicGroupController.cls
-
TaroworksMobileUserController.cls
- TaroworksMobileUserDomain.cls-
- TaroworksMobileUserSelector.cls
-
TaroworksMobileUserTriggerLogic.cls
- TaroWorksMobileUserInsertLogic.cls
-
TaroworksMobileUserUtils.cls
-
AccountTriggerLogic.cls
-
DisplayGroupOnDetailPageController.cls
-
DisplayAssignedRecordsListController.cls
-
DisplayAssignedRecordsListControllerTest.cls
-
ObjectFieldSelectorController.cls
-
AssignRecordsController.cls
- FilterComponentController.cls
-
PicklistOptionsWrapper.cls
-
SearchAndDisplayRecordsController.cls
-
ContactTriggerLogic.cls
- AccountSelector.cls
-
BatchToInsertTaroworksMobileUserRecords.cls
-
BatchToInsertTWMobileUserRecordsTest.cls
-
- Enable Lightning Web Components
-
assignPublicGroupComponent
-
assignRecordsComponent
-
assignUnassignButtonsComponent
-
displayPublicGroupList
-
displayAssignedRecordsListComponent
-
filterComponent
-
recordAssignmentWebComponent
-
objectAndFieldSelectorComponent
-
popUpMessageComponent
-
searchAndDisplayRecordsComponent
-
selectedTaroworksMobileUsersListComponent
-
showAssignedJobTemplatesWebComponent
-
displayPublicGroupOnDetailPage
-
taroworksMobileUserDetailWebComponent
-
taroworksMobileUserEditWebComponent
-
taroworksMobileUserViewWebComponent
-
- Enable Aura
-
AssignPublicGroupApp
-
AssignRecordsApp
-
TaroworksMobileUserDetailComponent
-
TaroworksMobileUserEditComponent
-
PublicGroupOnDetailPageComponent
-
RecordAssignmentForCreation
-
RecordAssignmentForEdit
-
- Page Access
- gfsurveys.AssignPublicGroup
- gfsurveys.AssignRecordsPage
- Layout Assignment
-
TaroWorks Mobile User
-
TaroWorks 6.4.X
- No new permissions required
TaroWorks 6.5.X
Go to Set Up - > Profiles - > TaroWorks User
- Custom Field Level Security
- Question__c.Test_Dynamic_Operations__c needs (Read access) field level permission
- Question__c.Dynamic_Operation_Test_Data__c needs (Read access) field level permission
TaroWorks 7.0.X
- Administrative Permissions
- View All Custom Settings (Manual upgrade step, but this permission is present when installing (not upgrading) TaroWorks 7.0 into Salesforce)
TaroWorks 7.1.X
- Administrative Permissions
- View All Custom Settings (Manual upgrade step, but this permission is present when installing (not upgrading) TaroWorks 7.1 into Salesforce)
- Enable Object permissions
- SObjectUserAssociation__c - Create, Edit, Read, Delete, View All Records and Modify All Records access.
- Custom Field Level Security
- SObjectUserAssociation__c.AssociatedIds__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.User__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.SObjectFieldApiName__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.Instance__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.NumberOfRecords__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.SObjectApiName__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.UniqueKey__c needs Visible (Read & Edit ) field level permission
- Enable Apex Classes
- SObjectUserAssociationSelector
- SObjectUserAssociationDO
- SObjectUserAssociationDOTest
- SObjectUserAssociationTriggerLogic
- SObjectUserAssociationTriggerTest
- SobjectUserAssociationSelectorTest
- BatchToMigrateSObjectContactToUser
- BatchToMigrateSObjectContactToUserTest
- BatchToUpgradeExtistingTMURecordsTest
- BatchToUpgradeExtistingTMURecords
TaroWorks 7.4.X
- Custom Field Level Security:
- AssignedTarget__c.User_Name__c - needs Visible (Read ) field level permission
- AssignedTarget__c.User__c -needs Visible (Read & Edit ) field level permission
- AssignedTarget__c.List_View_Name__c- needs Visible (Read & Edit ) field level permission
- Question__c.Require_Live_Photo__c - needs Visible (Read & Edit ) field level permission
- Question__c.AllowSelfIntersectingPolygon__c - needs Visible (Read & Edit ) field level permission
- Question__c.AllowTapToCaptureGPSCoordinate__c - needs Visible (Read & Edit ) field level permission
- Question__c.MinimumRequiredArea__c - needs Visible (Read & Edit ) field level permission
- Question__c.MinimumRequiredPerimeter__c - needs Visible (Read & Edit ) field level permission
- Survey__c.RunHiddenDynamicOperations__c - needs Visible (Read & Edit ) field level permission
- Enable Tabs - Set Default On
- Performance Target
- Enable Apex Classes:
- LightningJobTargetController - set enabled as true
- TrackedObjectController - set enabled as true
If you ever want to reference what the minimum access requirements are for a back-end TaroWorks User profile you can revisit this article. For more information you can watch the security webinar we had with our customers.
Comments
0 comments
Please sign in to leave a comment.