Introduction
TaroWorks comes with two custom profiles. One has the minimum permissions required to work with TaroWorks in Salesforce or the back-end. This is the TaroWorks User profile. The other is to work with TaroWorks via your mobile device with the TaroWorks Android app. This is the TaroWorks Partner User profile.
Users that are assigned the TaroWorks Partner User profile are able to submit Jobs and track their Performance on their mobile device. This profile will come pre-configured with the permissions listed, so there is no action necessary on your part if you are assigning users to these profiles. However, if you add custom objects/fields that you would like users with this profile to view, create, or update, permissions will need to be added for those fields/objects.
Should you want to clone these into custom profiles, the information below is meant to be a reference for the minimum amount of access an individual would need on their security profile to use TaroWorks on their mobile device. Please note that if you create your own profile for your field officers using TaroWorks, the word "TaroWorks" must be included in the name of that profile. Also please add the new profile to TaroWorks community.
The below permissions are for TaroWorks version 4.4.X. If you are on a previous version, you can skip any fields, objects, apex classes, or Visualforce pages that you are not available in the Profile.
- A. Field Level Permissions - Once a user has at least read access to an object, they need to be granted visibility to fields on that object.
- B. Administrative Permissions - this profile needs to be API enabled.
- C. Object Permissions - There are many objects that are unique to TaroWorks that TaroWorks Users will need access to, in order to work with TaroWorks in Salesforce.
- D. Apex Class Access - There are some functions unique to TaroWorks that the TaroWorks User will also require access to.
- E. Visualforce Page Access - There are some custom pages that TaroWorks Users will need to access.
- F. Permissions by Release - For those of you that are managing access to TaroWorks with permission sets, here are the new additional permissions by release.
A. Field Level Permissions
Under Setup > Administer > Manage Users > Profiles > TaroWorks Partner User Profile, the minimal field level security settings are as follows.
Note: If you add any custom fields that you want the TaroWorks User profile to have access to, you'll need to give visibility to those fields as well.
All of the fields for all of the objects in the green box under Custom Field-Level Security will need to be set to visible with one exceptions which is pictured below (SObject Filter Condition).
All Custom objects in the green box above should have all fields set to visible when you click View. These include:
- Answer
- Application Version
- Assigned Target
- CascadingLevel
- Cascading Select
- Cascading Select Value
- Client Assignment
- Device
- Field Mapping
- Form
- Form Library
- Form Mapping
- Form Version
- Group
- Job
- Job Activity
- Member
- Mobile Money Collection
- Mobile User
- Object Relationship Mapping
- Option
- Performance Target
- Poverty-assessment Tools Table
- Poverty-assessment Tools Table Data Set
- Poverty-assessment Tools Table Line
- Question
- Score Value
- Scoring Group
- Skip Condition
- Sobjects Contact Association
- Submission
- Submission PAT Value
- Submission Score
- Target
- Task
- Task Activity
- TWErrorLog
Example:
The SObject Filter Condition object will only need the following fields set to visible:
B. Administrative Permissions
- API Enabled
- Create and Own New Chatter Groups
- Select Files from Salesforce
- Send Outbound Messages
- View All Custom Settings
General Permissions
- Assign Topics
- Convert Leads
- Create Topics
- Edit Opportunity Product Sales Price
- Edit Tasks
- Edit Topics
- Run Reports
C. Object Permissions
Assign the following Read (R), Create (C), Edit (E) or Delete (D) permissions:
- Answers - RCE
- Application Version - R
- Assigned Targets - RCE
- Cascading Levels - R
- Cascading Selects - R
- Cascading Select Values - R
- Client Assignments - RCED
- Devices - RCE
- Field Mappings - R
- Form - RE
- Form Libraries - R
- Form Mappings - R
- Form Versions - RE
- Groups - R
- Jobs - RCE
- Job Activities - RCE
- Members - RCED
- Mobile Money Collection - R
- Mobile Users - RED
- Object Relationship Mappings - RED
- Options - R
- Performance Target - RE
- Poverty-assessment Tools Results - RCE
- Poverty-assessment Tools Tables - R
- Poverty-assessment Tools Table Data sets - R
- Poverty-assessment Tools Table Lines - R
- Questions - RE
- Score Values - R
- Scoring Groups - R
- Skip Conditions - R
- SobjectContactAsociation - RCED
- SObject Filter Associations - R
- Submissions - RCED
- Submission PAT Associations - RCE
- Submission PAT Values - RCE
- Submission Score - RCE
- Targets - R
- Tasks - RCE
- Task Activities - RCE
- TWErrorLog - RCED
D. Apex Class Access
Enable the following classes:
- gfsurveys.ApplicationUpdate
- gfsurveys.CascadingSelectWebService
- gfsurveys.FFSubmitJobs
- gfsurveys.FormDetailsWebService
- gfsurveys.MobileUserLogin
- gfsurveys.MobileUserLogout
- gfsurveys.PerformanceManagementEndpoint
- gfsurveys.QuestionTriggerLogic
- gfsurveys.RemoteActionUtils
- gfsurveys.ResourceDownload
- gfsurveys.SFDCEncoder
- gfsurveys.ScoringWebService
- gfsurveys.SiteUrlRewriter
- gfsurveys.SurveyDistribution
- gfsurveys.SurveyFormList
- gfsurveys.SurveySubmissionService
- gfsurveys.SurveySubmissions
- gfsurveys.SurveyTriggerLogic
- gfsurveys.SurveyVersionTriggerLogic
- gfsurveys.TaroRESTJobTemplates
- gfsurveys.TaroRESTJobTemplatesLogic
- gfsurveys.TaskSelector
- gfsurveys.TWErrorLogDomain
E. Visualforce Page Access
Enable the following pages:
- gfsurveys.DownloadApk
- gfsurveys.RemoteSurveyList
- gfsurveys.SurveyBuilderPreview
- gfsurveys.SurveyPreview
- gfsurveys.formList
F. Permissions by Release
TaroWorks 4.3.X
- Field Level Permissions (Make visible)
- Question_c.ResponseValidation_c (Response Validation field on Question object)
- Question_c.SurveyVersion_c (SurveyVersion field on Question object)
- SurveyMapping_c.SurveyVersion_c (SurveyVersion field on SurveyMapping object)
- SurveyVersion_c.SurveyLibrary_c (SurveyLibrary field on SurveyVersion object)
- Administrative Permissions (Check)
- API Enabled
- Apex Class Access (Enable)
- gfsurveys.QuestionTriggerLogic
- gfsurveys.SurveyVersionTriggerLogic
TaroWorks 4.4.X
- Field Level Permissions (Make visible and editable)
- FieldMapping_c.ScoringGroup_c
- Question_c.IsRepeatInTable_c
- Apex Class Access (Enable)
- gfsurveys.CascadingSelectWebService
TaroWorks 4.5.X
- Custom Field Level Security - make Visible
- Question_c.Hidden_c (Hidden field on Question object)
- Question_c.DynamicOperation_c (Dynamic Operation field on Question object)
- Question_c. DynamicOperationType_c (Dynamic Operation Type field on Question object)
TaroWorks 4.6.X
- Enable Object permissions - Check Create, Delete, Edit, Read
- TWErrorLog__c
- Custom Field Level Security - make Visible (Read and Edit) field level permission
- TWErrorLog__c.ErrorLogName
- TWErrorLog_c.ErrorType_c
- TWErrorLog_c.ErrorMessage_c
- TWErrorLog_c.ErrorCode_c
- TWErrorLog_c.Object_c
- TWErrorLog__c.User
TaroWorks 4.7.X
- No new permissions required
TaroWorks 4.8.X
- No new permissions required
TaroWorks 4.9.X
- No new permissions required
TaroWorks 5.0.X
- No new permissions required
TaroWorks 5.1.X
- No new permissions required
TaroWorks 6.0.X
- Enable Object permissions
- Mobile_Money_Collection__c - Read access
- Client Assignments - Read,Create,Edit and Delete access
- Members - Read,Create,Edit and Delete access
- Mobile User object - Read, Edit and Delete access
- SobjectContactAsociation - Read,Create,Edit and Delete access
- Custom Field Level Security
- Mobile_Money_Collection_c.Collection_ID_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Remote_Transaction_ID_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Organization_c needs (Read) field level permission
- Mobile_Money_Collection_c.Currency_c needs (Read) field level permission
- Mobile_Money_Collection_c.Phone_Number_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Date_of_Collection_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Status_c needs (Read) field level permission
- Mobile_Money_Collection_c.Created_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Author_c needs (Read) field level permission
- Mobile_Money_Collection_c.Modified_c needs (Read) field level permission
- Mobile_Money_Collection_c.Updated_By_c needs (Read) field level permission
- Mobile_Money_Collection_c.Amount_c needs (Read, Edit) field level permission
- Mobile_Money_Collection_c.Reference_c needs (Read) field level permission
- Enable Tabs - Set Default On
-
Mobile Money Collections
-
- Enable Apex Class Access
-
gfsurveys.MobileMoneyCollectionDomain
-
gfsurveys.MobileMoneyCollectionDomainTest
-
gfsurveys.MobileMoneyCollectionSelector
-
gfsurveys.MobileMoneyCollectionSelectorTest
-
gfsurveys.MobileMoneyIntegrationCalloutMock
-
gfsurveys.MobileMoneyIntegrationJobSchedule
-
gfsurveys.MobileMoneyIntegrationJobScheduleTest
-
gfsurveys.MobileMoneyIntegrationProcess
-
gfsurveys.MobileMoneyIntegrationProcessTest
-
gfsurveys.TWErrorLogSelector.cls
-
- Layout Assignment
-
Mobile_Money_Collection__c - Mobile Money Collection Layout
-
TaroWorks 6.1.X
- No new permissions required
TaroWorks 6.2.X
- Enable Object permissions
- TaroWorks_Mobile_User__c - Read access
- Custom Field Level Security
- TaroWorks_Mobile_User__c.Account__c needs (Read, Edit) field level permission
- TaroWorks_Mobile_User__c.Active__c needs (Read,) field level permission
- TaroWorks_Mobile_User__c.Alias__c needs (Read, Edit) field level permission
- TaroWorks_Mobile_User__c.Assigned_Public_Group_IDs__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Assigned_Public_Group_Names__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Assigned_Record_Ids__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Assigned_Record_Objects__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Contact__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Contact_Record_Type__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Email__c needs (Read, Edit) field level permission
- TaroWorks_Mobile_User__c.First_Name__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Language__c needs (Read, Edit) field level permission
- TaroWorks_Mobile_User__c.Last_Login__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Last_Name__c needs (Read, Edit) field level permission
- TaroWorks_Mobile_User__c.License__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Manager__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Mobile__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Phone__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Profile__c needs (Read, Edit) field level permission
- TaroWorks_Mobile_User__c.Profile_Id__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Role__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Salutation__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.User__c needs (Read) field level permission
- TaroWorks_Mobile_User__c.Username__c needs (Read, Edit) field level permission
TaroWorks 6.4.X
- No new permissions required
TaroWorks 6.5.X
- Custom Field Level Security
- Question__c.Test_Dynamic_Operations__c needs (Read, Edit) field level permission
- Question__c.Dynamic_Operation_Test_Data__c needs (Read, Edit) field level permission
TaroWorks 7.0.X
- Administrative Permissions
- View All Custom Settings (Manual upgrade step, but this permission is present when installing (not upgrading) TaroWorks 7.0 into Salesforce)
TaroWorks 7.1.X
- Administrative Permissions
- View All Custom Settings (Manual upgrade step, but this permission is present when installing (not upgrading) TaroWorks 7.0 into Salesforce)
- Enable Object Permissions
- SObjectUserAssociation__c needs Read Access
- Custom Field Level Security
- SObjectUserAssociation__c.AssociatedIds__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.User__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.SObjectFieldApiName__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.Instance__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.NumberOfRecords__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.SObjectApiName__c needs Visible (Read & Edit ) field level permission
- SObjectUserAssociation__c.UniqueKey__c needs Visible (Read & Edit ) field level permission
- Disable Apex Classes
- SObjectUserAssociationSelector
- SObjectUserAssociationDO
- SObjectUserAssociationDOTest
- SObjectUserAssociationTriggerLogic
- SObjectUserAssociationTriggerTest
- SobjectUserAssociationSelectorTest
- BatchToMigrateSObjectContactToUser
- BatchToMigrateSObjectContactToUserTest
- BatchToUpgradeExtistingTMURecordsTest
- BatchToUpgradeExtistingTMURecords
TaroWorks 7.4.X
-
Custom Field Level Security:
- AssignedTarget__c.User_Name__c - needs Visible (Read ) field level permission
- AssignedTarget__c.User__c - needs Visible (Read & Edit ) field level permission
- AssignedTarget__c.List_View_Name__c- needs Visible (Read & Edit ) field level permission
- Question__c.Require_Live_Photo__c - needs Visible (Read & Edit ) field level permission
- Question__c.AllowSelfIntersectingPolygon__c - needs Visible (Read & Edit ) field level permission
- Question__c.AllowTapToCaptureGPSCoordinate__c - needs Visible (Read & Edit ) field level permission
- Question__c.MinimumRequiredArea__c -needs Visible (Read & Edit ) field level permission
- Question__c.MinimumRequiredPerimeter__c - needs Visible (Read & Edit ) field level permission
- Survey__c.RunHiddenDynamicOperations__c - needs Visible (Read ) field level permission
Conclusion
If you ever want to reference what the minimum access requirements are for a front-end TaroWorks Partner user you can revisit this article. For more information you can watch the security webinar we hosted with our customers.
Comments
0 comments
Please sign in to leave a comment.