Introduction
Prior to TaroWorks 4.8, Salesforce security access was only validated on the inbound sync from the TaroWorks mobile app to Salesforce. Now in TaroWorks 4.8, all Salesforce security settings will be taken into consideration for both inbound and outbound syncing of data. This means mobile users will only see records that they have permission to read, regardless of the records that have been assigned on mobile record assignment. You should review your security settings to ensure that your mobile users do not lose access to specific records (record level access), or receive a sync error (object and field level access) on upgrade.
- A. Object Level Access - If your mobile users are currently being synced records from any objects that they are not also writing to, you may need to take action to prevent sync error after upgrade.
- B. Record Level Access - If your organization has any objects marked private in your sharing settings for the external default, you may need to take action to have your mobile users continue to be synced those records out of Salesforce to TaroWorks.
- C. Field Level Access - If your mobile users are currently being synced field values from any field that they are not also writing to, you may need to take action to prevent sync error after upgrade.
A. Object Level Access (Permission Sets and Profiles)
A TaroWorks mobile user will require read access on their security profile to all objects in the drill-down hierarchies of the TaroWorks Jobs they've been assigned. To prevent sync errors on upgrade, you should review the TaroWorks Partner User profile (or any customer profiles their mobile users are using), and validate that "Read" is checked for the relevant objects. Error 00007 will be thrown if a mobile user does not have the permissions required for their Jobs. Note that the mobile users also require create and edit access to objects in order to create or update records, but that is unchanged in TaroWorks 4.8.
- Go to Setup> Profiles.
- Click Edit next to profile the mobile user is assigned to.
- Under Custom Object Permissions, ensure that the user has at least "Read", permissions for the objects they need to pull information from out of Salesforce. If the user is assigned Jobs where they are generating records in an object, they'll need "Create" access. If they are updating records in an object, they'll need "Edit" permissions.
B. Record Level Access (Sharing Settings)
In your organization-wide defaults you can each object to be public or private both internally and externally. The setting that impacts your TaroWorks mobile users' experience is under Default External Access. For any object that is not marked private, no action is required. For objects that are marked as private for the external access, the mobile users will not receive any records in that object that they don't own, users below them in the role hierarchy own, or an explicit sharing rule has been created to give them access.
For Partner users, there can be up to 3 roles in the hierarchy: Partner, Manager, and Executive. Those in the Executive role will have access to records they themselves own, and those that any Managers and Partners own. Those in the Manager role will have access to records they own and those that anyone in the Partner role own. Those in the Partner role will only have access to the records they own.
You can grant additional access and override the Private setting for particular records and users by setting up sharing rules.
- Go to Setup > Administer > Security Controls > Sharing Settings.
- In the Default External Access column, check for any objects marked Private. If no objects are marked private, no action is necessary.
- If you want to grant your mobile users access to all records in the object, you can create a sharing rule that gives all users having the TaroWorks Partner User Profile access to all records in the object with a criteria-based rule. To do this scroll down to Sharing Rules and click New next to your private object to create the rule.
C. Field Level Access (Permission Sets and Profiles)
A TaroWorks mobile user will require read access on their security profile to all selected fields in the drill-down hierarchies of the TaroWorks Jobs they've been assigned. To prevent sync errors on upgrade, you should review the TaroWorks Partner User profile (or any customer profiles their mobile users are using), and validate that "Read" is checked for the relevant objects. Error 00008 will be thrown if a mobile user does not have the permissions required for their Jobs. Note that the mobile users also require visibility to fields in order to create or update these values, but that is unchanged in TaroWorks 4.8.
- Go the Setup > Objects.
- Click on the object name that the field belongs to.
- Click on the field name.
- Click Set Field-Level Security.
- Ensure the checkbox "visible" next to the user profile is marked as below.
Comments
0 comments
Please sign in to leave a comment.