We’re talking about the top 3 riskiest misconfigurations on the Salesforce platform. These are all mistakes that we see prospects make when they configure their orgs as part of our 14-day Trial or onboarding process. In this blog post, we’ll talk about what these misconfigurations are and how to avoid them altogether.
1. Configuring duplicate security roles for standard profiles
Salesforce’s standard profiles have a set of permissions assigned to them by default (such as the ability to create records or edit data). These permissions, along with other default profile settings, are usually sufficient for most users. However, it is possible to create additional security roles and assign them to profiles. When this is done incorrectly, Salesforce or Force.com administrators end up with multiple security roles assigned to standard profiles. This in turn results in the same admin being able to complete conflicting tasks (like viewing a record that they should not have access to).
To avoid this issue: when you’ve created a custom security role in your org, ensure that it is unique from the default security roles by making sure that all of its privileges are unique from those already provided by default.
2. Changing the security level of a custom object to something other than “Public”
Salesforce users are not usually trained in the intricacies of Salesforce security. As a result, it’s very common for organizations to have instances where some department has created a custom object and set its visibility to something other than public. This is especially true when organizations have experienced growth, as it’s very common for Salesforce orgs to get bloated with unnecessary objects.
The problem here is that security is not simply a matter of visibility. Salesforce provides you with fine-grained access control based on user profiles, roles and permissions. As a result, blindly changing the security level of an object without taking into account these other factors can lead to situations in which certain users can no longer access certain data.
To avoid this issue: whenever you’re migrating data from another system into Salesforce, create a new custom object and copy the fields over one by one. Once all of the required fields have been copied over, set the visibility to public and then gradually add custom objects as required. This ensures that users will not lose access to any data once it’s migrated into Salesforce.
3. Incorrectly mapping your custom picklist values in Salesforce
As I mentioned earlier, security is a multi-step process in Salesforce. This is because, while your custom picklists are not visible to users, they do have an influence on the security settings of other objects.
One common mistake that organizations make when setting up picklist values is assigning them a visibility more restrictive than “Read”. This is usually done for two reasons: 1) to prevent users from being able to change the values, and 2) to have the ability to re-read all existing records (if data types need to be changed, add a new custom picklist).
To avoid this issue: when you create your custom picklist objects in Salesforce, ensure that you only set their visibility level to “Read”, and ensure that all existing records have been read already (and likely modified accordingly).
That’s the list of 3 common misconfigurations on the Salesforce platform. As always, if you have any questions regarding how to avoid these risks or how to properly configure your orgs, simply reach out to your sales representative or any of your subject matter experts here at