Skip to end of banner
Go to start of banner

Development Team Data Access Policy

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

//This policy describes the process by which Vertic manages the data access for any development team member for the purposes of protecting client transactional data.

ITEM

DESCRIPTION

NOTES

Development User

A user specifically for development use to be provisioned for development activities.

Development Profile

  • Profiles in Salesforce define a user's access rights and permissions. Each user is assigned to a profile, and the profile determines what objects and fields the user can access.

  • Review and customize profiles to restrict access to sensitive data. Limit the visibility and editability of certain fields and objects based on job roles.

Data Export from reports and standard export feature to be deactivated.

Deactivate Modify All Data.

Deactivate Modify All at object level for sensitive objects.

Sandbox Management & Deployment Process

Salesforce sandboxes are used to develop new features for release.

A deployment process can be defined depending on the make up of the organisation’s sandboxes to ensure access to data is protected.

With access to a full sandbox, data needs to be protected in this environment too.

Development sandboxes deploy to UAT sandbox.

Approved user deploys to full sandbox for business testing.

Approved user deploys approved featured from full to production.

Login Hours & IP Ranges

  • Specify login hours and IP ranges to control when and from where users can access Salesforce.

Recommended for environments with data to control when they can be accessed.

Field Level Security

  • FLS allows you to control whether fields are visible or read-only on page layouts for different profiles.

  • Use FLS to hide sensitive fields or make them read-only for certain profiles.

Dependent on Development User and Development Profile being provisioned.

Turn off access to all fields which are not required from a development perspective with particular focus on fields which contain sensitive data.

Permission Sets

  • Permission sets are additional permissions that can be assigned to users in addition to their profiles. This allows for more granular control over access without changing the entire profile.

  • Create permission sets that grant additional access to specific objects or features only for users who need them.

Recommended to increase permissions of the Development Profile for fixed periods of time (eg. monthly releases).

Roles

  • Roles in Salesforce define a user's position in the hierarchy of the organization. They are crucial for controlling access to records through role hierarchies.

  • Restrict access by setting up role hierarchies and defining the level of access each role has to data. Ensure that only necessary records are visible based on a user's role.

Organisation Wide Defaults

  • OWD settings determine the default level of access users have to records. Review and adjust OWD settings to control access at the object level.

  • Consider using private sharing models for sensitive data and sharing rules or manual sharing for exceptions.

Lock down sensitive areas of data at the object level.

Record Types

  • Record types enable you to define different sets of picklist values and page layouts for different business processes.

  • Use record types to control which users can create records of a certain type, providing more control over data access.

Apex Managed Sharing

  • For complex sharing scenarios, use Apex Managed Sharing to programmatically share records based on specific criteria.

  • This allows for custom logic to be applied to determine record access.

  • No labels