How do I limit visibility of project data?


April 6, 2017 by Brandi Johnson

While visibility is one of the biggest benefits of an integrated project management system, there may be some project information that you want to track that not everyone should see. Whether it’s financial information, like profitability,  prioritization (nobody likes to see in black and white that their project is a low priority), or even some projects as a whole (like an M&A evaluation) we understand that there are some components to your project management that need limited visibility.

There are several ways that you can control what people see in your projects in Cloud Coach – all using native Salesforce functionality. 

Field-Level Security:

With field-level security, you can manage the visibility and editing of individual fields within a project, phase or task. You can set a field to be visible, read-only, or have read-write access based on permission sets and profiles.

You can define field-level security for multiple fields with a single permission set or profile, or for a single field on all profiles.

After you set field-level security you can edit your page layout to organize the fields. We also recommend you verify user’s access by checking the field accessibility.

When should I use field-level security?

Field level security is used most frequently when there are just small segments of information that you don’t want visible on a project to the full project team (like financial details).

It’s also useful if you want the team to see the information, but not to be able to edit it. You may want the team to be able to see who requested the project, but not make changes.

 

Permission Sets

Permission sets are one of the most common security features in Salesforce. They allow you to grant specific permissions and settings at the user level. Unlike profiles, users can have multiple permission sets giving you a great deal of flexibility in controlling who can see and do what with your projects.

In a permission set you can set:

  • Custom object permissions (Cloud Coach projects, tasks, and more are all custom object permissions)
  • Custom field permissions
  • Custom permissions
  • Apex class access
  • Visualforce page access

When should I use a permission set? 

Because of the flexibility of permission sets, we often recommend using permission sets to control things like:

  • Who can create and delete projects
  • Who can create and delete project tasks
  • Who can create or manage project expenses (Enterprise and Ultimate)
  • Who can create, manage or delete retainers (Enterprise and Ultimate)

Role Hierarchy Access

If your company uses role hierarchies, you can also apply those settings to sharing your projects. With Role Hierarchy access, users that have a role above the record owner in the hierarchy have visibility into those records as well. However, the role hierarchy does not override object access and profile permissions, so if a user’s profile does not allow them to perform an action, their role in the hierarchy will not either.

When would I use role hierarchy access?

Role hierarchy access is useful when your management team needs visibility into what their team is doing. For example, a Director of Customer Success would need to see all of the projects that their Customer Success Managers are running. With role hierarchy access, they could see these projects, report on them, and even manage them (if they needed to), without the other Customer Success Managers having visibility into their peer’s work.

Sharing Rules and Manual Sharing

The last types of Salesforce security we’ll talk about today is sharing rules and manual sharing. With sharing rules, you can get very creative about how record access is granted to others. It can be based on their role, public group membership, or manager groups. Sharing rules allow you to extend visibility beyond role hierarchy access. Manual sharing gives you the power to make decisions about each individual record. In order to use manual sharing, you must be using Organization-Wide Defaults (OWDs). You can learn more about setting and using OWDs here.

There are many other Salesforce security settings, including Organization-Wide Defaults, Manager Group Access, and Record Access that you can use to control visibility of your projects. Since Cloud Coach is 100% native on Salesforce, your project security can be as complex or as simple as your business requires.

Get started today (for free) with Cloud Coach Milestones.