You need to sign in to do that
Don't have an account?
maddy27
Prevent access to custom profile
Hi ,
I have following requirement where we have a custom Profile(SystemSupport) which is similar to System Admin profile.
I need to make sure following access should be disabled for a SystemSupport profile user.
1. Prevent from adding new user.
2. Prevent user from deploying the changes.
3.Prevent user from making any metadata changes(wf/validation rule/flows etc)
Please let me know the right approach for this change.
Thanks in advance.
I have following requirement where we have a custom Profile(SystemSupport) which is similar to System Admin profile.
I need to make sure following access should be disabled for a SystemSupport profile user.
1. Prevent from adding new user.
2. Prevent user from deploying the changes.
3.Prevent user from making any metadata changes(wf/validation rule/flows etc)
Please let me know the right approach for this change.
Thanks in advance.
> Try removing create access on User object
2. Prevent user from deploying the changes.
> The “API Enabled” and “Modify All Data” [...] are required to access Metadata API calls. You need to disable those. See this post to learn more
3.Prevent user from making any metadata changes(wf/validation rule/flows etc)
> Same as above
Let me know if it helps
All Answers
> Try removing create access on User object
2. Prevent user from deploying the changes.
> The “API Enabled” and “Modify All Data” [...] are required to access Metadata API calls. You need to disable those. See this post to learn more
3.Prevent user from making any metadata changes(wf/validation rule/flows etc)
> Same as above
Let me know if it helps
I have made following changes
1.Prevent user to create Users
Under System Permission –
Manage Users:
Create, edit, and deactivate users, and manage security settings, including profiles and roles.
2. Prevent User to deploy changes
Under System Permission –
1. Modify Metadata Through Metadata API Functions:
Create, read, edit, and delete org metadata. Users must have appropriate access rights to the metadata they're trying to modify. Be careful if delegating this permission. Some metadata executes in system context, when object permissions, field-level security, and sharing rules that apply to the user are ignored. For example, Apex executes in system context.
2. Modify All Data:
Create, edit, and delete all organization data, regardless of sharing settings.
3. Deploy Change Sets:
Deploy inbound change sets.
4. API Enabled:
Access any Salesforce.com API.
5. Allow user to modify Private Connections:
Allow users to modify Private Connections through the Metadata, Tooling, and Connect APIs.
Let me know how it looks.
What if i need to the system support user to login as other user to troubleshoot any issues.
I would need Login access to login as other user without giving create new user access.
Is it possible?