Apex Code Development You need to sign in to do that
Don't have an account?
ollie123 Sharing a profile across licenses
We have bought licenses for both the unlimited CP users (unlimited logins per month) and the pay-per-login licenses. I believe the first is now referred to as the Enterprise Administrator CP license.
We have a profile set up for CP users, and we want that profile to be used by users with EITHER of these licenses.
As far as I can tell:
- Profiles HAVE to be assigned to ONE license type (why??)
- I cannot Clone a profile and assign the clone to another license type (why??)
The issues here are two-fold:
1. Manually replicating a profile is very very tedious
2. Maintaining two profiles and keeping them identical is going to be VERY difficult, and creates risks of both usability and security issues
The two solutions I can see are:
1. Manually replicate the profile, setting by setting (I suspect this will take many hours).
2. Replicate the profile via Eclipse - is this possible?
Is there a better way?
The inability to use the same profile for different Customer Portal licenses is not AT ALL well thought through.
The reason why profiles have to be assigned to only one license is that a profile is the access control manifestation of a user license. When you clone that profile, you may take away or add permissions up to the maximum extent of the license definition. If you could change license types with each profile, you could grant Modify All Data to a platform profile which doesn't otherwise have access to CRM objects or create a security risk by granting Customize Application to a customer portal profile. When you clone a profile, we carry over the license to ensure that we have a maximum set of allowable permissions.
If I understand your use case properly, a pay-per-login user is the *SAME* as an unlimited CP user, therefore, their profiles should remain synchronized. If this is the case, I would suggest standardizing on one type of license or define the process that differentiates when you use each type of license.
If that is not desirable, you can automate much, though not all, of the profile replication using the metadata api. You'll find the profile definition here http://www.salesforce.com/us/developer/docs/api_meta/Content/meta_profile.htm.
You should be able to do it with the Force.com IDE in Eclipse. First, clone a profile with the correct license. The rest is in Eclipse.
In your project, go to Force.com->Add/Remove Metadata Components, and add the Profiles. You should then be able to copy the XML for the source profile, open the destination profile you cloned a moment ago, paste the XML into this one, and save it.
I think our scenario will be very common with the Customer Portal. There are two licenses, the one for unlimited sign-ins, and the one for per-sign-in. To keep costs manageable, the former needs to be used for users who sign in often (mpre than 2-3 times a month), the latter for users who rarely sign in. For any organisation using the Customer Portal, where users sign in with different frequencies, they will want to do what we are doing - the alternative is wasting money on unnecessary license fees.
I see no reason why the profiles cannot be transferred between license types - if facilities should not be available under a particular license, those facilities should be disabled/removed from the profile when it is transferred.
Salesforce has set things up so that if a customer is using the portal with users who log in with different frequencies and wants to keep costs down using BOTH license types, we have to maintain TWO parallel profiles. There is clearly a strong argument that this in itself is a security risk - a cardinal rule of good software is "don't duplicate" and here, we have to.
It's ugly guys, there are better ways to do this.
https://perm-comparator.herokuapp.com/