function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
BARBAR 

Best Practices when remotely customizing Salesforce for a client

What are the best practices to follow when remotely customizing Salesforce for a client --- to assure them that the integrity of their data/code will not be compromised?  For example, if the client requests a new Visualforce page that pulls data from custom objects, the developer will need to access those objects (as well as any associated validation rules, workflows, etc.)

 

How is this situation typically handled?  Does the client grant sys admin access to one of their Sandbox accounts?  How are customizations deployed and tested in the Production environment?

 

Sorry if this question was posted in the wrong forum --- I wasn't sure where it belonged.

 

Thanks,

Barb

Best Answer chosen by Admin (Salesforce Developers) 
Yogesh BadweYogesh Badwe

a developer or configuration-only sandbox might be a good option in that case. I am not sure if there are any documented best-practices for this but since development will require "modify-all data" perm on sandbox and your developers won't have that on production, I will be extra careful provisioning user accounts for developers. Ideally create new sandbox-only users for sandbox development...

All Answers

Yogesh BadweYogesh Badwe

Bar,

 

The best thing to do in this case would be to develop in another free DE Org and then have a production admin install it in production.

 

Check out this thread:

http://boards.developerforce.com/t5/Security/Seperation-of-access-to-code-and-production-data/m-p/229319#M509

 

Hope it helps!

 

Yogesh Badwe
BARBAR

Thanks Yogesh... but how do you replicate the client's org in your developer account so that you will have access to the client's custom fields, objects, etc.?
Yogesh BadweYogesh Badwe

a developer or configuration-only sandbox might be a good option in that case. I am not sure if there are any documented best-practices for this but since development will require "modify-all data" perm on sandbox and your developers won't have that on production, I will be extra careful provisioning user accounts for developers. Ideally create new sandbox-only users for sandbox development...

This was selected as the best answer
BARBAR

Thanks, Yogesh